mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 20:06:30 +00:00
TESTS: add test for the case in which a wildcard cert matches a container having nohttps
set
This commit is contained in:
parent
82133865d4
commit
8414a94d59
6
test/test_ssl/wildcard_cert_and_nohttps/README.md
Normal file
6
test/test_ssl/wildcard_cert_and_nohttps/README.md
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
In this scenario, we have a wildcard certificate for `*.web.nginx-proxy.tld` and 3 web containers:
|
||||||
|
- 1.web.nginx-proxy.tld
|
||||||
|
- 2.web.nginx-proxy.tld
|
||||||
|
- 3.web.nginx-proxy.tld
|
||||||
|
|
||||||
|
We want web containers 1 and 2 to support SSL, but 3 should not (using `HTTPS_METHOD=nohttps`)
|
70
test/test_ssl/wildcard_cert_and_nohttps/certs/default.crt
Normal file
70
test/test_ssl/wildcard_cert_and_nohttps/certs/default.crt
Normal file
@ -0,0 +1,70 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 4096 (0x1000)
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 15 00:17:52 2017 GMT
|
||||||
|
Not After : Jul 31 00:17:52 2044 GMT
|
||||||
|
Subject: CN=nginx-proxy.tld
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:f2:fd:79:70:99:0c:da:63:5c:81:28:72:31:01:
|
||||||
|
62:e9:68:d7:cb:8d:c6:95:f9:ec:26:34:1c:08:c6:
|
||||||
|
6d:de:ad:d8:b0:c0:ae:48:03:73:76:6b:3f:c5:35:
|
||||||
|
86:c6:42:91:53:3c:aa:85:89:84:92:67:92:ef:a9:
|
||||||
|
5b:f2:d4:04:73:34:02:35:d4:6a:fa:c2:da:91:4a:
|
||||||
|
a9:70:87:25:38:84:1d:93:99:3c:d7:03:61:a6:6d:
|
||||||
|
33:6f:83:45:04:af:4f:96:62:1e:c1:79:87:c9:d5:
|
||||||
|
4c:e9:8f:85:e2:c8:1b:5b:fc:b8:02:ff:7b:6d:34:
|
||||||
|
4c:5d:40:73:44:9e:c5:1f:5f:e0:0f:89:88:c4:35:
|
||||||
|
2b:04:53:8c:8e:a0:7c:7c:97:16:20:c2:4f:a1:c0:
|
||||||
|
dd:bf:d5:13:2d:64:25:03:f2:d8:d5:27:01:70:c9:
|
||||||
|
f4:37:33:36:7e:7b:48:54:ec:37:2b:81:3d:50:3c:
|
||||||
|
d4:5f:05:19:e2:0b:ba:76:f6:2c:3b:23:4b:82:78:
|
||||||
|
5f:e9:e3:57:fc:39:4a:5c:42:82:72:c8:a3:af:b7:
|
||||||
|
b3:91:e4:01:9c:2c:47:5e:ff:aa:ad:63:1c:e7:9c:
|
||||||
|
2e:a2:ac:5d:51:30:83:67:6e:f8:5a:ed:0b:70:e4:
|
||||||
|
68:d4:e9:5e:a7:f5:5e:87:3b:e8:31:ad:00:04:f8:
|
||||||
|
7b:d9
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Alternative Name:
