diff --git a/test/test_http2/test_http2_global_disabled.py b/test/test_http2/test_http2_global_disabled.py new file mode 100644 index 0000000..42e102d --- /dev/null +++ b/test/test_http2/test_http2_global_disabled.py @@ -0,0 +1,8 @@ +import pytest +import re + +def test_http2_global_disabled_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http2-global-disabled.nginx-proxy.tld") + assert r.status_code == 200 + assert not re.search(r"(?s)http2-global-disabled\.nginx-proxy\.tld.*http2 on", conf) diff --git a/test/test_http2/test_http2_global_disabled.yml b/test/test_http2/test_http2_global_disabled.yml new file mode 100644 index 0000000..5dffa19 --- /dev/null +++ b/test/test_http2/test_http2_global_disabled.yml @@ -0,0 +1,15 @@ +services: + http2-global-disabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http2-global-disabled.nginx-proxy.tld + + sut: + image: nginxproxy/nginx-proxy:test + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + ENABLE_HTTP2: "false" diff --git a/test/test_http3/test_http3_global_disabled.py b/test/test_http3/test_http3_global_disabled.py new file mode 100644 index 0000000..508823e --- /dev/null +++ b/test/test_http3/test_http3_global_disabled.py @@ -0,0 +1,19 @@ +import pytest +import re + + #Python Requests is not able to do native http3 requests. + #We only check for directives which should enable http3. + +def test_http3_global_disabled_ALTSVC_header(docker_compose, nginxproxy): + r = nginxproxy.get("http://http3-global-disabled.nginx-proxy.tld/headers") + assert r.status_code == 200 + assert "Host: http3-global-disabled.nginx-proxy.tld" in r.text + assert not "alt-svc" in r.headers + +def test_http3_global_disabled_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http3-global-disabled.nginx-proxy.tld") + assert r.status_code == 200 + assert not re.search(r"(?s)listen 443 quic", conf) + assert not re.search(r"(?s)http3 on", conf) + assert not re.search(r"(?s)add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf) diff --git a/test/test_http3/test_http3_global_disabled.yml b/test/test_http3/test_http3_global_disabled.yml new file mode 100644 index 0000000..66530a4 --- /dev/null +++ b/test/test_http3/test_http3_global_disabled.yml @@ -0,0 +1,15 @@ +services: + http3-global-disabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http3-global-disabled.nginx-proxy.tld + + sut: + image: nginxproxy/nginx-proxy:test + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + #environment: + #ENABLE_HTTP3: "false" #Disabled by default diff --git a/test/test_http3/test_http3_global_enabled.py b/test/test_http3/test_http3_global_enabled.py new file mode 100644 index 0000000..c678ab6 --- /dev/null +++ b/test/test_http3/test_http3_global_enabled.py @@ -0,0 +1,21 @@ +import pytest +import re + + #Python Requests is not able to do native http3 requests. + #We only check for directives which should enable http3. + +def test_http3_global_enabled_ALTSVC_header(docker_compose, nginxproxy): + r = nginxproxy.get("http://http3-global-enabled.nginx-proxy.tld/headers") + assert r.status_code == 200 + assert "Host: http3-global-enabled.nginx-proxy.tld" in r.text + assert "alt-svc" in r.headers + assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;' + +def test_http3_global_enabled_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http3-global-enabled.nginx-proxy.tld") + assert r.status_code == 200 + assert re.search(r"listen 443 quic reuseport\;", conf) + assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*listen 443 quic", conf) + assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*http3 on\;", conf) + assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf) diff --git a/test/test_http3/test_http3_global_enabled.yml b/test/test_http3/test_http3_global_enabled.yml new file mode 100644 index 0000000..0825469 --- /dev/null +++ b/test/test_http3/test_http3_global_enabled.yml @@ -0,0 +1,15 @@ +services: + http3-global-enabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http3-global-enabled.nginx-proxy.tld + + sut: + image: nginxproxy/nginx-proxy:test + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro + environment: + ENABLE_HTTP3: "true" diff --git a/test/test_http3/test_http3_vhost.py b/test/test_http3/test_http3_vhost.py new file mode 100644 index 0000000..93a217c --- /dev/null +++ b/test/test_http3/test_http3_vhost.py @@ -0,0 +1,49 @@ +import pytest +import re + + #Python Requests is not able to do native http3 requests. + #We only check for directives which should enable http3. + +def