Mercurial > hg > nginx-tests
comparison stream_upstream_zone_ssl.t @ 560:f3434de79a7f
Tests: upstream zone tests with ssl backend.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 23 Apr 2015 14:01:22 +0300 |
parents | |
children | ca74dc9abd1a |
comparison
equal
deleted
inserted
replaced
559:9208d8243926 | 560:f3434de79a7f |
---|---|
1 #!/usr/bin/perl | |
2 | |
3 # (C) Sergey Kandaurov | |
4 # (C) Nginx, Inc. | |
5 | |
6 # Stream tests for upstream zone with ssl backend. | |
7 | |
8 ############################################################################### | |
9 | |
10 use warnings; | |
11 use strict; | |
12 | |
13 use Test::More; | |
14 | |
15 BEGIN { use FindBin; chdir($FindBin::Bin); } | |
16 | |
17 use lib 'lib'; | |
18 use Test::Nginx; | |
19 | |
20 ############################################################################### | |
21 | |
22 select STDERR; $| = 1; | |
23 select STDOUT; $| = 1; | |
24 | |
25 my $t = Test::Nginx->new()->has(qw/stream stream_ssl http http_ssl/) | |
26 ->has(qw/stream_upstream_zone/)->has_daemon('openssl')->plan(8); | |
27 | |
28 $t->write_file_expand('nginx.conf', <<'EOF'); | |
29 | |
30 %%TEST_GLOBALS%% | |
31 | |
32 daemon off; | |
33 | |
34 events { | |
35 } | |
36 | |
37 stream { | |
38 proxy_ssl on; | |
39 proxy_ssl_session_reuse on; | |
40 | |
41 upstream u { | |
42 zone u 32k; | |
43 server 127.0.0.1:8087; | |
44 } | |
45 | |
46 upstream u2 { | |
47 zone u; | |
48 server 127.0.0.1:8087 backup; | |
49 server 127.0.0.1:8088 down; | |
50 } | |
51 | |
52 server { | |
53 listen 127.0.0.1:8080; | |
54 proxy_pass u; | |
55 proxy_ssl_session_reuse off; | |
56 } | |
57 | |
58 server { | |
59 listen 127.0.0.1:8081; | |
60 proxy_pass u; | |
61 } | |
62 | |
63 server { | |
64 listen 127.0.0.1:8082; | |
65 proxy_pass u2; | |
66 proxy_ssl_session_reuse off; | |
67 } | |
68 | |
69 server { | |
70 listen 127.0.0.1:8083; | |
71 proxy_pass u2; | |
72 } | |
73 } | |
74 | |
75 http { | |
76 %%TEST_GLOBALS_HTTP%% | |
77 | |
78 server { | |
79 listen 127.0.0.1:8087 ssl; | |
80 | |
81 ssl_certificate_key localhost.key; | |
82 ssl_certificate localhost.crt; | |
83 ssl_session_cache builtin; | |
84 | |
85 location / { | |
86 add_header X-Session $ssl_session_reused; | |
87 } | |
88 } | |
89 } | |
90 | |
91 EOF | |
92 | |
93 $t->write_file('openssl.conf', <<EOF); | |
94 [ req ] | |
95 default_bits = 2048 | |
96 encrypt_key = no | |
97 distinguished_name = req_distinguished_name | |
98 [ req_distinguished_name ] | |
99 EOF | |
100 | |
101 $t->write_file('index.html', ''); | |
102 | |
103 my $d = $t->testdir(); | |
104 | |
105 foreach my $name ('localhost') { | |
106 system('openssl req -x509 -new ' | |
107 . "-config '$d/openssl.conf' -subj '/CN=$name/' " | |
108 . "-out '$d/$name.crt' -keyout '$d/$name.key' " | |
109 . ">>$d/openssl.out 2>&1") == 0 | |
110 or die "Can't create certificate for $name: $!\n"; | |
111 } | |
112 | |
113 $t->run(); | |
114 | |
115 ############################################################################### | |
116 | |
117 like(http_get('/', socket => getconn('127.0.0.1:8080')), | |
118 qr/200 OK.*X-Session: \./s, 'ssl'); | |
119 like(http_get('/', socket => getconn('127.0.0.1:8081')), | |
120 qr/200 OK.*X-Session: \./s, 'ssl 2'); | |
121 | |
122 like(http_get('/', socket => getconn('127.0.0.1:8080')), | |
123 qr/200 OK.*X-Session: \./s, 'ssl reuse session'); | |
124 like(http_get('/', socket => getconn('127.0.0.1:8081')), | |
125 qr/200 OK.*X-Session: r/s, 'ssl reuse session 2'); | |
126 | |
127 like(http_get('/', socket => getconn('127.0.0.1:8082')), | |
128 qr/200 OK.*X-Session: \./s, 'ssl backup'); | |
129 like(http_get('/', socket => getconn('127.0.0.1:8083')), | |
130 qr/200 OK.*X-Session: \./s, 'ssl backup 2'); | |
131 | |
132 like(http_get('/', socket => getconn('127.0.0.1:8082')), | |
133 qr/200 OK.*X-Session: \./s, 'ssl reuse session backup'); | |
134 like(http_get('/', socket => getconn('127.0.0.1:8083')), | |
135 qr/200 OK.*X-Session: r/s, 'ssl reuse session backup 2'); | |
136 | |
137 ############################################################################### | |
138 | |
139 sub getconn { | |
140 my $peer = shift; | |
141 my $s = IO::Socket::INET->new( | |
142 Proto => 'tcp', | |
143 PeerAddr => $peer || '127.0.0.1:8080' | |
144 ) | |
145 or die "Can't connect to nginx: $!\n"; | |
146 | |
147 return $s; | |
148 } | |
149 | |
150 ############################################################################### |