thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2024-11-22 03:46:29 +00:00
Code Issues Releases Wiki Activity

Add HTTPS_METHOD=https to disable SSL site

Browse Source
This commit is contained in:
Steve Kamerman 2016-10-01 11:22:48 -04:00
parent 0670a13d92
commit 374b1256cd
2 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nginx.tmpl
View File

@ -125,7 +125,7 @@ upstream {{ $host }} {
{{/* Use the cert specified on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) }}
{{ $is_https := (and (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }}

32
test/ssl.bats
View File

@ -17,7 +17,7 @@ function setup {
@test "[$TEST_FILE] test SSL for VIRTUAL_HOST=*.nginx-proxy.bats" {
# WHEN
prepare_web_container bats-ssl-hosts-1 "80 443" \
prepare_web_container bats-ssl-hosts-1 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
@ -30,7 +30,7 @@ function setup {
@test "[$TEST_FILE] test HTTPS_METHOD=nohttp" {
# WHEN
prepare_web_container bats-ssl-hosts-2 "80 443" \
prepare_web_container bats-ssl-hosts-2 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats \
-e HTTPS_METHOD=nohttp
@ -44,7 +44,7 @@ function setup {
@test "[$TEST_FILE] test HTTPS_METHOD=noredirect" {
# WHEN
prepare_web_container bats-ssl-hosts-3 "80 443" \
prepare_web_container bats-ssl-hosts-3 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats \
-e HTTPS_METHOD=noredirect
@ -58,7 +58,7 @@ function setup {
@test "[$TEST_FILE] test SSL Strict-Transport-Security" {
# WHEN
prepare_web_container bats-ssl-hosts-4 "80 443" \
prepare_web_container bats-ssl-hosts-4 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
@ -72,7 +72,7 @@ function setup {
@test "[$TEST_FILE] test HTTPS_METHOD=noredirect disables Strict-Transport-Security" {
# WHEN
prepare_web_container bats-ssl-hosts-5 "80 443" \
prepare_web_container bats-ssl-hosts-5 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats \
-e HTTPS_METHOD=noredirect
@ -85,6 +85,19 @@ function setup {
refute_output -p "Strict-Transport-Security: max-age=31536000"
}
@test "[$TEST_FILE] test HTTPS_METHOD=nohttps" {
# WHEN
prepare_web_container bats-ssl-hosts-6 "80" \
-e VIRTUAL_HOST=*.nginx-proxy.bats \
-e CERT_NAME=nginx-proxy.bats \
-e HTTPS_METHOD=nohttps
dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-6
sleep 1
# THEN
assert_down_https test.nginx-proxy.bats
assert_200 test.nginx-proxy.bats
}
@test "[$TEST_FILE] stop all bats containers" {
stop_bats_containers
@ -118,6 +131,15 @@ function assert_301 {
assert_output -l 0 $'HTTP/1.1 301 Moved Permanently\r'
}
# assert that querying nginx-proxy with the given Host header fails because the host is down
# $1 Host HTTP header to use when querying nginx-proxy
function assert_down_https {
local -r host=$1
run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
assert_failure
}
# assert that querying nginx-proxy with the given Host header produces a `HTTP 200` response
# $1 Host HTTP header to use when querying nginx-proxy
function assert_200_https {