Procházet zdrojové kódy

test: globally untrusted default cert

Nicolas Duchon před 6 měsíci
rodič
revize
993bcc07c0

+ 44 - 0
test/test_fallback.data/untrusteddefault.yml

@@ -0,0 +1,44 @@
+version: "2"
+
+services:
+  sut:
+    image: nginxproxy/nginx-proxy:test
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./withdefault.certs:/etc/nginx/certs:ro
+    environment:
+      TRUST_DEFAULT_CERT: "false"
+
+  https-and-http:
+    image: web
+    expose:
+      - "81"
+    environment:
+      WEB_PORTS: "81"
+      VIRTUAL_HOST: https-and-http.nginx-proxy.test
+
+  https-only:
+    image: web
+    expose:
+      - "82"
+    environment:
+      WEB_PORTS: "82"
+      VIRTUAL_HOST: https-only.nginx-proxy.test
+      HTTPS_METHOD: nohttp
+
+  http-only:
+    image: web
+    expose:
+      - "83"
+    environment:
+      WEB_PORTS: "83"
+      VIRTUAL_HOST: http-only.nginx-proxy.test
+      HTTPS_METHOD: nohttps
+
+  missing-cert:
+    image: web
+    expose:
+      - "84"
+    environment:
+      WEB_PORTS: "84"
+      VIRTUAL_HOST: missing-cert.nginx-proxy.test

+ 11 - 0
test/test_fallback.py

@@ -49,6 +49,17 @@ INTERNAL_ERR_RE = re.compile("TLSV1_UNRECOGNIZED_NAME")
     ("withdefault.yml", "https://missing-cert.default-untrusted.nginx-proxy.test/", None, INTERNAL_ERR_RE),
     ("withdefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
     ("withdefault.yml", "https://unknown.nginx-proxy.test/", 503, None),
+    # Same as withdefault.yml, except default.crt is not trusted (TRUST_DEFAULT_CERT=false).
+    ("untrusteddefault.yml", "http://https-and-http.nginx-proxy.test/", 301, None),
+    ("untrusteddefault.yml", "https://https-and-http.nginx-proxy.test/", 200, None),
+    ("untrusteddefault.yml", "http://https-only.nginx-proxy.test/", 503, None),
+    ("untrusteddefault.yml", "https://https-only.nginx-proxy.test/", 200, None),
+    ("untrusteddefault.yml", "http://http-only.nginx-proxy.test/", 200, None),
+    ("untrusteddefault.yml", "https://http-only.nginx-proxy.test/", 503, None),
+    ("untrusteddefault.yml", "http://missing-cert.nginx-proxy.test/", 200, None),
+    ("untrusteddefault.yml", "https://missing-cert.nginx-proxy.test/", None, INTERNAL_ERR_RE),
+    ("untrusteddefault.yml", "http://unknown.nginx-proxy.test/", 503, None),
+    ("untrusteddefault.yml", "https://unknown.nginx-proxy.test/", 503, None),
     # Same as withdefault.yml, except there is no default.crt.
     ("nodefault.yml", "http://https-and-http.nginx-proxy.test/", 301, None),
     ("nodefault.yml", "https://https-and-http.nginx-proxy.test/", 200, None),