test_http3_vhost_enabled_ALTSVC_header(docker_compose, nginxproxy): + r = nginxproxy.get("http://http3-vhost-enabled.nginx-proxy.tld/headers") + assert r.status_code == 200 + assert "Host: http3-vhost-enabled.nginx-proxy.tld" in r.text + assert "alt-svc" in r.headers + assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;' + +def test_http3_vhost_enabled_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http3-vhost-enabled.nginx-proxy.tld") + assert r.status_code == 200 + assert re.search(r"listen 443 quic reuseport\;", conf) + assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*listen 443 quic", conf) + assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*http3 on\;", conf) + assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf) + +def test_http3_vhost_disabled_ALTSVC_header(docker_compose, nginxproxy): + r = nginxproxy.get("http://http3-vhost-disabled.nginx-proxy.tld/headers") + assert r.status_code == 200 + assert "Host: http3-vhost-disabled.nginx-proxy.tld" in r.text + assert not "alt-svc" in r.headers + +def test_http3_vhost_disabled_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http3-vhost-disabled.nginx-proxy.tld") + assert r.status_code == 200 + assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld.*listen 443 quic.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf) + assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld.*http3 on.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf) + assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf) + +def test_http3_vhost_disabledbydefault_ALTSVC_header(docker_compose, nginxproxy): + r = nginxproxy.get("http://http3-vhost-default-disabled.nginx-proxy.tld/headers") + assert r.status_code == 200 + assert "Host: http3-vhost-default-disabled.nginx-proxy.tld" in r.text + assert not "alt-svc" in r.headers + +def test_http3_vhost_disabledbydefault_config(docker_compose, nginxproxy): + conf = nginxproxy.get_conf().decode('ASCII') + r = nginxproxy.get("http://http3-vhost-default-disabled.nginx-proxy.tld") + assert r.status_code == 200 + assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld.*listen 443 quic.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf) + assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld.*http3 on.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf) + assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf) diff --git a/test/test_http3/test_http3_vhost.yml b/test/test_http3/test_http3_vhost.yml new file mode 100644 index 0000000..1d5cdf2 --- /dev/null +++ b/test/test_http3/test_http3_vhost.yml @@ -0,0 +1,33 @@ +services: + http3-vhost-enabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http3-vhost-enabled.nginx-proxy.tld + labels: + com.github.nginx-proxy.nginx-proxy.http3.enable: "true" + + http3-vhost-disabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http3-vhost-disabled.nginx-proxy.tld + labels: + com.github.nginx-proxy.nginx-proxy.http3.enable: "false" + + http3-vhost-default-disabled: + image: web + expose: + - "80" + environment: + WEB_PORTS: 80 + VIRTUAL_HOST: http3-vhost-default-disabled.nginx-proxy.tld + + sut: + image: nginxproxy/nginx-proxy:test + volumes: + - /var/run/docker.sock:/tmp/docker.sock:ro diff --git a/test/test_ssl/test_hsts.py b/test/test_ssl/test_hsts.py index 16dffd2..890c4ad 100644 --- a/test/test_ssl/test_hsts.py +++ b/test/test_ssl/test_hsts.py @@ -31,3 +31,11 @@ def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy): r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False) assert "answer from port 81\n" in r.text assert "Strict-Transport-Security" not in r.headers + +def test_http3_vhost_enabled_HSTS_default(docker_compose, nginxproxy): + r = nginxproxy.get("https://http3-vhost-enabled.nginx-proxy.tld/port", allow_redirects=False) + assert "answer from port 81\n" in r.text + assert "Strict-Transport-Security" in r.headers + assert "max-age=31536000" == r.headers["Strict-Transport-Security"] + assert "alt-svc" in r.headers + assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;' diff --git a/test/test_ssl/test_hsts.yml b/test/test_ssl/test_hsts.yml index b4af3b6..da3b629 100644 --- a/test/test_ssl/test_hsts.yml +++ b/test/test_ssl/test_hsts.yml @@ -34,6 +34,16 @@ web4: HSTS: "off" HTTPS_METHOD: "noredirect" +web5: + image: web + expose: + - "81" + environment: + WEB_PORTS: "81" + VIRTUAL_HOST: http3-vhost-enabled.nginx-proxy.tld + labels: + com.github.nginx-proxy.nginx-proxy.http3.enable: "true" + sut: image: nginxproxy/nginx-proxy:test volumes: