Mercurial > hg > nginx-tests

comparison h2_ssl_proxy_protocol.t @ 1899:a0ee073760c5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: updated HTTP/2 tests with invalid PROXY protocol. Connection close is now expected prior to sending any HTTP/2 frames from the upper layer, similar to existing behaviour over HTTPS.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 31 May 2023 13:29:31 +0400
parents h2_proxy_protocol.t@882267679006
children
comparison
equal deleted inserted replaced
1898:26252394dd58 1899:a0ee073760c5
1 #!/usr/bin/perl
2
3 # (C) Sergey Kandaurov
4 # (C) Nginx, Inc.
5
6 # Tests for HTTP/2 protocol with proxy_protocol.
7
8 ###############################################################################
9
10 use warnings;
11 use strict;
12
13 use Test::More;
14
15 use Socket qw/ CRLF /;
16
17 BEGIN { use FindBin; chdir($FindBin::Bin); }
18
19 use lib 'lib';
20 use Test::Nginx;
21 use Test::Nginx::HTTP2;
22
23 ###############################################################################
24
25 select STDERR; $| = 1;
26 select STDOUT; $| = 1;
27
28 my $t = Test::Nginx->new()
29 ->has(qw/http http_ssl http_v2 realip socket_ssl_alpn/)
30 ->has_daemon('openssl')->plan(3);
31
32 $t->write_file_expand('nginx.conf', <<'EOF');
33
34 %%TEST_GLOBALS%%
35
36 daemon off;
37
38 events {
39 }
40
41 http {
42 %%TEST_GLOBALS_HTTP%%
43
44 server {
45 listen 127.0.0.1:8080 proxy_protocol http2 ssl;
46 server_name localhost;
47
48 ssl_certificate_key localhost.key;
49 ssl_certificate localhost.crt;
50
51 location /pp {
52 set_real_ip_from 127.0.0.1/32;
53 real_ip_header proxy_protocol;
54 alias %%TESTDIR%%/t.html;
55 add_header X-PP $remote_addr;
56 }
57 }
58 }
59
60 EOF
61
62 $t->write_file('openssl.conf', <<EOF);
63 [ req ]
64 default_bits = 2048
65 encrypt_key = no
66 distinguished_name = req_distinguished_name
67 [ req_distinguished_name ]
68 EOF
69
70 my $d = $t->testdir();
71
72 foreach my $name ('localhost') {
73 system('openssl req -x509 -new '
74 . "-config $d/openssl.conf -subj /CN=$name/ "
75 . "-out $d/$name.crt -keyout $d/$name.key "
76 . ">>$d/openssl.out 2>&1") == 0
77 or die "Can't create certificate for $name: $!\n";
78 }
79
80 $t->write_file('t.html', 'SEE-THIS');
81
82 open OLDERR, ">&", \*STDERR; close STDERR;
83 $t->run();
84 open STDERR, ">&", \*OLDERR;
85
86 ###############################################################################
87
88 my $proxy = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF;
89 my $sock = http($proxy, start => 1);
90 http('', start => 1, socket => $sock, SSL => 1, SSL_alpn_protocols => ['h2']);
91
92 SKIP: {
93 skip 'no ALPN negotiation', 2 unless $sock->alpn_selected();
94
95 my $s = Test::Nginx::HTTP2->new(undef, socket => $sock);
96 my $sid = $s->new_stream({ path => '/pp' });
97 my $frames = $s->read(all => [{ sid => $sid, fin => 1 }]);
98
99 my ($frame) = grep { $_->{type} eq "HEADERS" } @$frames;
100 ok($frame, 'PROXY HEADERS frame');
101 is($frame->{headers}->{'x-pp'}, '192.0.2.1', 'PROXY remote addr');
102
103 }
104
105 $sock->close();
106
107 # invalid PROXY protocol string
108
109 $proxy = 'BOGUS TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF;
110 ok(!http($proxy), 'PROXY invalid protocol');
111
112 ###############################################################################