mirror of
https://github.com/thib8956/nginx-proxy
synced 2025-02-24 09:48:14 +00:00
9297e94389
Before, if neither the vhost-specific cert nor `default.crt` existed, nginx-proxy would not create the https vhost. This resulted in nginx either refusing the connection or serving the wrong vhost depending on whether there was another https vhost with a certificate. Now nginx-proxy always creates an https server for a vhost, even if the vhost-specific certificate and the default certificate are both missing. When both certs are missing, nginx is given empty certificate data to make it possible for it to start up without an error. The empty certificate data causes the user to see a TLS error, which is much easier to troubleshoot than a connection refused error or serving the wrong vhost.
69 lines
2.6 KiB
Python
69 lines
2.6 KiB
Python
import os.path
|
|
import re
|
|
|
|
import backoff
|
|
import pytest
|
|
import requests
|
|
|
|
|
|
@pytest.fixture
|
|
def data_dir():
|
|
return f"{os.path.splitext(__file__)[0]}.data"
|
|
|
|
|
|
@pytest.fixture
|
|
def docker_compose_file(data_dir, compose_file):
|
|
return os.path.join(data_dir, compose_file)
|
|
|
|
|
|
@pytest.fixture
|
|
def get(docker_compose, nginxproxy, want_err_re):
|
|
|
|
@backoff.on_exception(
|
|
backoff.constant,
|
|
requests.exceptions.RequestException,
|
|
giveup=lambda e: want_err_re and want_err_re.search(str(e)),
|
|
interval=.3,
|
|
max_tries=30,
|
|
jitter=None)
|
|
def _get(url):
|
|
return nginxproxy.get(url, allow_redirects=False)
|
|
|
|
return _get
|
|
|
|
|
|
INTERNAL_ERR_RE = re.compile("TLSV1_ALERT_INTERNAL_ERROR")
|
|
|
|
|
|
@pytest.mark.parametrize("compose_file,url,want_code,want_err_re", [
|
|
# Has default.crt.
|
|
("withdefault.yml", "http://https-and-http.nginx-proxy.test/", 301, None),
|
|
("withdefault.yml", "https://https-and-http.nginx-proxy.test/", 200, None),
|
|
("withdefault.yml", "http://https-only.nginx-proxy.test/", 503, None),
|
|
("withdefault.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
|
("withdefault.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
|
("withdefault.yml", "https://http-only.nginx-proxy.test/", 503, None),
|
|
("withdefault.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
|
|
("withdefault.yml", "https://missing-cert.nginx-proxy.test/", 500, None),
|
|
("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
|
("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None),
|
|
# Same as withdefault.yml, except there is no default.crt.
|
|
("nodefault.yml", "http://https-and-http.nginx-proxy.test/", 301, None),
|
|
("nodefault.yml", "https://https-and-http.nginx-proxy.test/", 200, None),
|
|
("nodefault.yml", "http://https-only.nginx-proxy.test/", 503, None),
|
|
("nodefault.yml", "https://https-only.nginx-proxy.test/", 200, None),
|
|
("nodefault.yml", "http://http-only.nginx-proxy.test/", 200, None),
|
|
("nodefault.yml", "https://http-only.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
|
("nodefault.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
|
|
("nodefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
|
("nodefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
|
|
("nodefault.yml", "https://unknown.nginx-proxy.test/", None, INTERNAL_ERR_RE),
|
|
])
|
|
def test_fallback(get, url, want_code, want_err_re):
|
|
if want_err_re is None:
|
|
r = get(url)
|
|
assert r.status_code == want_code
|
|
else:
|
|
with pytest.raises(requests.exceptions.RequestException, match=want_err_re):
|
|
get(url)
|