nixos/tests/h2o: use client to check + start_all() machines (cb891891) · Commits · nix / nixpkgs

nixos/tests/web-servers/h2o/basic.nix

+31 −15

Original line number	Diff line number	Diff line
		@@ -36,12 +36,8 @@ in

		nodes = {
		server =
		{ pkgs, config, ... }:
		{ config, ... }:
		{
		environment.systemPackages = [
		pkgs.curl
		];

		services.h2o = {
		enable = true;
		defaultHTTPListenPort = 8080;
		@@ -111,12 +107,30 @@ in
		];
		};
		extraHosts = ''
		127.0.0.1 ${domain.HTTP}
		127.0.0.1 ${domain.TLS}
		${config.networking.primaryIPAddress} ${domain.HTTP}
		${config.networking.primaryIPAddress} ${domain.TLS}
		'';
		};
		};

		client =
		{ nodes, pkgs, ... }:
		{
		environment.systemPackages = [
		pkgs.curl
		];

		security.pki.certificates = [
		(builtins.readFile ../../common/acme/server/ca.cert.pem)
		];

		networking.extraHosts = ''
		${nodes.server.networking.primaryIPAddress} ${domain.HTTP}
		${nodes.server.networking.primaryIPAddress} ${domain.TLS}
		'';
		};
		};

		testScript =
		{ nodes, ... }:
		let
		@@ -126,30 +140,32 @@ in
		in
		# python
		''
		start_all()

		server.wait_for_unit("h2o.service")
		server.wait_for_open_port(${portStrHTTP})
		server.wait_for_open_port(${portStrTLS})

		assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'")
		assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'")

		tls_hello_world_head = server.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
		tls_hello_world_head = client.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
		assert "http/2 200" in tls_hello_world_head
		assert "server: h2o" in tls_hello_world_head
		assert "content-type: text/x-rst" in tls_hello_world_head

		assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
		assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")

		quic_hello_world_head = server.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
		quic_hello_world_head = client.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
		assert "http/3 200" in quic_hello_world_head
		assert "server: h2o" in quic_hello_world_head
		assert "content-type: text/x-rst" in quic_hello_world_head

		assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
		assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")

		assert "redirected" in server.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower()
		assert "redirected" in client.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower()

		server.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
		client.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")

		assert "${sawatdi_chao_lok}" in server.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
		assert "${sawatdi_chao_lok}" in client.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
		'';
		}

nixos/tests/web-servers/h2o/mruby.nix

+17 −6

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@ in

		nodes = {
		server =
		{ pkgs, ... }:
		{ pkgs, config, ... }:
		{
		services.h2o = {
		enable = true;
		@@ -41,9 +41,17 @@ in
		};
		};

		networking.extraHosts = ''
		127.0.0.1 ${domain}
		'';
		networking.firewall.allowedTCPPorts = [
		config.services.h2o.settings.listen
		];
		};

		client =
		{ pkgs, ... }:
		{
		environment.systemPackages = [
		pkgs.curl
		];
		};
		};

		@@ -52,14 +60,17 @@ in
		let
		inherit (nodes) server;
		portStr = builtins.toString server.services.h2o.settings.listen;
		origin = "http://server:${portStr}";
		in
		# python
		''
		start_all()

		server.wait_for_unit("h2o.service")
		server.wait_for_open_port(${portStr})

		assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/hello_world")
		assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body ${origin}/hello_world")

		assert "FILE_HANDLER" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/file_handler")
		assert "FILE_HANDLER" in client.succeed("curl --fail-with-body ${origin}/file_handler")
		'';
		}

nixos/tests/web-servers/h2o/tls-recommendations.nix

+4 −0

Original line number	Diff line number	Diff line
		@@ -78,6 +78,8 @@ in
		maintainers = with lib.maintainers; [ toastal ];
		};

		# not using a `client` since it’s easiest to test with acme.test pointing at
		# localhost for these machines
		nodes = {
		server_modern = mkH2OServer "modern";
		server_intermediate = mkH2OServer "intermediate";
		@@ -100,6 +102,8 @@ in
		curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'"
		curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'"

		start_all()

		server_modern.wait_for_unit("h2o.service")
		server_modern.wait_for_open_port(${modernPortStr})
		modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}"))