Loading nixos/tests/web-servers/h2o/basic.nix +12 −15 Original line number Diff line number Diff line Loading @@ -8,11 +8,6 @@ let TLS = "acme.test"; }; port = { HTTP = 8080; TLS = 8443; }; sawatdi_chao_lok = "สวัสดีชาวโลก"; hello_world_txt = hostPkgs.writeTextFile { Loading Loading @@ -41,7 +36,7 @@ in nodes = { server = { pkgs, ... }: { pkgs, config, ... }: { environment.systemPackages = [ pkgs.curl Loading @@ -49,8 +44,8 @@ in services.h2o = { enable = true; defaultHTTPListenPort = port.HTTP; defaultTLSListenPort = port.TLS; defaultHTTPListenPort = 8080; defaultTLSListenPort = 8443; hosts = { "${domain.HTTP}" = { settings = { Loading Loading @@ -107,12 +102,12 @@ in networking = { firewall = { allowedTCPPorts = with port; [ HTTP TLS allowedTCPPorts = with config.services.h2o; [ defaultHTTPListenPort defaultTLSListenPort ]; allowedUDPPorts = with port; [ TLS allowedUDPPorts = with config.services.h2o; [ defaultTLSListenPort ]; }; extraHosts = '' Loading @@ -123,9 +118,11 @@ in }; }; testScript = { nodes, ... }: let portStrHTTP = builtins.toString port.HTTP; portStrTLS = builtins.toString port.TLS; inherit (nodes) server; portStrHTTP = builtins.toString server.services.h2o.defaultHTTPListenPort; portStrTLS = builtins.toString server.services.h2o.defaultTLSListenPort; in # python '' Loading nixos/tests/web-servers/h2o/mruby.nix +4 −4 Original line number Diff line number Diff line Loading @@ -3,8 +3,6 @@ let domain = "h2o.local"; port = 8080; sawatdi_chao_lok = "สวัสดีชาวโลก"; in { Loading @@ -22,7 +20,7 @@ in enable = true; package = pkgs.h2o.override { withMruby = true; }; settings = { listen = port; listen = 8080; hosts = { "${domain}" = { paths = { Loading Loading @@ -50,8 +48,10 @@ in }; testScript = { nodes, ... }: let portStr = builtins.toString port; inherit (nodes) server; portStr = builtins.toString server.services.h2o.settings.listen; in # python '' Loading nixos/tests/web-servers/h2o/tls-recommendations.nix +37 −26 Original line number Diff line number Diff line Loading @@ -2,7 +2,6 @@ let domain = "acme.test"; port = 8443; hello_txt = name: Loading @@ -13,7 +12,12 @@ let mkH2OServer = recommendations: { pkgs, lib, ... }: { pkgs, lib, config, ... }: { services.h2o = { enable = true; Loading @@ -31,7 +35,8 @@ let hosts = { "${domain}" = { tls = { inherit port recommendations; inherit recommendations; port = 8443; policy = "force"; identity = [ { Loading Loading @@ -59,7 +64,9 @@ let ]; networking = { firewall.allowedTCPPorts = [ port ]; firewall.allowedTCPPorts = [ config.services.h2o.hosts.${domain}.tls.port ]; extraHosts = "127.0.0.1 ${domain}"; }; }; Loading @@ -78,43 +85,47 @@ in }; testScript = { nodes, ... }: let portStr = builtins.toString port; inherit (nodes) server_modern server_intermediate server_old; modernPortStr = builtins.toString server_modern.services.h2o.hosts.${domain}.tls.port; intermediatePortStr = builtins.toString server_intermediate.services.h2o.hosts.${domain}.tls.port; oldPortStr = builtins.toString server_old.services.h2o.hosts.${domain}.tls.port; in # python '' curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:${portStr}/'" curl_head = "curl -v --head 'https://${domain}:${portStr}/'" curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:${portStr}/'" curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:${portStr}/'" curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:${portStr}/'" curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:{port}/'" curl_head = "curl -v --head 'https://${domain}:{port}/'" curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:{port}/'" curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'" curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'" server_modern.wait_for_unit("h2o.service") server_modern.wait_for_open_port(${portStr}) modern_response = server_modern.succeed(curl_basic) server_modern.wait_for_open_port(${modernPortStr}) modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}")) assert "Hello, modern!" in modern_response modern_head = server_modern.succeed(curl_head) modern_head = server_modern.succeed(curl_head.format(port="${modernPortStr}")) assert "strict-transport-security" in modern_head server_modern.fail(curl_max_tls1_2) server_modern.fail(curl_max_tls1_2.format(port="${modernPortStr}")) server_intermediate.wait_for_unit("h2o.service") server_intermediate.wait_for_open_port(${portStr}) intermediate_response = server_intermediate.succeed(curl_basic) server_intermediate.wait_for_open_port(${intermediatePortStr}) intermediate_response = server_intermediate.succeed(curl_basic.format(port="${intermediatePortStr}")) assert "Hello, intermediate!" in intermediate_response intermediate_head = server_modern.succeed(curl_head) intermediate_head = server_modern.succeed(curl_head.format(port="${intermediatePortStr}")) assert "strict-transport-security" in intermediate_head server_intermediate.succeed(curl_max_tls1_2) server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher) server_intermediate.fail(curl_max_tls1_2_old_cipher) server_intermediate.succeed(curl_max_tls1_2.format(port="${intermediatePortStr}")) server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${intermediatePortStr}")) server_intermediate.fail(curl_max_tls1_2_old_cipher.format(port="${intermediatePortStr}")) server_old.wait_for_unit("h2o.service") server_old.wait_for_open_port(${portStr}) old_response = server_old.succeed(curl_basic) server_old.wait_for_open_port(${oldPortStr}) old_response = server_old.succeed(curl_basic.format(port="${oldPortStr}")) assert "Hello, old!" in old_response old_head = server_modern.succeed(curl_head) old_head = server_modern.succeed(curl_head.format(port="${oldPortStr}")) assert "strict-transport-security" in old_head server_old.succeed(curl_max_tls1_2) server_old.succeed(curl_max_tls1_2_intermediate_cipher) server_old.succeed(curl_max_tls1_2_old_cipher) server_old.succeed(curl_max_tls1_2.format(port="${oldPortStr}")) server_old.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${oldPortStr}")) server_old.succeed(curl_max_tls1_2_old_cipher.format(port="${oldPortStr}")) ''; } Loading
nixos/tests/web-servers/h2o/basic.nix +12 −15 Original line number Diff line number Diff line Loading @@ -8,11 +8,6 @@ let TLS = "acme.test"; }; port = { HTTP = 8080; TLS = 8443; }; sawatdi_chao_lok = "สวัสดีชาวโลก"; hello_world_txt = hostPkgs.writeTextFile { Loading Loading @@ -41,7 +36,7 @@ in nodes = { server = { pkgs, ... }: { pkgs, config, ... }: { environment.systemPackages = [ pkgs.curl Loading @@ -49,8 +44,8 @@ in services.h2o = { enable = true; defaultHTTPListenPort = port.HTTP; defaultTLSListenPort = port.TLS; defaultHTTPListenPort = 8080; defaultTLSListenPort = 8443; hosts = { "${domain.HTTP}" = { settings = { Loading Loading @@ -107,12 +102,12 @@ in networking = { firewall = { allowedTCPPorts = with port; [ HTTP TLS allowedTCPPorts = with config.services.h2o; [ defaultHTTPListenPort defaultTLSListenPort ]; allowedUDPPorts = with port; [ TLS allowedUDPPorts = with config.services.h2o; [ defaultTLSListenPort ]; }; extraHosts = '' Loading @@ -123,9 +118,11 @@ in }; }; testScript = { nodes, ... }: let portStrHTTP = builtins.toString port.HTTP; portStrTLS = builtins.toString port.TLS; inherit (nodes) server; portStrHTTP = builtins.toString server.services.h2o.defaultHTTPListenPort; portStrTLS = builtins.toString server.services.h2o.defaultTLSListenPort; in # python '' Loading
nixos/tests/web-servers/h2o/mruby.nix +4 −4 Original line number Diff line number Diff line Loading @@ -3,8 +3,6 @@ let domain = "h2o.local"; port = 8080; sawatdi_chao_lok = "สวัสดีชาวโลก"; in { Loading @@ -22,7 +20,7 @@ in enable = true; package = pkgs.h2o.override { withMruby = true; }; settings = { listen = port; listen = 8080; hosts = { "${domain}" = { paths = { Loading Loading @@ -50,8 +48,10 @@ in }; testScript = { nodes, ... }: let portStr = builtins.toString port; inherit (nodes) server; portStr = builtins.toString server.services.h2o.settings.listen; in # python '' Loading
nixos/tests/web-servers/h2o/tls-recommendations.nix +37 −26 Original line number Diff line number Diff line Loading @@ -2,7 +2,6 @@ let domain = "acme.test"; port = 8443; hello_txt = name: Loading @@ -13,7 +12,12 @@ let mkH2OServer = recommendations: { pkgs, lib, ... }: { pkgs, lib, config, ... }: { services.h2o = { enable = true; Loading @@ -31,7 +35,8 @@ let hosts = { "${domain}" = { tls = { inherit port recommendations; inherit recommendations; port = 8443; policy = "force"; identity = [ { Loading Loading @@ -59,7 +64,9 @@ let ]; networking = { firewall.allowedTCPPorts = [ port ]; firewall.allowedTCPPorts = [ config.services.h2o.hosts.${domain}.tls.port ]; extraHosts = "127.0.0.1 ${domain}"; }; }; Loading @@ -78,43 +85,47 @@ in }; testScript = { nodes, ... }: let portStr = builtins.toString port; inherit (nodes) server_modern server_intermediate server_old; modernPortStr = builtins.toString server_modern.services.h2o.hosts.${domain}.tls.port; intermediatePortStr = builtins.toString server_intermediate.services.h2o.hosts.${domain}.tls.port; oldPortStr = builtins.toString server_old.services.h2o.hosts.${domain}.tls.port; in # python '' curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:${portStr}/'" curl_head = "curl -v --head 'https://${domain}:${portStr}/'" curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:${portStr}/'" curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:${portStr}/'" curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:${portStr}/'" curl_basic = "curl -v --tlsv1.3 --http2 'https://${domain}:{port}/'" curl_head = "curl -v --head 'https://${domain}:{port}/'" curl_max_tls1_2 ="curl -v --tlsv1.0 --tls-max 1.2 'https://${domain}:{port}/'" curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'" curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'" server_modern.wait_for_unit("h2o.service") server_modern.wait_for_open_port(${portStr}) modern_response = server_modern.succeed(curl_basic) server_modern.wait_for_open_port(${modernPortStr}) modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}")) assert "Hello, modern!" in modern_response modern_head = server_modern.succeed(curl_head) modern_head = server_modern.succeed(curl_head.format(port="${modernPortStr}")) assert "strict-transport-security" in modern_head server_modern.fail(curl_max_tls1_2) server_modern.fail(curl_max_tls1_2.format(port="${modernPortStr}")) server_intermediate.wait_for_unit("h2o.service") server_intermediate.wait_for_open_port(${portStr}) intermediate_response = server_intermediate.succeed(curl_basic) server_intermediate.wait_for_open_port(${intermediatePortStr}) intermediate_response = server_intermediate.succeed(curl_basic.format(port="${intermediatePortStr}")) assert "Hello, intermediate!" in intermediate_response intermediate_head = server_modern.succeed(curl_head) intermediate_head = server_modern.succeed(curl_head.format(port="${intermediatePortStr}")) assert "strict-transport-security" in intermediate_head server_intermediate.succeed(curl_max_tls1_2) server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher) server_intermediate.fail(curl_max_tls1_2_old_cipher) server_intermediate.succeed(curl_max_tls1_2.format(port="${intermediatePortStr}")) server_intermediate.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${intermediatePortStr}")) server_intermediate.fail(curl_max_tls1_2_old_cipher.format(port="${intermediatePortStr}")) server_old.wait_for_unit("h2o.service") server_old.wait_for_open_port(${portStr}) old_response = server_old.succeed(curl_basic) server_old.wait_for_open_port(${oldPortStr}) old_response = server_old.succeed(curl_basic.format(port="${oldPortStr}")) assert "Hello, old!" in old_response old_head = server_modern.succeed(curl_head) old_head = server_modern.succeed(curl_head.format(port="${oldPortStr}")) assert "strict-transport-security" in old_head server_old.succeed(curl_max_tls1_2) server_old.succeed(curl_max_tls1_2_intermediate_cipher) server_old.succeed(curl_max_tls1_2_old_cipher) server_old.succeed(curl_max_tls1_2.format(port="${oldPortStr}")) server_old.succeed(curl_max_tls1_2_intermediate_cipher.format(port="${oldPortStr}")) server_old.succeed(curl_max_tls1_2_old_cipher.format(port="${oldPortStr}")) ''; }
