gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/tests/h2o: use client to check + start_all() machines

Browse Source
This commit is contained in:
·𐑑𐑴𐑕𐑑𐑩𐑤
2025-11-09 13:21:23 +07:00
parent 9ab2c7619e
commit cb89189157
3 changed files with 52 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
nixos/tests/web-servers/h2o/basic.nix
View File

@@ -36,12 +36,8 @@ in
nodes = {
server =
{ pkgs, config, ... }:
{ config, ... }:
{
environment.systemPackages = [
pkgs.curl
];
services.h2o = {
enable = true;
defaultHTTPListenPort = 8080;
@@ -111,12 +107,30 @@ in
];
};
extraHosts = ''
127.0.0.1 ${domain.HTTP}
127.0.0.1 ${domain.TLS}
${config.networking.primaryIPAddress} ${domain.HTTP}
${config.networking.primaryIPAddress} ${domain.TLS}
'';
};
};
client =
{ nodes, pkgs, ... }:
{
environment.systemPackages = [
pkgs.curl
];
security.pki.certificates = [
(builtins.readFile ../../common/acme/server/ca.cert.pem)
];
networking.extraHosts = ''
${nodes.server.networking.primaryIPAddress} ${domain.HTTP}
${nodes.server.networking.primaryIPAddress} ${domain.TLS}
'';
};
};
testScript =
{ nodes, ... }:
let
@@ -126,30 +140,32 @@ in
in
# python
''
start_all()
server.wait_for_unit("h2o.service")
server.wait_for_open_port(${portStrHTTP})
server.wait_for_open_port(${portStrTLS})
assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'")
assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body 'http://${domain.HTTP}:${portStrHTTP}/hello_world.txt'")
tls_hello_world_head = server.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
tls_hello_world_head = client.succeed("curl -v --head --compressed --http2 --tlsv1.3 --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
assert "http/2 200" in tls_hello_world_head
assert "server: h2o" in tls_hello_world_head
assert "content-type: text/x-rst" in tls_hello_world_head
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http2 --tlsv1.3 --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
quic_hello_world_head = server.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
quic_hello_world_head = client.succeed("curl -v --head --compressed --http3-only --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'").lower()
assert "http/3 200" in quic_hello_world_head
assert "server: h2o" in quic_hello_world_head
assert "content-type: text/x-rst" in quic_hello_world_head
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
assert "${sawatdi_chao_lok}" in client.succeed("curl -v --http3-only --compressed --fail-with-body 'https://${domain.TLS}:${portStrTLS}/hello_world.rst'")
assert "redirected" in server.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower()
assert "redirected" in client.succeed("curl -v --head --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'").lower()
server.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
client.fail("curl --location --max-redirs 0 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
assert "${sawatdi_chao_lok}" in server.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
assert "${sawatdi_chao_lok}" in client.succeed("curl -v --location --fail-with-body 'http://${domain.TLS}:${portStrHTTP}/hello_world.rst'")
'';
}

23
nixos/tests/web-servers/h2o/mruby.nix
View File

@@ -14,7 +14,7 @@ in
nodes = {
server =
{ pkgs, ... }:
{ pkgs, config, ... }:
{
services.h2o = {
enable = true;
@@ -41,9 +41,17 @@ in
};
};
networking.extraHosts = ''
127.0.0.1 ${domain}
'';
networking.firewall.allowedTCPPorts = [
config.services.h2o.settings.listen
];
};
client =
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.curl
];
};
};
@@ -52,14 +60,17 @@ in
let
inherit (nodes) server;
portStr = builtins.toString server.services.h2o.settings.listen;
origin = "http://server:${portStr}";
in
# python
''
start_all()
server.wait_for_unit("h2o.service")
server.wait_for_open_port(${portStr})
assert "${sawatdi_chao_lok}" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/hello_world")
assert "${sawatdi_chao_lok}" in client.succeed("curl --fail-with-body ${origin}/hello_world")
assert "FILE_HANDLER" in server.succeed("curl --fail-with-body http://${domain}:${portStr}/file_handler")
assert "FILE_HANDLER" in client.succeed("curl --fail-with-body ${origin}/file_handler")
'';
}

4
nixos/tests/web-servers/h2o/tls-recommendations.nix
View File

@@ -78,6 +78,8 @@ in
maintainers = with lib.maintainers; [ toastal ];
};
# not using a `client` since its easiest to test with acme.test pointing at
# localhost for these machines
nodes = {
server_modern = mkH2OServer "modern";
server_intermediate = mkH2OServer "intermediate";
@@ -100,6 +102,8 @@ in
curl_max_tls1_2_intermediate_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256' 'https://${domain}:{port}/'"
curl_max_tls1_2_old_cipher ="curl -v --tlsv1.0 --tls-max 1.2 --ciphers 'ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256' 'https://${domain}:{port}/'"
start_all()
server_modern.wait_for_unit("h2o.service")
server_modern.wait_for_open_port(${modernPortStr})
modern_response = server_modern.succeed(curl_basic.format(port="${modernPortStr}"))