summaryrefslogtreecommitdiffstats
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests')
-rw-r--r--debian/tests/cli7
-rw-r--r--debian/tests/control15
-rw-r--r--debian/tests/proxy-localhost44
-rw-r--r--debian/tests/proxy-ssl-pass-through59
-rw-r--r--debian/tests/proxy-ssl-termination48
-rw-r--r--debian/tests/utils58
6 files changed, 231 insertions, 0 deletions
diff --git a/debian/tests/cli b/debian/tests/cli
new file mode 100644
index 0000000..941b4af
--- /dev/null
+++ b/debian/tests/cli
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+echo "show stat" | socat STDIO UNIX-CONNECT:/run/haproxy/admin.sock | grep "^#"
+
+echo "show info" | socat STDIO UNIX-CONNECT:/run/haproxy/admin.sock | grep "^Version:"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..ccc2b53
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,15 @@
+Tests: cli
+Depends: haproxy, socat
+Restrictions: needs-root
+
+Tests: proxy-localhost
+Depends: haproxy, wget, apache2
+Restrictions: needs-root, allow-stderr, isolation-container
+
+Tests: proxy-ssl-termination
+Depends: haproxy, wget, apache2, gnutls-bin, ssl-cert
+Restrictions: needs-root, allow-stderr, isolation-container
+
+Tests: proxy-ssl-pass-through
+Depends: haproxy, wget, apache2, gnutls-bin, ssl-cert
+Restrictions: needs-root, allow-stderr, isolation-container
diff --git a/debian/tests/proxy-localhost b/debian/tests/proxy-localhost
new file mode 100644
index 0000000..0736985
--- /dev/null
+++ b/debian/tests/proxy-localhost
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+set -eux
+
+WDIR=$(dirname "$0")
+. "${WDIR}/utils"
+
+cat > /etc/haproxy/haproxy.cfg <<EOF
+global
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
+ daemon
+ maxconn 4096
+
+defaults
+ log global
+ option dontlognull
+ option redispatch
+ retries 3
+ timeout client 50s
+ timeout connect 10s
+ timeout http-request 5s
+ timeout server 50s
+ maxconn 4096
+
+frontend test-front
+ bind *:8080
+ mode http
+ default_backend test-back
+
+backend test-back
+ mode http
+ stick store-request src
+ stick-table type ip size 256k expire 30m
+ server test-1 localhost:80
+EOF
+
+service haproxy restart
+sleep 2 # Apache 2 could be still starting... See #976997.
+
+check_index_file "http://localhost:8080"
+
+exit 0
diff --git a/debian/tests/proxy-ssl-pass-through b/debian/tests/proxy-ssl-pass-through
new file mode 100644
index 0000000..aa0bd2c
--- /dev/null
+++ b/debian/tests/proxy-ssl-pass-through
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+set -eux
+
+WDIR=$(dirname "$0")
+. "${WDIR}/utils"
+
+CERT_DIR=/etc/ssl/localhost
+APACHE2_CONFIG=/etc/apache2/sites-available/default-ssl.conf
+
+create_ca
+create_selfsigned_cert ${CERT_DIR}
+
+# Use the self-signed certificate in apache2 config
+sed -i "s#/etc/ssl/certs/ssl-cert-snakeoil.pem#${CERT_DIR}/localhost_cert.pem#" ${APACHE2_CONFIG}
+sed -i "s#/etc/ssl/private/ssl-cert-snakeoil.key#${CERT_DIR}/localhost_key.pem#" ${APACHE2_CONFIG}
+
+cat > /etc/haproxy/haproxy.cfg <<EOF
+global
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
+ daemon
+ maxconn 4096
+
+defaults
+ log global
+ option dontlognull
+ option redispatch
+ retries 3
+ timeout client 50s
+ timeout connect 10s
+ timeout http-request 5s
+ timeout server 50s
+ maxconn 4096
+
+frontend test-front
+ bind *:4433
+ mode tcp
