Mercurial > hg > nginx-tests
comparison proxy_protocol_server.t @ 1527:7676944968c1
Tests: proxy protocol server variables.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 24 Oct 2019 15:00:30 +0300 |
| parents | |
| children | 5ac6efbe5552 |
comparison
equal
deleted
inserted
replaced
| 1526:b3bbb59dc324 | 1527:7676944968c1 |
|---|---|
| 1 #!/usr/bin/perl | |
| 2 | |
| 3 # (C) Sergey Kandaurov | |
| 4 # (C) Nginx, Inc. | |
| 5 | |
| 6 # Tests for haproxy protocol. | |
| 7 | |
| 8 ############################################################################### | |
| 9 | |
| 10 use warnings; | |
| 11 use strict; | |
| 12 | |
| 13 use Test::More; | |
| 14 | |
| 15 use Socket qw/ CRLF /; | |
| 16 | |
| 17 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
| 18 | |
| 19 use lib 'lib'; | |
| 20 use Test::Nginx; | |
| 21 | |
| 22 ############################################################################### | |
| 23 | |
| 24 select STDERR; $| = 1; | |
| 25 select STDOUT; $| = 1; | |
| 26 | |
| 27 my $t = Test::Nginx->new()->has(qw/http access realip/); | |
| 28 | |
| 29 $t->write_file_expand('nginx.conf', <<'EOF'); | |
| 30 | |
| 31 %%TEST_GLOBALS%% | |
| 32 | |
| 33 daemon off; | |
| 34 | |
| 35 events { | |
| 36 } | |
| 37 | |
| 38 http { | |
| 39 %%TEST_GLOBALS_HTTP%% | |
| 40 | |
| 41 log_format pp $remote_addr:$remote_port; | |
| 42 | |
| 43 add_header X-IP $remote_addr!$remote_port; | |
| 44 add_header X-PP $proxy_protocol_addr!$proxy_protocol_port; | |
| 45 add_header X-PPS $proxy_protocol_server_addr!$proxy_protocol_server_port; | |
| 46 | |
| 47 server { | |
| 48 listen 127.0.0.1:8080 proxy_protocol; | |
| 49 server_name localhost; | |
| 50 | |
| 51 set_real_ip_from 127.0.0.1/32; | |
| 52 | |
| 53 location /pp { | |
| 54 real_ip_header proxy_protocol; | |
| 55 error_page 404 =200 /t1; | |
| 56 | |
| 57 location /pp_4 { | |
| 58 deny 192.0.2.1/32; | |
| 59 access_log %%TESTDIR%%/pp4.log pp; | |
| 60 } | |
| 61 | |
| 62 location /pp_6 { | |
| 63 deny 2001:DB8::1/128; | |
| 64 access_log %%TESTDIR%%/pp6.log pp; | |
| 65 } | |
| 66 } | |
| 67 | |
| 68 location / { } | |
| 69 } | |
| 70 } | |
| 71 | |
| 72 EOF | |
| 73 | |
| 74 $t->write_file('t1', 'SEE-THIS'); | |
| 75 $t->try_run('no proxy_protocol_server_addr')->plan(24); | |
| 76 | |
| 77 ############################################################################### | |
| 78 | |
| 79 my $tcp4 = 'PROXY TCP4 192.0.2.1 192.0.2.2 123 567' . CRLF; | |
| 80 my $tcp6 = 'PROXY TCP6 2001:Db8::1 2001:Db8::2 123 567' . CRLF; | |
| 81 my $unk1 = 'PROXY UNKNOWN' . CRLF; | |
| 82 my $unk2 = 'PROXY UNKNOWN 1 2 3 4 5 6' . CRLF; | |
| 83 my $r; | |
| 84 | |
| 85 # no realip, just PROXY header parsing | |
| 86 | |
| 87 $r = pp_get('/t1', $tcp4); | |
| 88 like($r, qr/SEE-THIS/, 'tcp4 request'); | |
| 89 like($r, qr/X-PP: 192.0.2.1!123\x0d/, 'tcp4 proxy'); | |
| 90 like($r, qr/X-PPS: 192.0.2.2!567\x0d/, 'tcp4 proxy server'); | |
| 91 unlike($r, qr/X-IP: (192.0.2.1|[^!]+!123\x0d)/, 'tcp4 client'); | |
| 92 | |
| 93 $r = pp_get('/t1', $tcp6); | |
| 94 like($r, qr/SEE-THIS/, 'tcp6 request'); | |
| 95 like($r, qr/X-PP: 2001:DB8::1!123\x0d/i, 'tcp6 proxy'); | |
| 96 like($r, qr/X-PPS: 2001:DB8::2!567\x0d/i, 'tcp6 proxy server'); | |
| 97 unlike($r, qr/X-IP: (2001:DB8::1|[^!]+!123\x0d)/i, 'tcp6 client'); | |
| 98 | |
| 99 $r = pp_get('/t1', $unk1); | |
| 100 like($r, qr/SEE-THIS/, 'unknown request 1'); | |
| 101 like($r, qr/X-PP: !\x0d/, 'unknown proxy 1'); | |
| 102 like($r, qr/X-PPS: !\x0d/, 'unknown proxy server 1'); | |
| 103 | |
| 104 $r = pp_get('/t1', $unk2); | |
| 105 like($r, qr/SEE-THIS/, 'unknown request 2'); | |
| 106 like($r, qr/X-PP: !\x0d/, 'unknown proxy 2'); | |
| 107 like($r, qr/X-PPS: !\x0d/, 'unknown proxy server 2'); | |
| 108 | |
| 109 # realip | |
| 110 | |
| 111 $r = pp_get('/pp', $tcp4); | |
| 112 like($r, qr/SEE-THIS/, 'tcp4 request realip'); | |
| 113 like($r, qr/X-PP: 192.0.2.1!123\x0d/, 'tcp4 proxy realip'); | |
| 114 like($r, qr/X-IP: 192.0.2.1!123\x0d/, 'tcp4 client realip'); | |
| 115 | |
| 116 $r = pp_get('/pp', $tcp6); | |
| 117 like($r, qr/SEE-THIS/, 'tcp6 request realip'); | |
| 118 like($r, qr/X-PP: 2001:DB8::1!123\x0d/i, 'tcp6 proxy realip'); | |
| 119 like($r, qr/X-IP: 2001:DB8::1!123\x0d/i, 'tcp6 client realip'); | |
| 120 | |
| 121 # access | |
| 122 | |
| 123 $r = pp_get('/pp_4', $tcp4); | |
| 124 like($r, qr/403 Forbidden/, 'tcp4 access'); | |
| 125 | |
| 126 $r = pp_get('/pp_6', $tcp6); | |
| 127 like($r, qr/403 Forbidden/, 'tcp6 access'); | |
| 128 | |
| 129 # client address in access.log | |
| 130 | |
| 131 $t->stop(); | |
| 132 | |
| 133 is($t->read_file('pp4.log'), "192.0.2.1:123\n", 'tcp4 log'); | |
| 134 is($t->read_file('pp6.log'), "2001:db8::1:123\n", 'tcp6 log'); | |
| 135 | |
| 136 ############################################################################### | |
| 137 | |
| 138 sub pp_get { | |
| 139 my ($url, $proxy) = @_; | |
| 140 return http($proxy . <<EOF); | |
| 141 GET $url HTTP/1.0 | |
| 142 Host: localhost | |
| 143 | |
| 144 EOF | |
| 145 } | |
| 146 | |
| 147 ############################################################################### |