|
||||||
|
DNS:nginx-proxy.tld
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
39:d4:cc:78:a3:5e:64:e9:ab:9d:a9:89:3b:9e:18:01:98:cb:
|
||||||
|
e2:0c:ef:e9:2b:50:34:ed:63:ed:e6:0e:53:59:30:80:e0:3b:
|
||||||
|
5e:08:ca:09:55:da:e3:3e:c2:01:d8:d6:ca:92:2a:0b:ee:2c:
|
||||||
|
a1:93:18:7b:15:28:8d:2a:17:25:76:eb:ef:70:e0:d7:02:d3:
|
||||||
|
ad:81:33:47:9b:fb:d8:52:87:69:a4:3a:20:a4:9a:2d:3f:40:
|
||||||
|
5f:52:bf:0b:96:e3:52:c3:59:55:dc:5a:37:f3:e6:d6:16:46:
|
||||||
|
64:e4:20:32:5d:cd:4b:da:2b:ef:e9:85:af:00:a1:ca:a1:08:
|
||||||
|
ed:0f:f4:65:dc:2a:c9:b3:4e:cc:f3:82:d7:69:3a:4d:fc:8e:
|
||||||
|
db:10:95:28:20:07:55:f0:d1:11:1f:c5:00:74:88:c6:c9:94:
|
||||||
|
15:90:93:3a:de:90:85:fb:72:9c:d8:57:58:05:7d:bb:6a:36:
|
||||||
|
eb:d8:12:22:41:0e:fc:c9:24:79:c0:28:4f:4f:1b:4b:59:f9:
|
||||||
|
e4:c6:97:be:b1:94:74:de:a7:65:d3:cb:0a:56:3b:d3:63:fc:
|
||||||
|
b2:05:fc:e7:ec:bb:45:04:91:9f:21:f9:05:3b:5d:4c:af:8e:
|
||||||
|
84:04:f5:25:fb:4d:ab:db:23:56:74:7e:4f:b3:da:bb:27:e7:
|
||||||
|
ea:fb:bd:00
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC8zCCAdugAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
|
||||||
|
bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
|
||||||
|
ZDAeFw0xNzAzMTUwMDE3NTJaFw00NDA3MzEwMDE3NTJaMBoxGDAWBgNVBAMMD25n
|
||||||
|
aW54LXByb3h5LnRsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPL9
|
||||||
|
eXCZDNpjXIEocjEBYulo18uNxpX57CY0HAjGbd6t2LDArkgDc3ZrP8U1hsZCkVM8
|
||||||
|
qoWJhJJnku+pW/LUBHM0AjXUavrC2pFKqXCHJTiEHZOZPNcDYaZtM2+DRQSvT5Zi
|
||||||
|
HsF5h8nVTOmPheLIG1v8uAL/e200TF1Ac0SexR9f4A+JiMQ1KwRTjI6gfHyXFiDC
|
||||||
|
T6HA3b/VEy1kJQPy2NUnAXDJ9DczNn57SFTsNyuBPVA81F8FGeILunb2LDsjS4J4
|
||||||
|
X+njV/w5SlxCgnLIo6+3s5HkAZwsR17/qq1jHOecLqKsXVEwg2du+FrtC3DkaNTp
|
||||||
|
Xqf1Xoc76DGtAAT4e9kCAwEAAaMeMBwwGgYDVR0RBBMwEYIPbmdpbngtcHJveHku
|
||||||
|
dGxkMA0GCSqGSIb3DQEBCwUAA4IBAQA51Mx4o15k6audqYk7nhgBmMviDO/pK1A0
|
||||||
|
7WPt5g5TWTCA4DteCMoJVdrjPsIB2NbKkioL7iyhkxh7FSiNKhclduvvcODXAtOt
|
||||||
|
gTNHm/vYUodppDogpJotP0BfUr8LluNSw1lV3Fo38+bWFkZk5CAyXc1L2ivv6YWv
|
||||||
|
AKHKoQjtD/Rl3CrJs07M84LXaTpN/I7bEJUoIAdV8NERH8UAdIjGyZQVkJM63pCF
|
||||||
|
