Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
937 commits 10 branches 36 tags 13 MiB
Commit graph

181 commits

Author SHA1 Message Date
polarathene
0f15130476 tests: Verify correct DH group size when negotiating 
Additionally allows for adding extra openssl params when needed.
 2021-12-21 18:41:43 +13:00
polarathene
75528bdfcb chore: Refactor checksum comparisons 
- Use a DRY method instead.
- ENV test changed from 2048-bit to 3072-bit to avoid confusion in a future test that should not be mixed up accidentally with 2048-bit elsewhere.
- Custom DH file test comparison changed to match other comparisons for equality against the expected DH param content.
- Related comments revised, additional comment for context added by the test definition.
- Minor white-space adjustments.
 2021-12-21 18:41:43 +13:00
Nicolas Duchon
496e0f5f27
tests: mark test_deleted_cert as xfail 
test_delete_cert_and_restart_reverseproxy still fails intermitently
 2021-12-15 13:01:38 +01:00
Nicolas Duchon
83e3b25c46
Merge pull request #1797 from polarathene/feat/prefer-rfc-7919-dhparams 
feat: Use RFC 7919 DH groups + Remove DH generation
 2021-10-21 08:35:39 +02:00
Nicolas Duchon
36c4ed7632
test: replace test dhparam.pem with ffdhe3072.pem 2021-10-20 21:04:29 +02:00
Nicolas Duchon
ab7ac0aadb
fix: backward compatibility w/ DHPARAM_GENERATION 
Also use true rather than 1 to stay consistent
with other boolean environment variables
 2021-10-20 19:15:27 +02:00
dependabot[bot]
b1b1b700ea
chore(deps): bump docker from 5.0.2 to 5.0.3 in /test/requirements 
Bumps [docker](https://github.com/docker/docker-py) from 5.0.2 to 5.0.3.
- [Release notes](https://github.com/docker/docker-py/releases)
- [Commits](https://github.com/docker/docker-py/compare/5.0.2...5.0.3)

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-10-08 04:27:38 +00:00
polarathene
41bd4076c0 chore: DRY up test_dhparam.yml 
Use YAML anchors for repeated values providing a single source of truth.

I would use `x-*` convention to store anchors above service containers, but this seems to require a compose config that defines the services (and version?) keys, which this test setup was failing to be compatible with for some reason..
 2021-09-29 15:20:08 +13:00
polarathene
0cd573f043 tests(pytest.sh): Update Syntax 
- Added clarification comment of the DIR command
- Quoted `ARGS` usage required wrapping `ARGS` assignment in an array to properly expand. This wasn't broken before, but is required change to keep ShellCheck  lint happy.
- Quote wrapped `DIR` usage, the volume target had an extra `/` before the `DIR` which seems unnecessary as `pwd` should return absolute path.
- Expanded `docker run` options to long-form.
 2021-09-28 21:59:53 +13:00
polarathene
e81001615c tests: Improve error handling output and use regular string comparisons 
As this project isn't exactly python focused apart from the test suite, I'll assume other contributors are probably not as experienced with python either. Since this is a rather technical test, the extra comments should help grok the functionality without floundering around with the docs.

When the subprocess raises an exception due to an issue with the command (_eg using `-CAfile` arg to `openssl` with an invalid path_), the tests would output large walls of text that wasn't particularly helpful in troubleshooting the issue. `stderr` was also leaking out inbetween the test case results in the terminal, this has been resolved by ensuring that output is caught and piped, which keeps it available to python when an exception is raised. Identifying the actual error cause and location is now much nicer.

Updated the output to be plain string content instead of byte strings, this works fine :)
 2021-09-28 21:59:53 +13:00
polarathene
1d2f308cdf feat: Bring back ability to skip default DH params 
Adds back the ability to avoid using DH params, provided no file was explicitly supplied.

This used to be `DHPARAM_GENERATION=false`, the equivalent is now `DHPARAM_SKIP=1` (default 0). Previous name was no longer appropriate.

