ssl.bats 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. #!/usr/bin/env bats
  2. load test_helpers
  3. SUT_CONTAINER=bats-nginx-proxy-${TEST_FILE}
  4. function setup {
  5. # make sure to stop any web container before each test so we don't
  6. # have any unexpected contaiener running with VIRTUAL_HOST or VIRUTAL_PORT set
  7. stop_bats_containers web
  8. }
  9. @test "[$TEST_FILE] start a nginx-proxy container" {
  10. run nginxproxy $SUT_CONTAINER -v /var/run/docker.sock:/tmp/docker.sock:ro -v ${DIR}/lib/ssl:/etc/nginx/certs:ro
  11. assert_success
  12. docker_wait_for_log $SUT_CONTAINER 9 "Watching docker events"
  13. }
  14. @test "[$TEST_FILE] test SSL for VIRTUAL_HOST=*.nginx-proxy.bats" {
  15. # WHEN
  16. prepare_web_container bats-ssl-hosts-1 "80 443" \
  17. -e VIRTUAL_HOST=*.nginx-proxy.bats \
  18. -e CERT_NAME=nginx-proxy.bats
  19. dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
  20. sleep 1
  21. # THEN
  22. assert_301 test.nginx-proxy.bats
  23. assert_200_https test.nginx-proxy.bats
  24. }
  25. @test "[$TEST_FILE] test HTTPS_METHOD=nohttp" {
  26. # WHEN
  27. prepare_web_container bats-ssl-hosts-2 "80 443" \
  28. -e VIRTUAL_HOST=*.nginx-proxy.bats \
  29. -e CERT_NAME=nginx-proxy.bats \
  30. -e HTTPS_METHOD=nohttp
  31. dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-2
  32. sleep 1
  33. # THEN
  34. assert_503 test.nginx-proxy.bats
  35. assert_200_https test.nginx-proxy.bats
  36. }
  37. @test "[$TEST_FILE] test HTTPS_METHOD=noredirect" {
  38. # WHEN
  39. prepare_web_container bats-ssl-hosts-3 "80 443" \
  40. -e VIRTUAL_HOST=*.nginx-proxy.bats \
  41. -e CERT_NAME=nginx-proxy.bats \
  42. -e HTTPS_METHOD=noredirect
  43. dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-3
  44. sleep 1
  45. # THEN
  46. assert_200 test.nginx-proxy.bats
  47. assert_200_https test.nginx-proxy.bats
  48. }
  49. @test "[$TEST_FILE] test SSL Strict-Transport-Security" {
  50. # WHEN
  51. prepare_web_container bats-ssl-hosts-4 "80 443" \
  52. -e VIRTUAL_HOST=*.nginx-proxy.bats \
  53. -e CERT_NAME=nginx-proxy.bats
  54. dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-1
  55. sleep 1
  56. # THEN
  57. assert_301 test.nginx-proxy.bats
  58. assert_200_https test.nginx-proxy.bats
  59. assert_output -p "Strict-Transport-Security: max-age=31536000"
  60. }
  61. @test "[$TEST_FILE] test HTTPS_METHOD=noredirect disables Strict-Transport-Security" {
  62. # WHEN
  63. prepare_web_container bats-ssl-hosts-5 "80 443" \
  64. -e VIRTUAL_HOST=*.nginx-proxy.bats \
  65. -e CERT_NAME=nginx-proxy.bats \
  66. -e HTTPS_METHOD=noredirect
  67. dockergen_wait_for_event $SUT_CONTAINER start bats-ssl-hosts-3
  68. sleep 1
  69. # THEN
  70. assert_200 test.nginx-proxy.bats
  71. assert_200_https test.nginx-proxy.bats
  72. refute_output -p "Strict-Transport-Security: max-age=31536000"
  73. }
  74. @test "[$TEST_FILE] stop all bats containers" {
  75. stop_bats_containers
  76. }
  77. # assert that querying nginx-proxy with the given Host header produces a `HTTP 200` response
  78. # $1 Host HTTP header to use when querying nginx-proxy
  79. function assert_200 {
  80. local -r host=$1
  81. run curl_container $SUT_CONTAINER / --head --header "Host: $host"
  82. assert_output -l 0 $'HTTP/1.1 200 OK\r'
  83. }
  84. # assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
  85. # $1 Host HTTP header to use when querying nginx-proxy
  86. function assert_503 {
  87. local -r host=$1
  88. run curl_container $SUT_CONTAINER / --head --header "Host: $host"
  89. assert_output -l 0 $'HTTP/1.1 503 Service Temporarily Unavailable\r'
  90. }
  91. # assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
  92. # $1 Host HTTP header to use when querying nginx-proxy
  93. function assert_301 {
  94. local -r host=$1
  95. run curl_container $SUT_CONTAINER / --head --header "Host: $host"
  96. assert_output -l 0 $'HTTP/1.1 301 Moved Permanently\r'
  97. }
  98. # assert that querying nginx-proxy with the given Host header produces a `HTTP 200` response
  99. # $1 Host HTTP header to use when querying nginx-proxy
  100. function assert_200_https {
  101. local -r host=$1
  102. run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
  103. assert_output -l 0 $'HTTP/1.1 200 OK\r'
  104. }
  105. # assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
  106. # $1 Host HTTP header to use when querying nginx-proxy
  107. function assert_503_https {
  108. local -r host=$1
  109. run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
  110. assert_output -l 0 $'HTTP/1.1 503 Service Temporarily Unavailable\r'
  111. }
  112. # assert that querying nginx-proxy with the given Host header produces a `HTTP 503` response
  113. # $1 Host HTTP header to use when querying nginx-proxy
  114. function assert_301_https {
  115. local -r host=$1
  116. run curl_container_https $SUT_CONTAINER / --head --header "Host: $host"
  117. assert_output -l 0 $'HTTP/1.1 301 Moved Permanently\r'
  118. }