+3Kc2FdYBX27ajbr2BIiQQ78ySR5wChPTxtLWfnkxpe+sZR03qdl08sKVjvTY/yy
|
||||||
|
Bfzn7LtFBJGfIfkFO11Mr46EBPUl+02r2yNWdH5Ps9q7J+fq+70A
|
||||||
|
-----END CERTIFICATE-----
|
27
test/test_ssl/wildcard_cert_and_nohttps/certs/default.key
Normal file
27
test/test_ssl/wildcard_cert_and_nohttps/certs/default.key
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpQIBAAKCAQEA8v15cJkM2mNcgShyMQFi6WjXy43GlfnsJjQcCMZt3q3YsMCu
|
||||||
|
SANzdms/xTWGxkKRUzyqhYmEkmeS76lb8tQEczQCNdRq+sLakUqpcIclOIQdk5k8
|
||||||
|
1wNhpm0zb4NFBK9PlmIewXmHydVM6Y+F4sgbW/y4Av97bTRMXUBzRJ7FH1/gD4mI
|
||||||
|
xDUrBFOMjqB8fJcWIMJPocDdv9UTLWQlA/LY1ScBcMn0NzM2fntIVOw3K4E9UDzU
|
||||||
|
XwUZ4gu6dvYsOyNLgnhf6eNX/DlKXEKCcsijr7ezkeQBnCxHXv+qrWMc55wuoqxd
|
||||||
|
UTCDZ274Wu0LcORo1Olep/VehzvoMa0ABPh72QIDAQABAoIBAQDqcaW5/fFoxHV8
|
||||||
|
KIoEvlGw4ndS7nesPHacZaqmzM01DIcGAuIkmS/OEax1mi9vGsschGwCa6x9lXEv
|
||||||
|
yzfsEqQ4gvWe+lQ9ncNEa8UPzVUcMlxXDIKm8ZxF9xapgP4Whw9DCWijQ57AHg0X
|
||||||
|
TGLhbDD5j9v7CIUN2GfVkVml24pVuUoeXqv7ZLzTJKZ+Q/eqxyeIikjFheXzaQxb
|
||||||
|
bUHbEHIXJtHMYULXmfc5WCxuobHqal3z0ymCijoZVXV8hp8dtDP34tRV9MID9wck
|
||||||
|
lRUVqboFCIXxmLLRTZgyCbiFLkCIu2nmgNobWCNfkHN7QQhToPEecSFMZzYtmo6/
|
||||||
|
T1fHE3ABAoGBAP1J1Izfc4CF9t2iPGzXyn8oNkXHLMPKtFQ2Rb8XwBryUOOrAHqT
|
||||||
|
FIZ2FsDJr0VvS1ihFs1kbO+WAY5W5GytwiiVXvztHz3/f5JnGgvMCeUcEmaj90vq
|
||||||
|
sTyfHc2OKFjumIjGe87uav3bgac7nOWLO+RIJ/ua6UO7/8psqwryxY4FAoGBAPWX
|
||||||
|
a502kT56VwI3Gf8hb37PZ/PD+gOzgzVcMn13yLZ4gC9xoP4TKUBHSz4wO8asjKk5
|
||||||
|
1RD/DITXYKelyRXynOtMW+2j2s5bVBpOshN/n9jRC1haoGJZYb2JVP6+8WoZKQOF
|
||||||
|
NwgNlI4he32kSFw59fjkdG64iw7KY8ZYUatkrgrFAoGBAPozTjUCHfRdYOi6c/oI
|
||||||
|
h81oCYSQJVYbDFsLaYZEjc2Qg/sBVm2+kE3qpLs3/10VfVZFemLVyw44Hb1fdDEu
|
||||||
|
y1aPhs9N5Mi3dGtIUWBJ45RgUIT3fzeM1BtQCn6c6JpAxoiFmJNmzGWLyd1Kc8gD
|
||||||
|
69uqs2RFOBtiwGBTS/p6qk+JAoGBAM1QkpnzFYf69SSX9jbRuAl20Xv8GdbgS0/f
|
||||||
|
zSIRcw4BPYDsaOAgGrtvHttVrZORi2KqQ5Ma9ldUS6y8L5kWo9MemjfYZUNhHLWF
|
||||||
|
luAwMO0tDmQGF9FA0jKHTjROYzsE38Heq7wixk/wc/H81rWrixRRwXkS9MYfszwN
|
||||||
|
d/FmkQ3VAoGAXHZrDEygUmf4q0LwjLVF0TPzElh530qVmyhPa0OBs/hVh9Mwv/i6
|
||||||
|
fj3+k7uYWgKDzcaVXSMOFGt515F8qy0AUEY9r+IjAn01KTLKO4ZuPiSpxliqDbCs
|
||||||
|
gzsX9CWVSVgTN+TY15QCoJNpzLiyrXe3uldAP5JEBQSnjt9OfSJQ5IU=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
@ -0,0 +1,71 @@
|
|||||||
|
Certificate:
|
||||||
|
Data:
|
||||||
|
Version: 3 (0x2)
|
||||||
|
Serial Number: 4096 (0x1000)
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
Issuer: O=nginx-proxy test suite, CN=www.nginx-proxy.tld
|
||||||
|
Validity
|
||||||
|
Not Before: Mar 14 23:19:36 2017 GMT
|
||||||
|
Not After : Jul 30 23:19:36 2044 GMT
|
||||||
|
Subject: CN=*.web.nginx-proxy.tld
|
||||||
|
Subject Public Key Info:
|
||||||
|
Public Key Algorithm: rsaEncryption
|
||||||
|
Public-Key: (2048 bit)
|
||||||
|
Modulus:
|
||||||
|
00:ce:2b:74:13:b2:1a:d5:72:5c:3e:10:f7:63:01:
|
||||||
|
22:df:e8:d9:cf:0b:8a:3f:40:75:62:58:78:27:9e:
|
||||||
|
af:33:d2:a1:19:6a:e1:b7:57:db:d9:8f:05:70:c2:
|
||||||
|
35:5d:f1:44:0d:51:62:74:73:e5:77:d9:bb:c6:d0:
|
||||||
|
33:7a:43:88:e9:e6:3c:2d:d4:39:9d:61:34:5a:19:
|
||||||
|
f3:c1:96:e0:bd:26:5b:69:18:a6:4c:8c:21:04:d8:
|
||||||
|
fa:56:22:ec:55:0d:ba:49:4d:8e:27:69:7f:82:e9:
|
||||||
|
e7:e9:c4:b7:87:70:d7:d7:4b:49:d1:c1:8c:b0:5a:
|
||||||
|
13:62:db:de:c1:94:31:d1:c9:74:c4:63:01:50:10:
|
||||||
|
70:42:73:67:c4:76:32:fb:d2:b7:91:2f:e8:cf:3a:
|
||||||
|
96:4a:ee:8e:0d:13:74:73:1b:e4:74:83:e7:66:d6:
|
||||||
|
8d:81:19:54:5b:d8:47:3e:3b:b5:fd:35:a2:df:f3:
|
||||||
|
7d:1c:9e:67:ee:50:da:28:9c:02:0a:ad:75:8d:04:
|
||||||
|
f7:28:1f:04:89:13:ac:ed:a9:34:26:dc:f7:f9:1f:
|
||||||
|
72:21:d5:72:fb:09:d9:cb:40:c0:0d:36:3c:c0:77:
|
||||||
|
0e:9a:f7:41:f1:3b:dd:b6:05:ab:13:60:c5:fd:c6:
|
||||||
|
5f:f5:05:c4:42:00:ba:b5:ef:fb:dc:64:98:d9:4d:
|
||||||
|
2b:07
|
||||||
|
Exponent: 65537 (0x10001)
|
||||||
|
X509v3 extensions:
|
||||||
|
X509v3 Subject Alternative Name:
|
||||||
|
DNS:*.web.nginx-proxy.tld
|
||||||
|
Signature Algorithm: sha256WithRSAEncryption
|
||||||
|
9b:78:39:b3:90:8f:31:8c:7d:02:aa:6f:46:3d:8c:f5:93:86:
|
||||||
|
03:e2:d8:9b:73:d1:e7:70:f1:d6:e6:3c:41:41:8c:76:c9:29:
|
||||||
|
a4:83:47:c7:10:fd:d0:8b:fa:60:26:a8:36:41:a4:69:89:81:
|
||||||
|
ec:bf:fd:33:72:bb:83:ea:42:e4:59:3f:10:df:d1:de:e2:bb:
|
||||||
|
eb:fa:97:44:fe:f4:55:29:69:ca:a5:88:b2:94:60:58:5a:1a:
|
||||||
|
