1
0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-07-01 14:25:46 +00:00
Commit Graph

23 Commits

Author SHA1 Message Date
fd35a09240 tests: Revise dhparams tests
- `dhparam_generation` tests are no longer necessary, dropped.

Modified the remaining `dhparam` test to use multiple `nginx-proxy` images to verify correct behavior for different configs.

Tests now cover:

- Default (ffdhe4096) is used.
- Alternative via ENV (ffdhe2048) works correctly.
- Invalid group via ENV (1024-bit) fails.
- Custom DH params provided via file mount works with warning emitted.

---

- `assert_log_contains`: added a `container_name` arg with `nginxproxy` as the default value. This allows multiple nginx-proxy containers to utilize this method instead.

- Extracted out the `openssl` test (_to `negotiate_cipher()`_) and modified it to be a bit more flexible. It now takes a container with optional extra args to pass to `openssl` command called, as well as the `grep` string to match. This made the original test redundant, so I've dropped it.

- Added two methods to use `negotiate_cipher()`, one verifies a DHE cipher suite was negotiated and checks that a DH emphermal key was also mentioned in the output. The other method verifies the expectation of failing to negotiate a valid cipher if DH params have not been set, while verifying that non-DHE cipher suites can be successfully negotiated.

- Added a `get_env()` method for extracting attached environments on a container. This is useful for verifying invalid `DHPARAM_BITS` values (eg `1024`-bit).

- The original `Server Temp Key` assertion was incorrect, it was expecting a value that is unrelated to DHE cipher suite support (_`X25519` is related to ECDHE_). This is due to TLS 1.3 being negotiated where you cannot use custom DH params, nor influence the negotiated cipher due to this mechanism changing from TLS 1.3. TLS 1.3 does support DH params, but it internally negotiates RFC 7919 group between server and client instead. Thus to verify expectations, the connection via `openssl` is made explicitly with TLS 1.2 instead.
2021-09-28 21:59:53 +13:00
9299a2801e tests: Remove dhparam volume
No longer necessary for the majority of tests.
2021-09-28 21:50:11 +13:00
795e0acda7 ci: remove InsecureRequestWarning from urllib3 2021-08-02 18:09:34 +02:00
790785f1ab test: custom HTTPS port and redirection 2021-06-15 00:38:32 +02:00
0c60d57031 fix(ci): fix test_dhparam_is_generated_if_missing 2021-04-27 00:35:20 +02:00
37e85e6e8d chore(ci): ♻️ convert Python old % string to f-strings 2021-04-27 00:35:20 +02:00
950a28f5ea chore(ci): ⬆️ porting python 2.7 code to python 3.9 2021-04-27 00:35:19 +02:00
ad7c02570b chore: use nginxproxy's DockerHub registry
Transitioning away from jwilder/nginx-proxy
Please see #1304 for more details
2021-04-01 16:06:09 +02:00
23823c4b21 Fix the test 2019-08-07 17:33:02 +01:00
ad41178036 Fixed tests that are now failing due to the dhparam clearing command beating the nginx startup. This is fixed permanently in #1213, but this PR fixes the test so as not to rely on the dhparam autogen, which is tested elsewhere. 2019-02-04 15:15:04 -05:00
936e57a6de Fixed #1080, can't disable HSTS with noredirect 2018-08-01 11:30:06 -04:00
3590c1bae0 Added regression test to ensure HSTS works for errors 2018-03-26 14:58:06 -04:00
a6e8fae7f5 Merge pull request #970 from kamermans/bugfix/failing_ssl_tests
Fixed failing SSL tests
2017-11-09 10:04:20 -07:00
612bf72ceb Support old and new versions of requests 2017-11-08 23:19:13 -05:00
ebd1485b09 Catch SSLError instead of CertificateError 2017-11-08 22:53:44 -05:00
58a02f107e Removed '-verify 0' - to disable verification, exclude -verify entirely 2017-11-08 22:42:52 -05:00
a312472fb5 Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
8414a94d59 TESTS: add test for the case in which a wildcard cert matches a container having nohttps set 2017-03-15 02:12:07 +01:00
abdd5883a1 TESTS: refactor dhparam tests 2017-03-08 02:37:12 +01:00
98b5828f83 Modified tests to include dhparams 2017-03-07 14:04:44 -05:00
0244b4e71e Added dhparams test in new format 2017-03-07 14:04:37 -05:00
6069bc53cd TESTS: replace old test suite with the new one
get rid of Bats definitively
2017-02-17 00:29:30 +01:00