Google Git
Sign in
nginx / nginx-tests / 03840a380d80ba1aab14fd7b83fb90c2e1db2bd5 / . / stream_proxy_protocol_ssl.t
blob: 24ee5dd6a97834037667edda148677329812e2a1 [file] [log] [blame]
#!/usr/bin/perl
# (C) Sergey Kandaurov
# (C) Nginx, Inc.
# Tests for stream proxy module with haproxy protocol to ssl backend.
###############################################################################
use warnings;
use strict;
use Test::More;
use Socket qw/ CR LF CRLF /;
BEGIN { use FindBin; chdir($FindBin::Bin); }
use lib 'lib';
use Test::Nginx qw/ :DEFAULT http_end /;
###############################################################################
select STDERR; $| = 1;
select STDOUT; $| = 1;
eval { require IO::Socket::SSL; };
plan(skip_all => 'IO::Socket::SSL not installed') if $@;
my $t = Test::Nginx->new()->has(qw/stream stream_ssl/)->has_daemon('openssl')
->plan(2);
$t->write_file_expand('nginx.conf', <<'EOF');
%%TEST_GLOBALS%%
daemon off;
events {
}
stream {
%%TEST_GLOBALS_STREAM%%
proxy_ssl on;
proxy_protocol on;
server {
listen 127.0.0.1:8080;
proxy_pass 127.0.0.1:8081;
}
server {
listen 127.0.0.1:8082;
proxy_pass 127.0.0.1:8083;
proxy_protocol off;
}
}
EOF
$t->write_file('openssl.conf', <<EOF);
[ req ]
default_bits = 2048
encrypt_key = no
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
EOF
my $d = $t->testdir();
foreach my $name ('localhost') {
system('openssl req -x509 -new '
. "-config $d/openssl.conf -subj /CN=$name/ "
. "-out $d/$name.crt -keyout $d/$name.key "
. ">>$d/openssl.out 2>&1") == 0
or die "Can't create certificate for $name: $!\n";
}
$t->run_daemon(\&stream_daemon_ssl, port(8081), path => $d, pp => 1);
$t->run_daemon(\&stream_daemon_ssl, port(8083), path => $d, pp => 0);
$t->run();
$t->waitforsocket('127.0.0.1:' . port(8081));
$t->waitforsocket('127.0.0.1:' . port(8083));
###############################################################################
my $dp = port(8080);
my %r = pp_get('test', '127.0.0.1:' . $dp);
is($r{'data'}, "PROXY TCP4 127.0.0.1 127.0.0.1 $r{'sp'} $dp" . CRLF . 'test',
'protocol on');
%r = pp_get('test', '127.0.0.1:' . port(8082));
is($r{'data'}, 'test', 'protocol off');
###############################################################################
sub pp_get {
my ($data, $peer) = @_;
my $s = http($data, socket => getconn($peer), start => 1);
my $sockport = $s->sockport();
$data = http_end($s);
return ('data' => $data, 'sp' => $sockport);
}
sub getconn {
my $peer = shift;
my $s = IO::Socket::INET->new(
Proto => 'tcp',
PeerAddr => $peer
)
or die "Can't connect to nginx: $!\n";
return $s;
}
###############################################################################
sub stream_daemon_ssl {
my ($port, %extra) = @_;
my $d = $extra{path};
my $pp = $extra{pp};
my $server = IO::Socket::INET->new(
Proto => 'tcp',
LocalHost => "127.0.0.1:$port",
Listen => 5,
Reuse => 1
)
or die "Can't create listening socket: $!\n";
local $SIG{PIPE} = 'IGNORE';
while (my $client = $server->accept()) {
my ($buffer, $data) = ('', '');
$client->autoflush(1);
log2c("(new connection $client on $port)");
# read no more than haproxy header of variable length
while ($pp) {
my $prev = $buffer;
$client->sysread($buffer, 1) or last;
$data .= $buffer;
last if $prev eq CR && $buffer eq LF;
}
log2i("$client $data");
# would fail on waitforsocket
eval {
IO::Socket::SSL->start_SSL($client,
SSL_server => 1,
SSL_cert_file => "$d/localhost.crt",
SSL_key_file => "$d/localhost.key",
SSL_error_trap => sub { die $_[1] }
);
};
next if $@;
$client->sysread($buffer, 65536) or next;
log2i("$client $buffer");
$data .= $buffer;
log2o("$client $data");
$client->syswrite($data);
close $client;
}
}
sub log2i { Test::Nginx::log_core('|| <<', @_); }
sub log2o { Test::Nginx::log_core('|| >>', @_); }
sub log2c { Test::Nginx::log_core('||', @_); }
###############################################################################