19:16:fb:9f:42:4c:7c:d3:6b:21:45:22:56:5c:76:07:97:35:
|
||||||
|
27:8f:46:d2:77:5b:65:1b:94:99:cb:73:37:ae:cf:61:6c:7a:
|
||||||
|
5c:b3:3b:19:f2:9f:99:8f:89:eb:98:0b:74:0d:30:f5:49:19:
|
||||||
|
d6:41:32:4e:c9:fc:59:2a:4a:53:2c:83:89:3d:e8:89:ed:37:
|
||||||
|
d0:b4:f1:09:49:b5:0b:76:fd:a5:75:23:fb:01:c8:bb:59:02:
|
||||||
|
5c:e4:8e:9c:f9:5b:85:5f:67:fb:04:40:de:bc:e8:c3:15:2f:
|
||||||
|
ba:00:5c:36:57:47:e3:1a:95:44:5f:f4:10:55:b0:c4:af:12:
|
||||||
|
dc:0e:6c:18:4a:70:9e:73:90:8d:55:37:73:a5:1a:41:7f:00:
|
||||||
|
79:96:34:01:6b:10:2d:e9:61:3d:8f:8a:9a:c8:b6:bc:0f:57:
|
||||||
|
91:84:7c:26
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIC/zCCAeegAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwPzEfMB0GA1UECgwWbmdp
|
||||||
|
bngtcHJveHkgdGVzdCBzdWl0ZTEcMBoGA1UEAwwTd3d3Lm5naW54LXByb3h5LnRs
|
||||||
|
ZDAeFw0xNzAzMTQyMzE5MzZaFw00NDA3MzAyMzE5MzZaMCAxHjAcBgNVBAMMFSou
|
||||||
|
d2ViLm5naW54LXByb3h5LnRsZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||||
|
ggEBAM4rdBOyGtVyXD4Q92MBIt/o2c8Lij9AdWJYeCeerzPSoRlq4bdX29mPBXDC
|
||||||
|
NV3xRA1RYnRz5XfZu8bQM3pDiOnmPC3UOZ1hNFoZ88GW4L0mW2kYpkyMIQTY+lYi
|
||||||
|
7FUNuklNjidpf4Lp5+nEt4dw19dLSdHBjLBaE2Lb3sGUMdHJdMRjAVAQcEJzZ8R2
|
||||||
|
MvvSt5Ev6M86lkrujg0TdHMb5HSD52bWjYEZVFvYRz47tf01ot/zfRyeZ+5Q2iic
|
||||||
|
AgqtdY0E9ygfBIkTrO2pNCbc9/kfciHVcvsJ2ctAwA02PMB3Dpr3QfE73bYFqxNg
|
||||||
|
xf3GX/UFxEIAurXv+9xkmNlNKwcCAwEAAaMkMCIwIAYDVR0RBBkwF4IVKi53ZWIu
|
||||||
|
bmdpbngtcHJveHkudGxkMA0GCSqGSIb3DQEBCwUAA4IBAQCbeDmzkI8xjH0Cqm9G
|
||||||
|
PYz1k4YD4tibc9HncPHW5jxBQYx2ySmkg0fHEP3Qi/pgJqg2QaRpiYHsv/0zcruD
|
||||||
|
6kLkWT8Q39He4rvr+pdE/vRVKWnKpYiylGBYWhoZFvufQkx802shRSJWXHYHlzUn
|
||||||
|
j0bSd1tlG5SZy3M3rs9hbHpcszsZ8p+Zj4nrmAt0DTD1SRnWQTJOyfxZKkpTLIOJ
|
||||||
|
PeiJ7TfQtPEJSbULdv2ldSP7Aci7WQJc5I6c+VuFX2f7BEDevOjDFS+6AFw2V0fj
|
||||||
|
GpVEX/QQVbDErxLcDmwYSnCec5CNVTdzpRpBfwB5ljQBaxAt6WE9j4qayLa8D1eR
|
||||||
|
hHwm
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,27 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEowIBAAKCAQEAzit0E7Ia1XJcPhD3YwEi3+jZzwuKP0B1Ylh4J56vM9KhGWrh
|
||||||
|
t1fb2Y8FcMI1XfFEDVFidHPld9m7xtAzekOI6eY8LdQ5nWE0WhnzwZbgvSZbaRim
|
||||||
|
