Mercurial > hg > nginx-tests
annotate ssl_proxy_protocol.t @ 605:a77f19282f63
Tests: switched to using headers to test variables in userid.t.
Tests might behave incorrectly due to the delay in writing to log.
Made tests stricter for different endianness. While here, improved style.
author | Andrey Zelenkov <zelenkov@nginx.com> |
---|---|
date | Thu, 11 Jun 2015 20:56:19 +0300 |
parents | cc722d0c557d |
children | adf5671391ac |
rev | line source |
---|---|
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with haproxy protocol. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ CRLF /; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { require IO::Socket::SSL; }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
32 my $t = Test::Nginx->new()->has(qw/http http_ssl access ipv6 realip/) |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 ->has_daemon('openssl'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 $t->write_file_expand('nginx.conf', <<'EOF')->plan(18); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 %%TEST_GLOBALS%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 daemon off; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 events { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 http { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 %%TEST_GLOBALS_HTTP%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 log_format pp '$remote_addr $request'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
50 listen 127.0.0.1:8080 proxy_protocol ssl; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name localhost; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key localhost.key; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate localhost.crt; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 set_real_ip_from 127.0.0.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 add_header X-IP $remote_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 add_header X-PP $proxy_protocol_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 location /pp { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 real_ip_header proxy_protocol; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 error_page 404 =200 /t1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 access_log %%TESTDIR%%/pp.log pp; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /pp_4 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 deny 192.0.2.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 location /pp_6 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 deny 2001:DB8::1/128; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
79 default_bits = 2048 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
89 . "-config '$d/openssl.conf' -subj '/CN=$name/' " |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
90 . "-out '$d/$name.crt' -keyout '$d/$name.key' " |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->write_file('t1', 'SEE-THIS'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 $t->run(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 my $tcp4 = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $tcp6 = 'PROXY TCP6 2001:Db8::1 2001:Db8::2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my $unk1 = 'PROXY UNKNOWN' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 my $unk2 = 'PROXY UNKNOWN 1 2 3 4 5 6' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 my $r; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 # no realip, just PROXY header parsing |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 $r = pp_get('/t1', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 like($r, qr/SEE-THIS/, 'tcp4 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 unlike($r, qr/X-IP: 192.0.2.1/, 'tcp4 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 $r = pp_get('/t1', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 like($r, qr/SEE-THIS/, 'tcp6 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 unlike($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 like(pp_get('/t1', $unk1), qr/SEE-THIS/, 'unknown request 1'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 like(pp_get('/t1', $unk2), qr/SEE-THIS/, 'unknown request 2'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # realip |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 $r = pp_get('/pp', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like($r, qr/SEE-THIS/, 'tcp4 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 like($r, qr/X-IP: 192.0.2.1/, 'tcp4 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 $r = pp_get('/pp', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like($r, qr/SEE-THIS/, 'tcp6 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 like($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 # access |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 $r = pp_get('/pp_4', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like($r, qr/403 Forbidden/, 'tcp4 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 $r = pp_get('/pp_6', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 like($r, qr/403 Forbidden/, 'tcp6 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 # client address in access.log |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 $t->stop(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
145 my $log; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 open LOG, $t->testdir() . '/pp.log' |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 or die("Can't open nginx access log file.\n"); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 local $/; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 $log = <LOG>; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 close LOG; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 like($log, qr!^192\.0\.2\.1 GET /pp_4!m, 'tcp4 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
156 like($log, qr!^2001:DB8::1 GET /pp_6!mi, 'tcp6 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
157 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
158 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
159 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
160 sub pp_get { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
161 my ($url, $proxy) = @_; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
162 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
163 my $s = http($proxy, start => 1); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
164 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
165 IO::Socket::SSL->start_SSL($s, |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
166 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
167 SSL_error_trap => sub { die $_[1] } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
168 ); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
169 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
170 return http(<<EOF, socket => $s); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
171 GET $url HTTP/1.0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 Host: localhost |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 ############################################################################### |