diff --git a/test/test_fallback.data/nohttp-on-app.yml b/test/test_fallback.data/nohttp-on-app.yml index 6d6e390..b6ca82a 100644 --- a/test/test_fallback.data/nohttp-on-app.yml +++ b/test/test_fallback.data/nohttp-on-app.yml @@ -5,7 +5,7 @@ services: image: nginxproxy/nginx-proxy:test volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - - ./nodefault.certs:/etc/nginx/certs:ro + - ./withdefault.certs:/etc/nginx/certs:ro environment: HTTPS_METHOD: redirect diff --git a/test/test_fallback.data/nohttp-with-missing-cert.yml b/test/test_fallback.data/nohttp-with-missing-cert.yml index eb54584..292ad74 100644 --- a/test/test_fallback.data/nohttp-with-missing-cert.yml +++ b/test/test_fallback.data/nohttp-with-missing-cert.yml @@ -5,7 +5,7 @@ services: image: nginxproxy/nginx-proxy:test volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - - ./nodefault.certs:/etc/nginx/certs:ro + - ./withdefault.certs:/etc/nginx/certs:ro environment: HTTPS_METHOD: nohttp @@ -24,3 +24,13 @@ services: environment: WEB_PORTS: "84" VIRTUAL_HOST: missing-cert.nginx-proxy.test + + missing-cert-default-untrusted: + image: web + expose: + - "85" + environment: + WEB_PORTS: "85" + VIRTUAL_HOST: missing-cert.default-untrusted.nginx-proxy.test + labels: + com.github.nginx-proxy.nginx-proxy.trust-default-cert: "false" diff --git a/test/test_fallback.data/nohttp.yml b/test/test_fallback.data/nohttp.yml index 0f9db05..9d47d51 100644 --- a/test/test_fallback.data/nohttp.yml +++ b/test/test_fallback.data/nohttp.yml @@ -5,7 +5,7 @@ services: image: nginxproxy/nginx-proxy:test volumes: - /var/run/docker.sock:/tmp/docker.sock:ro - - ./nodefault.certs:/etc/nginx/certs:ro + - ./withdefault.certs:/etc/nginx/certs:ro environment: HTTPS_METHOD: nohttp diff --git a/test/test_fallback.data/withdefault.yml b/test/test_fallback.data/withdefault.yml index 46ab126..00ed4b8 100644 --- a/test/test_fallback.data/withdefault.yml +++ b/test/test_fallback.data/withdefault.yml @@ -40,3 +40,13 @@ services: environment: WEB_PORTS: "84" VIRTUAL_HOST: missing-cert.nginx-proxy.test + + missing-cert-default-untrusted: + image: web + expose: + - "85" + environment: + WEB_PORTS: "85" + VIRTUAL_HOST: missing-cert.default-untrusted.nginx-proxy.test + labels: + com.github.nginx-proxy.nginx-proxy.trust-default-cert: "false" diff --git a/test/test_fallback.py b/test/test_fallback.py index 019eafc..dd0fc77 100644 --- a/test/test_fallback.py +++ b/test/test_fallback.py @@ -45,6 +45,8 @@ INTERNAL_ERR_RE = re.compile("TLSV1_UNRECOGNIZED_NAME") ("withdefault.yml", "https://http-only.nginx-proxy.test/", 503, None), ("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 301, None), ("withdefault.yml", "https://missing-cert.nginx-proxy.test/", 200, None), + ("withdefault.yml", "http://missing-cert.default-untrusted.nginx-proxy.test/", 200, None), + ("withdefault.yml", "https://missing-cert.default-untrusted.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None), ("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None), # Same as withdefault.yml, except there is no default.crt. @@ -58,24 +60,27 @@ INTERNAL_ERR_RE = re.compile("TLSV1_UNRECOGNIZED_NAME") ("nodefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), - # HTTPS_METHOD=nohttp on nginx-proxy, no default.crt, HTTPS_METHOD unset on the app container. + # HTTPS_METHOD=nohttp on nginx-proxy, HTTPS_METHOD unset on the app container. ("nohttp.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttp.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), - # HTTPS_METHOD=redirect on nginx-proxy, no default.crt, HTTPS_METHOD=nohttp on the app container. + ("nohttp.yml", "https://unknown.nginx-proxy.test/", 503, None), + # HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttp on the app container. ("nohttp-on-app.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), - # Same as nohttp.yml, except there is a vhost with a missing cert. This causes its + ("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", 503, None), + # Same as nohttp.yml, except there are two vhosts with a missing cert, the second + # one being configured not to trust the default certificate. This causes its # HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect. ("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None), - ("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 200, None), - ("nohttp-with-missing-cert.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE), + ("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 503, None), + ("nohttp-with-missing-cert.yml", "https://missing-cert.nginx-proxy.test/", 200, None), + ("nohttp-with-missing-cert.yml", "http://missing-cert.default-untrusted.nginx-proxy.test/", 200, None), + ("nohttp-with-missing-cert.yml", "https://missing-cert.default-untrusted.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttp-with-missing-cert.yml", "http://unknown.nginx-proxy.test/", 503, None), - ("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), + ("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None), # HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container. ("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None), ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),