TIwhBNj6ViLsVQ26SU2OJ2l/gunn6cS3h3DX10tJ0cGMsFoTYtvewZQx0cl0xGMB
|
||||||
|
UBBwQnNnxHYy+9K3kS/ozzqWSu6ODRN0cxvkdIPnZtaNgRlUW9hHPju1/TWi3/N9
|
||||||
|
HJ5n7lDaKJwCCq11jQT3KB8EiROs7ak0Jtz3+R9yIdVy+wnZy0DADTY8wHcOmvdB
|
||||||
|
8TvdtgWrE2DF/cZf9QXEQgC6te/73GSY2U0rBwIDAQABAoIBAGVkDVPaVUP/V8nW
|
||||||
|
QjNYTbRcKTGfdT+iDZht9blWWsdboIqFe7fU53PY2E4Z1HD8xADgs1Cd5o3IcIZX
|
||||||
|
wdkw+VY+Of43zpXNRhfBh5T/BEtBX9cRnkcq6todcw+FYUB63dBK6cwMH/9b1Qes
|
||||||
|
DK35GszwY79aNjxMMBiAFM6SeOW4EElPsV8wd9ldX/ndiZuwkZ6k9PfyWrfeeaF+
|
||||||
|
EwVf/HaT0bV7cHQ73tYqzKjMpdbzIyaMzuAMGZDwPfLK+O1rEsWvLvK0ypl2Omzw
|
||||||
|
ndon8U3z0JPNmBGoq+SFS2qtCeOezNX3lPz+TWxG05R5iiFtuK83zJ5qGqCgCNZ6
|
||||||
|
qzpZsOECgYEA/NvWqT5MdZS1fdL2wROzFMTH4OBdUGr1Gh/DsNZj4qFVSFl969mA
|
||||||
|
7Vntm+koNLFsJt2EB67kC3ZWjozLXomHJ55/uKNnJ5LrLxczQ9x4l52CsTzrlvFq
|
||||||
|
crYjQZDmeN3B4Z+8RSi2icq6j1PeaCZRTvcz6eBjNYj/v/O0SmiXIp8CgYEA0Lsh
|
||||||
|
fZWuw23a8UXS2YUrXXqfIEdisVMnLRu3Zi0Y1R4lIpuwn5+2n+TxnuWcY1q+ZTMw
|
||||||
|
dcmGPi6aRj81kEN/Kw5raKoVb6YywTNB4/Dwz7PRQH386FrjfivGXGEEINgbPQ09
|
||||||
|
2u0QV2Cr9yMGZ5qNXut70RYewkxjF7+s6L8+RpkCgYB9ikBHgtC/R/fb4pP0RG2T
|
||||||
|
ECgUtBBgTtomAENOVwL8kBEhfJ0SLcjfDtjzoYz+rF//49cbYW+DaVuMJscJxso9
|
||||||
|
l2neJ/KdKUpu9NvVA280B1XN3WsyY+Xv0hIrCWAD/kW2WXJF+/K08twxMPipSOzx
|
||||||
|
gbZalbdr6vrfOIX4s3jmDQKBgDiXA3Vw53jEh99x9sBSgndNj2bI89DvomdwZECn
|
||||||
|
aVweWCMR4sjkHDctcvSJe+TT7VqyjijhAixJpjn1WShLpGaf+i7eLgGfJZOLugl6
|
||||||
|
gU9OiSTbA35bZeIHLDhPdTcSYBAlTufT7eJCq1zNeicMl9dsMJ13Sc+TtinyJYbU
|
||||||
|
kqXBAoGBAL9gRa1PkNkpCJ5F9aYSohCAXB7DaAgYvVyvOTQ8Bw2uACPgdnpHmxQd
|
||||||
|
/sT7qJ1h8ZCtn89Ug/4yx79eUcOImugoCRIUVtq1xhyXUdVl55Tuy5bKBSSAe/Vh
|
||||||
|
T7sAmryCkzn9ihRziY2j84vK0mdMkCU5AoatPg5l0g1adn5zcY6q
|
||||||
|
-----END RSA PRIVATE KEY-----
|
33
test/test_ssl/wildcard_cert_and_nohttps/docker-compose.yml
Normal file
33
test/test_ssl/wildcard_cert_and_nohttps/docker-compose.yml
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
version: "3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
proxy:
|
||||||
|
image: jwilder/nginx-proxy:test
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
- ./certs:/etc/nginx/certs:ro
|
||||||
|
|
||||||
|
web1:
|
||||||
|
