Mercurial > hg > nginx-tests

view mail_proxy_protocol.t @ 1961:fe6f22da53ec default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Tests: tests for usage of discarded body. The client_max_body_size limit should be ignored when the request body is already discarded. In HTTP/1.x, this is done by checking the r->discard_body flag when the body is being discarded, and because r->headers_in.content_length_n is 0 when it's already discarded. This, however, does not happen with HTTP/2 and HTTP/3, and therefore "error_page 413" does not work without relaxing the limit. Further, with proxy_pass, r->headers_in.content_length_n is used to determine length of the request body, and therefore is not correct if discarding of the request body isn't yet complete. While discarding the request body, r->headers_in.content_length_n contains the rest of the body to discard (or, in case of chunked request body, the rest of the current chunk to discard). Similarly, the $content_length variable uses r->headers_in.content_length if available, and also incorrect. The $content_length variable is used when proxying with fastcgi_pass, grpc_pass, and uwsgi_pass (scgi_pass uses the value calculated based on the actual request body buffers, and therefore works correctly).
author Maxim Dounin <mdounin@mdounin.ru>
date Sat, 27 Apr 2024 18:55:50 +0300
parents 5ac6efbe5552
children
line wrap: on
line source

#!/usr/bin/perl

# (C) Sergey Kandaurov
# (C) Nginx, Inc.

# Tests for mail proxy module, PROXY protocol with realip.

###############################################################################

use warnings;
use strict;

use Test::More;

use MIME::Base64;

BEGIN { use FindBin; chdir($FindBin::Bin); }

use lib 'lib';
use Test::Nginx;
use Test::Nginx::SMTP;

###############################################################################

select STDERR; $| = 1;
select STDOUT; $| = 1;

local $SIG{PIPE} = 'IGNORE';

my $t = Test::Nginx->new()->has(qw/mail smtp http rewrite/)
	->write_file_expand('nginx.conf', <<'EOF');

%%TEST_GLOBALS%%

daemon off;

events {
}

mail {
    proxy_pass_error_message  on;
    proxy_timeout             15s;
    proxy_smtp_auth           on;
    proxy_protocol            on;
    auth_http  http://127.0.0.1:8080/mail/auth;
    smtp_auth  login plain;

    server {
        listen    127.0.0.1:8025 proxy_protocol;
        protocol  smtp;

        auth_http_header  X-Type proxy;
    }

    server {
        listen    127.0.0.1:8027 proxy_protocol;
        protocol  smtp;

        set_real_ip_from  127.0.0.1/32;
        auth_http_header  X-Type realip;
    }
}

http {
    %%TEST_GLOBALS_HTTP%%

    server {
        listen       127.0.0.1:8080;
        server_name  localhost;

        location = /mail/auth {
            set $reply ERROR;
            set $test $http_x_type:$http_client_ip:$http_proxy_protocol_addr;

            if ($test = proxy:127.0.0.1:192.0.2.1) {
                set $reply OK;
            }

            if ($test = realip:192.0.2.1:192.0.2.1) {
                set $reply OK;
            }

            add_header Auth-Status $reply;
            add_header Auth-Server 127.0.0.1;
            add_header Auth-Port %%PORT_8026%%;
            add_header Auth-Wait 1;
            return 204;
        }
    }
}

EOF

$t->run_daemon(\&Test::Nginx::SMTP::smtp_test_daemon);
$t->run()->plan(8);

$t->waitforsocket('127.0.0.1:' . port(8026));

###############################################################################

# connection with PROXY protocol

my $s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8025));
$s->send('PROXY TCP4 192.0.2.1 192.0.2.2 123 5678');
$s->check(qr/^220 /, "greeting with proxy_protocol");

$s->send('EHLO example.com');
$s->check(qr/^250 /, "ehlo with proxy_protocol");

$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", ''));
$s->authok('auth with proxy_protocol');

$s->send('XPROXY');
$s->check(qr/^211 PROXY TCP4 127.0.0.1 127.0.0.1 \d+ \d+/,
	'proxy protocol to backend');

# connection with PROXY protocol and set_realip_from

$s = Test::Nginx::SMTP->new(PeerAddr => '127.0.0.1:' . port(8027));

$s->send('PROXY TCP4 192.0.2.1 192.0.2.2 123 5678');
$s->check(qr/^220 /, "greeting with proxy_protocol and realip");

$s->send('EHLO example.com');
$s->check(qr/^250 /, "ehlo with proxy_protocol and realip");

$s->send('AUTH PLAIN ' . encode_base64("\0test\@example.com\0secret", ''));
$s->authok('auth with proxy_protocol and realip');

$s->send('XPROXY');
$s->check(qr/^211 PROXY TCP4 192.0.2.1 127.0.0.1 \d+ \d+/,
	'proxy_protocol to backend and realip');

###############################################################################