Ensures that if a user has explicitly provided their own dhparam file to still output a warning instead of the skip message, since `DHPARAM_SKIP=1` doesn't disable the support in nginx.
 2021-09-28 21:59:53 +13:00
polarathene
fd35a09240 tests: Revise dhparams tests 
- `dhparam_generation` tests are no longer necessary, dropped.

Modified the remaining `dhparam` test to use multiple `nginx-proxy` images to verify correct behavior for different configs.

Tests now cover:

- Default (ffdhe4096) is used.
- Alternative via ENV (ffdhe2048) works correctly.
- Invalid group via ENV (1024-bit) fails.
- Custom DH params provided via file mount works with warning emitted.

---

- `assert_log_contains`: added a `container_name` arg with `nginxproxy` as the default value. This allows multiple nginx-proxy containers to utilize this method instead.

- Extracted out the `openssl` test (_to `negotiate_cipher()`_) and modified it to be a bit more flexible. It now takes a container with optional extra args to pass to `openssl` command called, as well as the `grep` string to match. This made the original test redundant, so I've dropped it.

- Added two methods to use `negotiate_cipher()`, one verifies a DHE cipher suite was negotiated and checks that a DH emphermal key was also mentioned in the output. The other method verifies the expectation of failing to negotiate a valid cipher if DH params have not been set, while verifying that non-DHE cipher suites can be successfully negotiated.

- Added a `get_env()` method for extracting attached environments on a container. This is useful for verifying invalid `DHPARAM_BITS` values (eg `1024`-bit).

- The original `Server Temp Key` assertion was incorrect, it was expecting a value that is unrelated to DHE cipher suite support (_`X25519` is related to ECDHE_). This is due to TLS 1.3 being negotiated where you cannot use custom DH params, nor influence the negotiated cipher due to this mechanism changing from TLS 1.3. TLS 1.3 does support DH params, but it internally negotiates RFC 7919 group between server and client instead. Thus to verify expectations, the connection via `openssl` is made explicitly with TLS 1.2 instead.
 2021-09-28 21:59:53 +13:00
polarathene
9299a2801e tests: Remove dhparam volume 
No longer necessary for the majority of tests.
 2021-09-28 21:50:11 +13:00
dependabot[bot]
083d86a79d
chore(deps): bump docker from 5.0.0 to 5.0.2 in /test/requirements 
Bumps [docker](https://github.com/docker/docker-py) from 5.0.0 to 5.0.2.
- [Release notes](https://github.com/docker/docker-py/releases)
- [Commits](https://github.com/docker/docker-py/compare/5.0.0...5.0.2)

---
updated-dependencies:
- dependency-name: docker
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-09-02 04:18:54 +00:00
Nicolas Duchon
481c5a2318
Merge pull request #1760 from nginx-proxy/python-docker-mod-check 
Ease version check on python docker module for tests
 2021-09-01 14:48:35 +02:00
Nicolas Duchon
a1ff28cec8
CI: ease version check on python docker module 2021-09-01 09:31:02 +02:00
dependabot[bot]
308df38b14
chore(deps): bump pytest from 6.2.4 to 6.2.5 in /test/requirements 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.4 to 6.2.5.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.4...6.2.5)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-31 04:22:47 +00:00
Nicolas Duchon
d10531e925
tests: predictable upstream names 2021-08-17 21:50:18 +02:00
Nicolas Duchon
ba86bc04f6
tests: check for raw IPv4/6 used as VIRTUAL_HOST 2021-08-04 22:25:55 +02:00
Nicolas Duchon
df638c3fe6
ci: cleanup left over volumes after tests 2021-08-02 19:31:36 +02:00
Nicolas Duchon
10a4db5067
ci: remove xfail from tests that were fixed 2021-08-02 19:08:06 +02:00
Nicolas Duchon
d3fc5c506a
ci: enable Docker IPv6 on tests that require it 2021-08-02 18:37:33 +02:00
Nicolas Duchon
795e0acda7
ci: remove InsecureRequestWarning from urllib3 2021-08-02 18:09:34 +02:00
Nicolas Duchon
90a7218622
ci: update contest.py 2021-08-02 14:48:40 +02:00
Nicolas Duchon
ce4ce0676a
ci: update docker and docker-compose pip packages 2021-08-02 14:44:21 +02:00
dependabot[bot]
1ba594cc4d
chore(deps): bump pytest from 6.2.2 to 6.2.4 in /test/requirements 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.2 to 6.2.4.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.2...6.2.4)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-02 11:05:37 +00:00
dependabot[bot]
9855571616
chore(deps): bump backoff from 1.10.0 to 1.11.1 in /test/requirements 
Bumps [backoff](https://github.com/litl/backoff) from 1.10.0 to 1.11.1.
- [Release notes](https://github.com/litl/backoff/releases)
- [Changelog](https://github.com/litl/backoff/blob/master/CHANGELOG.md)
- [Commits](https://github.com/litl/backoff/compare/v1.10.0...v1.11.1)