+ option tcplog
+ default_backend test-back
+
+backend test-back
+ mode tcp
+ stick store-request src
+ stick-table type ip size 256k expire 30m
+ option ssl-hello-chk
+ server test-1 localhost:443 check
+EOF
+
+systemctl restart haproxy
+a2enmod ssl
+a2ensite default-ssl
+systemctl restart apache2
+sleep 5 # Apache 2 could be still starting... See #976997. It needs some extra seconds because of SSL
+
+check_index_file "https://localhost:4433"
+
+exit 0
diff --git a/debian/tests/proxy-ssl-termination b/debian/tests/proxy-ssl-termination
new file mode 100644
index 0000000..6cc1bcc
--- /dev/null
+++ b/debian/tests/proxy-ssl-termination
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -eux
+
+WDIR=$(dirname "$0")
+. "${WDIR}/utils"
+
+CERT_DIR=/etc/ssl/localhost
+create_ca
+create_selfsigned_cert ${CERT_DIR}
+
+cat > /etc/haproxy/haproxy.cfg <<EOF
+global
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
+ daemon
+ maxconn 4096
+ ssl-default-bind-options ssl-min-ver SSLv3
+
+defaults
+ log global
+ option dontlognull
+ option redispatch
+ retries 3
+ timeout client 50s
+ timeout connect 10s
+ timeout http-request 5s
+ timeout server 50s
+ maxconn 4096
+
+frontend test-front
+ bind *:443 ssl crt ${CERT_DIR}/localhost.pem
+ default_backend test-back
+
+backend test-back
+ mode http
+ stick store-request src
+ stick-table type ip size 256k expire 30m
+ server test-1 localhost:80 check
+EOF
+
+systemctl restart haproxy
+sleep 2 # Apache 2 could be still starting... See #976997.
+
+check_index_file "https://localhost"
+
+exit 0
diff --git a/debian/tests/utils b/debian/tests/utils
new file mode 100644
index 0000000..df11b55
--- /dev/null
+++ b/debian/tests/utils
@@ -0,0 +1,58 @@
+
+create_ca() {
+ certtool --generate-privkey --bits 4096 --outfile /etc/ssl/private/mycakey.pem
+
+ cat <<EOF > /etc/ssl/ca.info
+cn = Example Company
+ca
+cert_signing_key
+expiration_days = 3650
+EOF
+
+ certtool --generate-self-signed \
+ --load-privkey /etc/ssl/private/mycakey.pem \
+ --template /etc/ssl/ca.info \
+ --outfile /usr/local/share/ca-certificates/mycacert.crt
+
+ update-ca-certificates
+}
+
+create_selfsigned_cert() {
+ dir="$1"
+ mkdir -p "${dir}"
+
+ certtool --generate-privkey --bits 2048 --outfile "${dir}/localhost_key.pem"
+
+ cat <<EOF > "${dir}/localhost.info"
+organization = Example Company
+cn = localhost
+tls_www_server
+encryption_key
+signing_key
+expiration_days = 365
+EOF
+
+ certtool --generate-certificate \
+ --load-privkey "${dir}/localhost_key.pem" \
+ --load-ca-certificate /etc/ssl/certs/mycacert.pem \
+ --load-ca-privkey /etc/ssl/private/mycakey.pem \
+ --template "${dir}/localhost.info" \
+ --outfile "${dir}/localhost_cert.pem"
+
+ cat "${dir}/localhost_cert.pem" "${dir}/localhost_key.pem" | tee "${dir}/localhost.pem"
+ chgrp haproxy "${dir}/localhost_key.pem" "${dir}/localhost.pem"
+ chmod 0640 "${dir}/localhost_key.pem" "${dir}/localhost.pem"
+}
+
+check_index_file() {
+ haproxy_url="$1"
+ # index.html is shipped with apache2
+ # Download it via haproxy and compare
+ if wget -t1 "${haproxy_url}" -O- | cmp /var/www/html/index.html -; then
+ echo "OK: index.html downloaded via haproxy matches the source file."
+ else
+ echo "FAIL: downloaded index.html via haproxy is different from the"
+ echo " file delivered by apache."
+ exit 1
+ fi
+}