thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 01:38:15 +00:00
Code Issues Releases Wiki Activity

test: default cert optional trust

Browse Source
This commit is contained in:
Nicolas Duchon 2024-11-04 10:19:09 +01:00
parent 469765bbb7
commit 40c153e8b0
5 changed files with 36 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/test_fallback.data/nohttp-on-app.yml
View File

@ -5,7 +5,7 @@ services:
image: nginxproxy/nginx-proxy:test image: nginxproxy/nginx-proxy:test
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- ./nodefault.certs:/etc/nginx/certs:ro - ./withdefault.certs:/etc/nginx/certs:ro
environment: environment:
HTTPS_METHOD: redirect HTTPS_METHOD: redirect

12
test/test_fallback.data/nohttp-with-missing-cert.yml
View File

@ -5,7 +5,7 @@ services:
image: nginxproxy/nginx-proxy:test image: nginxproxy/nginx-proxy:test
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- ./nodefault.certs:/etc/nginx/certs:ro - ./withdefault.certs:/etc/nginx/certs:ro
environment: environment:
HTTPS_METHOD: nohttp HTTPS_METHOD: nohttp
@ -24,3 +24,13 @@ services:
environment: environment:
WEB_PORTS: "84" WEB_PORTS: "84"
VIRTUAL_HOST: missing-cert.nginx-proxy.test VIRTUAL_HOST: missing-cert.nginx-proxy.test
missing-cert-default-untrusted:
image: web
expose:
- "85"
environment:
WEB_PORTS: "85"
VIRTUAL_HOST: missing-cert.default-untrusted.nginx-proxy.test
labels:
com.github.nginx-proxy.nginx-proxy.trust-default-cert: "false"

2
test/test_fallback.data/nohttp.yml
View File

@ -5,7 +5,7 @@ services:
image: nginxproxy/nginx-proxy:test image: nginxproxy/nginx-proxy:test
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- ./nodefault.certs:/etc/nginx/certs:ro - ./withdefault.certs:/etc/nginx/certs:ro
environment: environment:
HTTPS_METHOD: nohttp HTTPS_METHOD: nohttp

10
test/test_fallback.data/withdefault.yml
View File

@ -40,3 +40,13 @@ services:
environment: environment:
WEB_PORTS: "84" WEB_PORTS: "84"
VIRTUAL_HOST: missing-cert.nginx-proxy.test VIRTUAL_HOST: missing-cert.nginx-proxy.test
missing-cert-default-untrusted:
image: web
expose:
- "85"
environment:
WEB_PORTS: "85"
VIRTUAL_HOST: missing-cert.default-untrusted.nginx-proxy.test
labels:
com.github.nginx-proxy.nginx-proxy.trust-default-cert: "false"

21
test/test_fallback.py
View File

@ -45,6 +45,8 @@ INTERNAL_ERR_RE = re.compile("TLSV1_UNRECOGNIZED_NAME")
("withdefault.yml", "https://http-only.nginx-proxy.test/", 503, None), ("withdefault.yml", "https://http-only.nginx-proxy.test/", 503, None),
("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 301, None), ("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 301, None),
("withdefault.yml", "https://missing-cert.nginx-proxy.test/", 200, None), ("withdefault.yml", "https://missing-cert.nginx-proxy.test/", 200, None),
("withdefault.yml", "http://missing-cert.default-untrusted.nginx-proxy.test/", 200, None),
("withdefault.yml", "https://missing-cert.default-untrusted.nginx-proxy.test/", None, INTERNAL_ERR_RE),
("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None), ("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None), ("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None),
# Same as withdefault.yml, except there is no default.crt. # Same as withdefault.yml, except there is no default.crt.
@ -58,24 +60,27 @@ INTERNAL_ERR_RE = re.compile("TLSV1_UNRECOGNIZED_NAME")
("nodefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nodefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE),
("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
# HTTPS_METHOD=nohttp on nginx-proxy, no default.crt, HTTPS_METHOD unset on the app container. # HTTPS_METHOD=nohttp on nginx-proxy, HTTPS_METHOD unset on the app container.
("nohttp.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nohttp.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nohttp.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttp.yml", "https://unknown.nginx-proxy.test/", 503, None),
# HTTPS_METHOD=redirect on nginx-proxy, no default.crt, HTTPS_METHOD=nohttp on the app container. # HTTPS_METHOD=redirect on nginx-proxy, HTTPS_METHOD=nohttp on the app container.
("nohttp-on-app.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp-on-app.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp-on-app.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nohttp-on-app.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttp-on-app.yml", "https://unknown.nginx-proxy.test/", 503, None),
# Same as nohttp.yml, except there is a vhost with a missing cert. This causes its # Same as nohttp.yml, except there are two vhosts with a missing cert, the second
# one being configured not to trust the default certificate. This causes its
# HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect. # HTTPS_METHOD=nohttp setting to effectively become HTTPS_METHOD=noredirect.
("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None), ("nohttp-with-missing-cert.yml", "http://https-only.nginx-proxy.test/", 503, None),
("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None), ("nohttp-with-missing-cert.yml", "https://https-only.nginx-proxy.test/", 200, None),
("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 200, None), ("nohttp-with-missing-cert.yml", "http://missing-cert.nginx-proxy.test/", 503, None),
("nohttp-with-missing-cert.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttp-with-missing-cert.yml", "https://missing-cert.nginx-proxy.test/", 200, None),
("nohttp-with-missing-cert.yml", "http://missing-cert.default-untrusted.nginx-proxy.test/", 200, None),
("nohttp-with-missing-cert.yml", "https://missing-cert.default-untrusted.nginx-proxy.test/", None, INTERNAL_ERR_RE),
("nohttp-with-missing-cert.yml", "http://unknown.nginx-proxy.test/", 503, None), ("nohttp-with-missing-cert.yml", "http://unknown.nginx-proxy.test/", 503, None),
("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttp-with-missing-cert.yml", "https://unknown.nginx-proxy.test/", 503, None),
# HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container. # HTTPS_METHOD=nohttps on nginx-proxy, HTTPS_METHOD unset on the app container.
("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None), ("nohttps.yml", "http://http-only.nginx-proxy.test/", 200, None),
("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE), ("nohttps.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),