---
updated-dependencies:
- dependency-name: backoff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-02 10:55:56 +00:00
dependabot[bot]
eefea9daec
chore(deps): bump requests from 2.25.1 to 2.26.0 in /test/requirements 
Bumps [requests](https://github.com/psf/requests) from 2.25.1 to 2.26.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/master/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.25.1...v2.26.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-08-02 10:47:08 +00:00
Gilles Filippini
a637b399b8 test: add test_server-down/test_load-balancing 
Check that when multiple containers have the same WIRTUAL_HOST and one of
them is unreachable, the resulting `upstream` block has no
`server 127.0.0.1 down;` entry.
 2021-06-21 00:48:21 +02:00
Nicolas Duchon
2006968c05
Merge pull request #1667 from pini-gh/pini-1609 
Use `server 127.0.0.1 down` entry only when required
 2021-06-20 18:04:19 +02:00
Gilles Filippini
7c0a4cb0b3 fix: escape backslash in test 2021-06-15 23:55:31 +02:00
Gilles Filippini
fca248a965 fix: server 127.0.0.1 down entry only when required 2021-06-15 23:54:24 +02:00
John Stucklen
790785f1ab
test: custom HTTPS port and redirection 2021-06-15 00:38:32 +02:00
John Stucklen
6bb7c37605
test: custom HTTP port 2021-06-15 00:13:06 +02:00
Gilles Filippini
2bb53bd303 test: add tests for the DEBUG flag 2021-05-28 01:52:01 +02:00
Gilles Filippini
3785649eb6 test: VIRTUAL_PORT != single exposed port 2021-05-28 00:04:59 +02:00
Laurynas Alekna
fb7a11212f Make server_tokens configurable per virtual-host 2021-05-13 21:52:06 +01:00
Laurynas Alekna
70b95b1708 Fix create_server_certificate.sh 
Docker image nginx:1.14.1 has no openssl installed. Therefore upgrading to nginx:1.19.10
 2021-05-11 10:29:22 +01:00
Nicolas Duchon
a9cfdc843e
docs: fix broken link 2021-05-01 22:30:57 +02:00
Nicolas Duchon
1f937dd6a5
docs: don't mention Docker container based tests 
Those aren't working yet and are being worked on
close #1605
 2021-04-28 09:58:03 +02:00
Kevin Marilleau
1518c39e1b
docs: update "how to install/test" parts 2021-04-27 00:35:21 +02:00
Kevin Marilleau
39f822dd8b
refactor(ci): ♻️ refactor makefile and modify its usage on CI 2021-04-27 00:35:21 +02:00
Kevin Marilleau
1591fd7968
chore(ci): 💚 use standard python for nginx-proxy-tester 2021-04-27 00:35:21 +02:00
Kevin Marilleau
3b1163291b
fix(test): test_dockergen_v3 version comparison 2021-04-27 00:35:21 +02:00
Kevin Marilleau
dd7f7e8427
fix(ci): wrong nginx-proxy image used on default_host test 2021-04-27 00:35:20 +02:00
Kevin Marilleau
0c60d57031
fix(ci): fix test_dhparam_is_generated_if_missing 2021-04-27 00:35:20 +02:00
Kevin Marilleau
6fd3cfb38f
fix(ci): 🔧 add markers on pytest.ini to fix warnings 2021-04-27 00:35:20 +02:00
Kevin Marilleau
37e85e6e8d
chore(ci): ♻️ convert Python old % string to f-strings 2021-04-27 00:35:20 +02:00
Kevin Marilleau
eba9ac4261
chore(ci): ⬆️ update python dependencies to latests release 2021-04-27 00:35:19 +02:00
Kevin Marilleau
950a28f5ea
chore(ci): ⬆️ porting python 2.7 code to python 3.9 2021-04-27 00:35:19 +02:00