image: web
|
||||||
|
expose:
|
||||||
|
- "81"
|
||||||
|
environment:
|
||||||
|
WEB_PORTS: "81"
|
||||||
|
VIRTUAL_HOST: "1.web.nginx-proxy.tld"
|
||||||
|
web2:
|
||||||
|
image: web
|
||||||
|
expose:
|
||||||
|
- "82"
|
||||||
|
environment:
|
||||||
|
WEB_PORTS: "82"
|
||||||
|
VIRTUAL_HOST: "2.web.nginx-proxy.tld"
|
||||||
|
|
||||||
|
web3_nohttps:
|
||||||
|
image: web
|
||||||
|
expose:
|
||||||
|
- "83"
|
||||||
|
environment:
|
||||||
|
WEB_PORTS: "83"
|
||||||
|
VIRTUAL_HOST: "3.web.nginx-proxy.tld"
|
||||||
|
HTTPS_METHOD: nohttps
|
@ -0,0 +1,31 @@
|
|||||||
|
import pytest
|
||||||
|
from backports.ssl_match_hostname import CertificateError
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("subdomain,should_redirect_to_https", [
|
||||||
|
(1, True),
|
||||||
|
(2, True),
|
||||||
|
(3, False),
|
||||||
|
])
|
||||||
|
def test_http_redirects_to_https(docker_compose, nginxproxy, subdomain, should_redirect_to_https):
|
||||||
|
r = nginxproxy.get("http://%s.web.nginx-proxy.tld/port" % subdomain)
|
||||||
|
if should_redirect_to_https:
|
||||||
|
assert r.history[0].is_redirect
|
||||||
|
assert r.history[0].headers.get("Location") == "https://%s.web.nginx-proxy.tld/port" % subdomain
|
||||||
|
assert "answer from port 8%s\n" % subdomain == r.text
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize("subdomain", [1, 2])
|
||||||
|
def test_https_get_served(docker_compose, nginxproxy, subdomain):
|
||||||
|
r = nginxproxy.get("https://%s.web.nginx-proxy.tld/port" % subdomain, allow_redirects=False)
|
||||||
|
assert r.status_code == 200
|
||||||
|
assert "answer from port 8%s\n" % subdomain == r.text
|
||||||
|
|
||||||
|
|
||||||
|
def test_web3_https_is_500_and_SSL_validation_fails(docker_compose, nginxproxy):
|
||||||
|
with pytest.raises(CertificateError) as excinfo:
|
||||||
|
nginxproxy.get("https://3.web.nginx-proxy.tld/port")
|
||||||
|
assert """hostname '3.web.nginx-proxy.tld' doesn't match 'nginx-proxy.tld'""" in str(excinfo.value)
|
||||||
|
|
||||||
|
r = nginxproxy.get("https://3.web.nginx-proxy.tld/port", verify=False)
|
||||||
|
assert r.status_code == 500
|
Loading…
Reference in New Issue
Block a user