Mercurial > hg > nginx-tests
annotate ssl_proxy_protocol.t @ 1266:b17f27fa9081
Tests: tests for "header already sent" alerts on backend errors.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 05 Jan 2018 08:27:26 +0300 |
parents | 0af58b78df35 |
children | 8c764fd93b5e |
rev | line source |
---|---|
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
1 #!/usr/bin/perl |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
2 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
3 # (C) Sergey Kandaurov |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
4 # (C) Nginx, Inc. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
5 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
6 # Tests for http ssl module with haproxy protocol. |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
7 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
8 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
9 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
10 use warnings; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
11 use strict; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
12 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
13 use Test::More; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
14 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
15 use Socket qw/ CRLF /; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
16 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
17 BEGIN { use FindBin; chdir($FindBin::Bin); } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
18 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
19 use lib 'lib'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
20 use Test::Nginx; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
21 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
22 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
23 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
24 select STDERR; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
25 select STDOUT; $| = 1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
26 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
27 eval { require IO::Socket::SSL; }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
28 plan(skip_all => 'IO::Socket::SSL not installed') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
29 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); }; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
30 plan(skip_all => 'IO::Socket::SSL too old') if $@; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
31 |
1170
cf14cfe9ec8c
Tests: dropped obsolete ipv6 prerequisite.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1168
diff
changeset
|
32 my $t = Test::Nginx->new()->has(qw/http http_ssl access realip/) |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
33 ->has_daemon('openssl'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
34 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
35 $t->write_file_expand('nginx.conf', <<'EOF')->plan(18); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
36 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
37 %%TEST_GLOBALS%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
38 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
39 daemon off; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
40 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
41 events { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
42 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
43 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
44 http { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
45 %%TEST_GLOBALS_HTTP%% |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
46 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
47 log_format pp '$remote_addr $request'; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
48 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
49 server { |
974
882267679006
Tests: simplified parallel modifications in tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
952
diff
changeset
|
50 listen 127.0.0.1:8080 proxy_protocol ssl; |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
51 server_name localhost; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
52 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
53 ssl_certificate_key localhost.key; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
54 ssl_certificate localhost.crt; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
55 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
56 set_real_ip_from 127.0.0.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
57 add_header X-IP $remote_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
58 add_header X-PP $proxy_protocol_addr; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
59 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
60 location /pp { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
61 real_ip_header proxy_protocol; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
62 error_page 404 =200 /t1; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
63 access_log %%TESTDIR%%/pp.log pp; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
64 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
65 location /pp_4 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
66 deny 192.0.2.1/32; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
67 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
68 location /pp_6 { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
69 deny 2001:DB8::1/128; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
70 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
71 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
72 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
73 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
74 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
75 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
76 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
77 $t->write_file('openssl.conf', <<EOF); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
78 [ req ] |
1116
8ef51dbb5d69
Tests: reduced OpenSSL default key length to 1024.
Sergey Kandaurov <pluknet@nginx.com>
parents:
974
diff
changeset
|
79 default_bits = 1024 |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
80 encrypt_key = no |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
81 distinguished_name = req_distinguished_name |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
82 [ req_distinguished_name ] |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
83 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
84 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
85 my $d = $t->testdir(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
86 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
87 foreach my $name ('localhost') { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
88 system('openssl req -x509 -new ' |
1220
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1170
diff
changeset
|
89 . "-config $d/openssl.conf -subj /CN=$name/ " |
0af58b78df35
Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1170
diff
changeset
|
90 . "-out $d/$name.crt -keyout $d/$name.key " |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
91 . ">>$d/openssl.out 2>&1") == 0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
92 or die "Can't create certificate for $name: $!\n"; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
93 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
94 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
95 $t->write_file('t1', 'SEE-THIS'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
96 $t->run(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
97 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
98 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
99 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
100 my $tcp4 = 'PROXY TCP4 192.0.2.1 192.0.2.2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
101 my $tcp6 = 'PROXY TCP6 2001:Db8::1 2001:Db8::2 1234 5678' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
102 my $unk1 = 'PROXY UNKNOWN' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
103 my $unk2 = 'PROXY UNKNOWN 1 2 3 4 5 6' . CRLF; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
104 my $r; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
105 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
106 # no realip, just PROXY header parsing |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
107 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
108 $r = pp_get('/t1', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
109 like($r, qr/SEE-THIS/, 'tcp4 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
110 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
111 unlike($r, qr/X-IP: 192.0.2.1/, 'tcp4 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
112 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
113 $r = pp_get('/t1', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
114 like($r, qr/SEE-THIS/, 'tcp6 request'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
115 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
116 unlike($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
117 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
118 like(pp_get('/t1', $unk1), qr/SEE-THIS/, 'unknown request 1'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
119 like(pp_get('/t1', $unk2), qr/SEE-THIS/, 'unknown request 2'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
120 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
121 # realip |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
122 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
123 $r = pp_get('/pp', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
124 like($r, qr/SEE-THIS/, 'tcp4 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
125 like($r, qr/X-PP: 192.0.2.1/, 'tcp4 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
126 like($r, qr/X-IP: 192.0.2.1/, 'tcp4 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
127 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
128 $r = pp_get('/pp', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
129 like($r, qr/SEE-THIS/, 'tcp6 request realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
130 like($r, qr/X-PP: 2001:DB8::1/i, 'tcp6 proxy realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
131 like($r, qr/X-IP: 2001:DB8::1/i, 'tcp6 client realip'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
132 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
133 # access |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
134 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
135 $r = pp_get('/pp_4', $tcp4); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
136 like($r, qr/403 Forbidden/, 'tcp4 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
137 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
138 $r = pp_get('/pp_6', $tcp6); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
139 like($r, qr/403 Forbidden/, 'tcp6 access'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
140 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
141 # client address in access.log |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
142 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
143 $t->stop(); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
144 |
908
adf5671391ac
Tests: use read_file subroutine in several tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents:
603
diff
changeset
|
145 my $log = $t->read_file('pp.log'); |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
146 like($log, qr!^192\.0\.2\.1 GET /pp_4!m, 'tcp4 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
147 like($log, qr!^2001:DB8::1 GET /pp_6!mi, 'tcp6 access log'); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
148 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
149 ############################################################################### |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
150 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
151 sub pp_get { |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
152 my ($url, $proxy) = @_; |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
153 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
154 my $s = http($proxy, start => 1); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
155 |
1168
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
156 eval { |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
157 local $SIG{ALRM} = sub { die "timeout\n" }; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
158 local $SIG{PIPE} = sub { die "sigpipe\n" }; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
159 alarm(2); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
160 IO::Socket::SSL->start_SSL($s, |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
161 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(), |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
162 SSL_error_trap => sub { die $_[1] } |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
163 ); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
164 alarm(0); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
165 }; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
166 alarm(0); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
167 |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
168 if ($@) { |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
169 log_in("died: $@"); |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
170 return undef; |
8821e405b91e
Tests: handled SSL negotiation errors.
Sergey Kandaurov <pluknet@nginx.com>
parents:
1116
diff
changeset
|
171 } |
603
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
172 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
173 return http(<<EOF, socket => $s); |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
174 GET $url HTTP/1.0 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
175 Host: localhost |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
176 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
177 EOF |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
178 } |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
179 |
cc722d0c557d
Tests: proxy_protocol ssl tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff
changeset
|
180 ############################################################################### |