Nicolas Duchon
ad7c02570b
chore: use nginxproxy's DockerHub registry 
Transitioning away from jwilder/nginx-proxy
Please see #1304 for more details
 2021-04-01 16:06:09 +02:00
Jiazhen Xie
23823c4b21 Fix the test 2019-08-07 17:33:02 +01:00
Steve Kamerman
ad41178036
Fixed tests that are now failing due to the dhparam clearing command beating the nginx startup. This is fixed permanently in #1213, but this PR fixes the test so as not to rely on the dhparam autogen, which is tested elsewhere. 2019-02-04 15:15:04 -05:00
Jason Wilder
7dd97d4bc3
Merge pull request #1111 from kamermans/bugfix/cant-disable-hsts-noredirect 
Fixed #1080, can't disable HSTS with noredirect
 2019-01-29 16:21:30 -07:00
Gpkfr
58c1fe3606
Upgrade to nginx 1.14.1 stable version 2018-11-09 15:26:01 +01:00
Steve Kamerman
936e57a6de
Fixed #1080, can't disable HSTS with noredirect 2018-08-01 11:30:06 -04:00
Matthias Döring
cb2b0e2bd3 Upgrade to nginx 1.14 stable 2018-06-06 00:56:47 +02:00
Steve Kamerman
9be2624d09
Increased dependency versions to get around pip internal problem 2018-04-22 16:11:32 -04:00
Steve Kamerman
c417813df9
Fixed out-of-scope variable 2018-04-22 16:03:43 -04:00
Jason Wilder
ccbbbeb928
Merge pull request #1073 from b1f6c1c4/b1f6c1c4-patch-1 
Add HSTS header regardless of status code
 2018-03-30 17:34:02 -04:00
Steve Kamerman
3590c1bae0
Added regression test to ensure HSTS works for errors 2018-03-26 14:58:06 -04:00
Steve Kamerman
c1ae91364c
Added endpoint to allow testing alternate response codes 2018-03-26 14:57:50 -04:00
Jason Wilder
d6042d08f1
Merge pull request #734 from thomasleveil/knwon_issues 
TESTS: add tests for known issues
 2018-02-20 14:50:11 -07:00
Jason Wilder
a6e8fae7f5
Merge pull request #970 from kamermans/bugfix/failing_ssl_tests 
Fixed failing SSL tests
 2017-11-09 10:04:20 -07:00
Steve Kamerman
612bf72ceb
Support old and new versions of requests 2017-11-08 23:19:13 -05:00
Steve Kamerman
ebd1485b09
Catch SSLError instead of CertificateError 2017-11-08 22:53:44 -05:00
Steve Kamerman
58a02f107e
Removed '-verify 0' - to disable verification, exclude -verify entirely 2017-11-08 22:42:52 -05:00
Steve Kamerman
a312472fb5
Added custom HSTS support (issue #953) 2017-11-08 22:30:24 -05:00
Matthias Döring
febf85d7e2 Move to 1.13 base image to get auto updates 
Less maintenance and more security
Resolves #880
 2017-07-21 13:45:33 +02:00
Jason Wilder
c41186a3a4 Merge branch 'master' into feature_ssl_improvement 2017-06-14 16:31:12 -06:00
Tobias Hüske
2c4102d396 Upgrade to 1.13.0 2017-05-04 18:57:00 +02:00
Jason Wilder
fed6df3756 Merge pull request #768 from thomasleveil/wildcard_cert_nohttps 
TESTS: add test for wildcard cert + nohttps + default.crt
 2017-05-03 17:02:40 -06:00
Matthias Döring
172d79aff4 Upgrade to nginx 1.11.13 2017-04-07 12:58:49 +02:00
Thomas LEVEIL
8414a94d59 TESTS: add test for the case in which a wildcard cert matches a container having nohttps set 2017-03-15 02:12:07 +01:00
Thomas LEVEIL
de2f057c10 TESTS: add test for unreachable container 
