diff options
Diffstat (limited to 'debian/tests')
-rw-r--r-- | debian/tests/cli | 7 | ||||
-rw-r--r-- | debian/tests/control | 15 | ||||
-rw-r--r-- | debian/tests/proxy-localhost | 44 | ||||
-rw-r--r-- | debian/tests/proxy-ssl-pass-through | 59 | ||||
-rw-r--r-- | debian/tests/proxy-ssl-termination | 48 | ||||
-rw-r--r-- | debian/tests/utils | 58 |
6 files changed, 231 insertions, 0 deletions
diff --git a/debian/tests/cli b/debian/tests/cli new file mode 100644 index 0000000..941b4af --- /dev/null +++ b/debian/tests/cli @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +echo "show stat" | socat STDIO UNIX-CONNECT:/run/haproxy/admin.sock | grep "^#" + +echo "show info" | socat STDIO UNIX-CONNECT:/run/haproxy/admin.sock | grep "^Version:" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..ccc2b53 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,15 @@ +Tests: cli +Depends: haproxy, socat +Restrictions: needs-root + +Tests: proxy-localhost +Depends: haproxy, wget, apache2 +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: proxy-ssl-termination +Depends: haproxy, wget, apache2, gnutls-bin, ssl-cert +Restrictions: needs-root, allow-stderr, isolation-container + +Tests: proxy-ssl-pass-through +Depends: haproxy, wget, apache2, gnutls-bin, ssl-cert +Restrictions: needs-root, allow-stderr, isolation-container diff --git a/debian/tests/proxy-localhost b/debian/tests/proxy-localhost new file mode 100644 index 0000000..0736985 --- /dev/null +++ b/debian/tests/proxy-localhost @@ -0,0 +1,44 @@ +#!/bin/sh + +set -eux + +WDIR=$(dirname "$0") +. "${WDIR}/utils" + +cat > /etc/haproxy/haproxy.cfg <<EOF +global + chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + maxconn 4096 + +defaults + log global + option dontlognull + option redispatch + retries 3 + timeout client 50s + timeout connect 10s + timeout http-request 5s + timeout server 50s + maxconn 4096 + +frontend test-front + bind *:8080 + mode http + default_backend test-back + +backend test-back + mode http + stick store-request src + stick-table type ip size 256k expire 30m + server test-1 localhost:80 +EOF + +service haproxy restart +sleep 2 # Apache 2 could be still starting... See #976997. + +check_index_file "http://localhost:8080" + +exit 0 diff --git a/debian/tests/proxy-ssl-pass-through b/debian/tests/proxy-ssl-pass-through new file mode 100644 index 0000000..aa0bd2c --- /dev/null +++ b/debian/tests/proxy-ssl-pass-through @@ -0,0 +1,59 @@ +#!/bin/sh + +set -eux + +WDIR=$(dirname "$0") +. "${WDIR}/utils" + +CERT_DIR=/etc/ssl/localhost +APACHE2_CONFIG=/etc/apache2/sites-available/default-ssl.conf + +create_ca +create_selfsigned_cert ${CERT_DIR} + +# Use the self-signed certificate in apache2 config +sed -i "s#/etc/ssl/certs/ssl-cert-snakeoil.pem#${CERT_DIR}/localhost_cert.pem#" ${APACHE2_CONFIG} +sed -i "s#/etc/ssl/private/ssl-cert-snakeoil.key#${CERT_DIR}/localhost_key.pem#" ${APACHE2_CONFIG} + +cat > /etc/haproxy/haproxy.cfg <<EOF +global + chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + maxconn 4096 + +defaults + log global + option dontlognull + option redispatch + retries 3 + timeout client 50s + timeout connect 10s + timeout http-request 5s + timeout server 50s + maxconn 4096 + +frontend test-front + bind *:4433 + mode tcp + option tcplog + default_backend test-back + +backend test-back + mode tcp + stick store-request src + stick-table type ip size 256k expire 30m + option ssl-hello-chk + server test-1 localhost:443 check +EOF + +systemctl restart haproxy +a2enmod ssl +a2ensite default-ssl +systemctl restart apache2 +sleep 5 # Apache 2 could be still starting... See #976997. It needs some extra seconds because of SSL + +check_index_file "https://localhost:4433" + +exit 0 diff --git a/debian/tests/proxy-ssl-termination b/debian/tests/proxy-ssl-termination new file mode 100644 index 0000000..6cc1bcc --- /dev/null +++ b/debian/tests/proxy-ssl-termination @@ -0,0 +1,48 @@ +#!/bin/sh + +set -eux + +WDIR=$(dirname "$0") +. "${WDIR}/utils" + +CERT_DIR=/etc/ssl/localhost +create_ca +create_selfsigned_cert ${CERT_DIR} + +cat > /etc/haproxy/haproxy.cfg <<EOF +global + chroot /var/lib/haproxy + user haproxy + group haproxy + daemon + maxconn 4096 + ssl-default-bind-options ssl-min-ver SSLv3 + +defaults + log global + option dontlognull + option redispatch + retries 3 + timeout client 50s + timeout connect 10s + timeout http-request 5s + timeout server 50s + maxconn 4096 + +frontend test-front + bind *:443 ssl crt ${CERT_DIR}/localhost.pem + default_backend test-back + +backend test-back + mode http + stick store-request src + stick-table type ip size 256k expire 30m + server test-1 localhost:80 check +EOF + +systemctl restart haproxy +sleep 2 # Apache 2 could be still starting... See #976997. + +check_index_file "https://localhost" + +exit 0 diff --git a/debian/tests/utils b/debian/tests/utils new file mode 100644 index 0000000..df11b55 --- /dev/null +++ b/debian/tests/utils @@ -0,0 +1,58 @@ + +create_ca() { + certtool --generate-privkey --bits 4096 --outfile /etc/ssl/private/mycakey.pem + + cat <<EOF > /etc/ssl/ca.info +cn = Example Company +ca +cert_signing_key +expiration_days = 3650 +EOF + + certtool --generate-self-signed \ + --load-privkey /etc/ssl/private/mycakey.pem \ + --template /etc/ssl/ca.info \ + --outfile /usr/local/share/ca-certificates/mycacert.crt + + update-ca-certificates +} + +create_selfsigned_cert() { + dir="$1" + mkdir -p "${dir}" + + certtool --generate-privkey --bits 2048 --outfile "${dir}/localhost_key.pem" + + cat <<EOF > "${dir}/localhost.info" +organization = Example Company +cn = localhost +tls_www_server +encryption_key +signing_key +expiration_days = 365 +EOF + + certtool --generate-certificate \ + --load-privkey "${dir}/localhost_key.pem" \ + --load-ca-certificate /etc/ssl/certs/mycacert.pem \ + --load-ca-privkey /etc/ssl/private/mycakey.pem \ + --template "${dir}/localhost.info" \ + --outfile "${dir}/localhost_cert.pem" + + cat "${dir}/localhost_cert.pem" "${dir}/localhost_key.pem" | tee "${dir}/localhost.pem" + chgrp haproxy "${dir}/localhost_key.pem" "${dir}/localhost.pem" + chmod 0640 "${dir}/localhost_key.pem" "${dir}/localhost.pem" +} + +check_index_file() { + haproxy_url="$1" + # index.html is shipped with apache2 + # Download it via haproxy and compare + if wget -t1 "${haproxy_url}" -O- | cmp /var/www/html/index.html -; then + echo "OK: index.html downloaded via haproxy matches the source file." + else + echo "FAIL: downloaded index.html via haproxy is different from the" + echo " file delivered by apache." + exit 1 + fi +} |