gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/tests/h2o: use client to check + start_all() machines

Browse Source
This commit is contained in:
·𐑑𐑴𐑕𐑑𐑩𐑤
2025-11-09 13:21:23 +07:00
parent 9ab2c7619e
commit cb89189157
3 changed files with 52 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
nixos/tests/web-servers/h2o/basic.nix
View File

@@ -36,12 +36,8 @@ in
nodes = { nodes = {
server = server =
{ pkgs, config, ... }: { config, ... }:
{ {
environment.systemPackages = [
pkgs.curl
];
services.h2o = { services.h2o = {
enable = true; enable = true;
defaultHTTPListenPort = 8080; defaultHTTPListenPort = 8080;
@@ -111,12 +107,30 @@ in
]; ];
}; };
extraHosts = '' extraHosts = ''
127.0.0.1 ${domain.HTTP} ${config.networking.primaryIPAddress} ${domain.HTTP}
127.0.0.1 ${domain.TLS} ${config.networking.primaryIPAddress} ${domain.TLS}
''; '';
}; };
}; };
client =
{ nodes, pkgs, ... }:
{
environment.systemPackages = [
pkgs.curl
];
security.pki.certificates = [
(builtins.readFile ../../common/acme/server/ca.cert.pem)
];
networking.extraHosts = ''
${nodes.server.networking.primaryIPAddress} ${domain.HTTP}
${nodes.server.networking.primaryIPAddress} ${domain.TLS}
'';
}; };
};
testScript = testScript =
{ nodes, ... }: { nodes, ... }:
let let
@@ -126,30 +140,32 @@ in
in in
# python # python
'' ''
start_all()
server.wait_for_unit("h2o.service") server.wait_for_unit("h2o.service")
server.wait_for_open_port(${portStrHTTP}) server.wait_for_open_port(${portStrHTTP})
server.wait_for_open_port(${portStrTLS}) server.wait_for_open_port(${portStrTLS})
assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'") assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'")
tls_hello_world_head = server.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower() tls_hello_world_head = client.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
assert "http/2 200" in tls_hello_world_head assert "http/2 200" in tls_hello_world_head
assert "server: h2o" in tls_hello_world_head assert "server: h2o" in tls_hello_world_head
assert "content-type: text/x-rst" in tls_hello_world_head assert "content-type: text/x-rst" in tls_hello_world_head
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'") assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
quic_hello_world_head = server.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower() quic_hello_world_head = client.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
assert "http/3 200" in quic_hello_world_head assert "http/3 200" in quic_hello_world_head
assert "server: h2o" in quic_hello_world_head assert "server: h2o" in quic_hello_world_head
assert "content-type: text/x-rst" in quic_hello_world_head assert "content-type: text/x-rst" in quic_hello_world_head
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'") assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
assert "redirected" in server.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower() assert "redirected" in client.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower()
server.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'") client.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'") assert "${sawatdi_chao_lok}" in client.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
''; '';
} }

23
nixos/tests/web-servers/h2o/mruby.nix
View File

@@ -14,7 +14,7 @@ in
nodes = { nodes = {
server = server =
{ pkgs, ... }: { pkgs, config, ... }:
{ {
services.h2o = { services.h2o = {
enable = true; enable = true;
@@ -41,9 +41,17 @@ in
}; };
}; };
networking.extraHosts = '' networking.firewall.allowedTCPPorts = [
127.0.0.1 ${domain} config.services.h2o.settings.listen
''; ];
};
client =
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.curl
];
}; };
}; };
@@ -52,14 +60,17 @@ in
let let
inherit (nodes) server; inherit (nodes) server;
portStr = builtins.toString server.services.h2o.settings.listen; portStr = builtins.toString server.services.h2o.settings.listen;
origin = "http://server:${portStr}";
in in
# python # python
'' ''
start_all()
server.wait_for_unit("h2o.service") server.wait_for_unit("h2o.service")
server.wait_for_open_port(${portStr}) server.wait_for_open_port(${portStr})
assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/hello_world") assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body ${origin}/hello_world")
assert "FILE_HANDLER" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/file_handler") assert "FILE_HANDLER" in client.succeed("curl --fail-with-body ${origin}/file_handler")
''; '';
} }

4
nixos/tests/web-servers/h2o/tls-recommendations.nix
View File

@@ -78,6 +78,8 @@ in
maintainers = with lib.maintainers; [ toastal ]; maintainers = with lib.maintainers; [ toastal ];
}; };
# not using a `client` since its easiest to test with acme.test pointing at
# localhost for these machines
nodes = { nodes = {
server_modern = mkH2OServer "modern"; server_modern = mkH2OServer "modern";
server_intermediate = mkH2OServer "intermediate"; server_intermediate = mkH2OServer "intermediate";
@@ -100,6 +102,8 @@ in
curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'" curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'"
curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'" curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'"
start_all()
server_modern.wait_for_unit("h2o.service") server_modern.wait_for_unit("h2o.service")
server_modern.wait_for_open_port(${modernPortStr}) server_modern.wait_for_open_port(${modernPortStr})
modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}")) modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}"))