resulting in an empty `upstream {}` block in the generated nginx config file
 2017-03-08 21:21:32 +01:00
Thomas LEVEIL
6dfc3f3f70 TESTS: add stress test when a certificate file is missing 2017-03-08 21:21:32 +01:00
Thomas LEVEIL
e25c78b00a TESTS: add pytest incremental marker to mark tests as expected to fail if previous test failed 
see http://stackoverflow.com/a/12579625/107049
 2017-03-08 21:21:32 +01:00
Thomas LEVEIL
a3fbaa5990 TESTS: add directory for tests featuring scenarios trying to make nginx-proxy fail 2017-03-08 21:21:32 +01:00
Steve Kamerman
e373a5199b Merge branch 'master' into feature_ssl_improvement 2017-03-08 10:49:02 -05:00
Thomas LEVEIL
abdd5883a1 TESTS: refactor dhparam tests 2017-03-08 02:37:12 +01:00
Steve Kamerman
98b5828f83 Modified tests to include dhparams 2017-03-07 14:04:44 -05:00
Steve Kamerman
0244b4e71e Added dhparams test in new format 2017-03-07 14:04:37 -05:00
Thomas LEVEIL
99a569b2e6 fix #755: Tests fail with new Docker version scheme 
Docker introduced a [new version scheme](https://blog.docker.com/2017/03/docker-enterprise-edition/). As the result, the latest docker version is now `17.03.0-ce`.
 2017-03-06 23:36:16 +01:00
Steve Kamerman
ad9af2884d Merged master, fixed BATS conflict 2017-03-06 10:48:12 -05:00
Thomas LEVEIL
2aef648f3d TESTS: add a test to verify nginx conf is update on container creation/deletion 2017-02-21 03:20:38 +01:00
Thomas LEVEIL
dd443f3eca TESTS: ignore the requirements and certs directory when collecting tests 2017-02-17 01:24:48 +01:00
Thomas LEVEIL
9620be91fa TESTS: separated containers: fix indentation and remove dependency over jwilder/whoami image 2017-02-17 01:11:11 +01:00
Thomas LEVEIL
85370fa31f TESTS: improve error reporting for failed to run docker-compose commands 2017-02-17 00:54:14 +01:00
Thomas LEVEIL
6069bc53cd TESTS: replace old test suite with the new one 
get rid of Bats definitively
 2017-02-17 00:29:30 +01:00
Steve Kamerman
d320b43476 Merged conflict in BATS SSL test 2017-01-26 13:46:11 -05:00
Steve Kamerman
276b4dbe3e Merge branch 'master' into feature_nohttps 2017-01-13 13:07:03 -05:00
Steve Kamerman
83a28f47d7 Fixed long server name comment, improved dhparam check 2017-01-12 17:43:13 -05:00
Steve Kamerman
b0de1f19d3 Updated to use 256-bit dhparam in tests 2017-01-12 17:25:31 -05:00
Steve Kamerman
7d253dd0f3 Allow passing DHPARAM_BITS via env, lower bits to 256 for unit tests 2017-01-12 14:55:25 -05:00
Steve Kamerman
dffc0c47cf Tweak test for reliability on Travis-CI 2017-01-12 10:52:56 -05:00
Steve Kamerman
c219822cd8 Typos 2017-01-12 01:53:36 -05:00
Steve Kamerman
f73a52afaf Added BATS tests for dhparam generation 2017-01-12 01:45:46 -05:00
Steve Kamerman
7c0f7b9449 Fixed Alpine image, removed dhparams gen from test units 2017-01-12 00:21:39 -05:00
Thomas LEVEIL
d8658bd8d9 TEST: wildcards-hosts.bats - add a test which uses regexp end-of-string 2017-01-07 23:50:54 +01:00
Thomas LEVEIL
a3c6a272f1 TEST: wildcards-hosts.bats - showcase http://foo.bar.why.not.bats-to-infinity-and-beyond/ 2017-01-07 23:33:54 +01:00