thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 09:48:14 +00:00
Code Issues Releases Wiki Activity

Merge pull request #2448 from pini-gh/pini-nohttp-behavior

Browse Source 
fix: constistent behavior for `HTTPS_METHOD=nohttp`
This commit is contained in:
Nicolas Duchon 2024-05-15 15:09:19 +02:00 committed by GitHub
commit 1b4a3b036b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nginx.tmpl
View File

@ -650,7 +650,7 @@ proxy_set_header Proxy "";
{{- $default_https_exists = or $default_https_exists (and $https $vhost.default) }} {{- $default_https_exists = or $default_https_exists (and $https $vhost.default) }}
{{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }} {{- $http3_enabled = or $http3_enabled $vhost.http3_enabled }}
{{- end }} {{- end }}
{{- $fallback_http := and $http_exists (not $default_http_exists) }} {{- $fallback_http := not $default_http_exists }}
{{- $fallback_https := and $https_exists (not $default_https_exists) }} {{- $fallback_https := and $https_exists (not $default_https_exists) }}
{{- /* {{- /*
* If there are no vhosts at all, create fallbacks for both plain http * If there are no vhosts at all, create fallbacks for both plain http
@ -658,7 +658,6 @@ proxy_set_header Proxy "";
* refused error. * refused error.
*/}} */}}
{{- if and (not $http_exists) (not $https_exists) }} {{- if and (not $http_exists) (not $https_exists) }}
{{- $fallback_http = true }}
{{- $fallback_https = true }} {{- $fallback_https = true }}
{{- end }} {{- end }}
{{- if or $fallback_http $fallback_https }} {{- if or $fallback_http $fallback_https }}

12
test/test_fallback.py
View File

@ -60,19 +60,17 @@ CONNECTION_REFUSED_RE = re.compile("Connection refused")
("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
# HTTPS_METHOD=nohttp on nginx-proxy, HTTPS_METHOD unset on the app container. # HTTPS_METHOD=nohttp on nginx-proxy, HTTPS_METHOD unset on the app container.
("nohttp.yml", "http://https-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), ("nohttp.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp.yml", "http://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), ("nohttp.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nohttp.yml", "https://unknown.nginx-proxy.test/", 503, None), ("nohttp.yml", "https://unknown.nginx-proxy.test/", 503, None),
# HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttp on the app container. # HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttp on the app container.
("nohttp-on-app.yml", "http://https-only.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), ("nohttp-on-app.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", None, CONNECTION_REFUSED_RE), ("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", 503, None), ("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", 503, None),
# Same as nohttp.yml, except there is a vhost with a missing cert. This causes its # Same as nohttp.yml, except there is a vhost with a missing cert. This causes its
# HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect. This means that # HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect.
# there will be a plain http server solely to support that vhost, so http requests to other
# vhosts get a 503, not a connection refused error.
("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 200, None), ("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 200, None),

8
test/test_ssl/test_nohttp.py
View File

@ -3,15 +3,15 @@ import requests
def test_web2_http_is_connection_refused(docker_compose, nginxproxy): def test_web2_http_is_connection_refused(docker_compose, nginxproxy):
with pytest.raises(requests.exceptions.RequestException, match="Connection refused"): r = nginxproxy.get("http://web2.nginx-proxy.tld/", allow_redirects=False)
nginxproxy.get("http://web2.nginx-proxy.tld/") assert r.status_code == 503
def test_web2_http_is_connection_refused_for_acme_challenge( def test_web2_http_is_connection_refused_for_acme_challenge(
docker_compose, nginxproxy, acme_challenge_path docker_compose, nginxproxy, acme_challenge_path
): ):
with pytest.raises(requests.exceptions.RequestException, match="Connection refused"): r = nginxproxy.get(f"http://web2.nginx-proxy.tld/{acme_challenge_path}", allow_redirects=False)
nginxproxy.get(f"http://web2.nginx-proxy.tld/{acme_challenge_path}") assert r.status_code == 503
def test_web2_https_is_forwarded(docker_compose, nginxproxy): def test_web2_https_is_forwarded(docker_compose, nginxproxy):