mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-22 20:32:12 +00:00
5003ac7fe9
This commit makes sure that if three is no "alpn", "npn" nor "no-alpn" setting on a "bind" line which corresponds to an HTTPS or QUIC frontend, we automatically turn on "h2,http/1.1" as an ALPN default for an HTTP listener, and "h3" for a QUIC listener. This simplifies the configuration for end users since they won't have to explicitly configure the ALPN string to enable H2, considering that at the time of writing, HTTP/1.1 represents less than 7% of the traffic on large infrastructures. The doc and regtests were updated. For more info, refer to the following thread: https://www.mail-archive.com/haproxy@formilux.org/msg43410.html
213 lines
6.7 KiB
Plaintext
213 lines
6.7 KiB
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
# This teg-test verifies that different ALPN values on the "server" line
|
|
# will negotiate the expected protocol depending on the ALPN "bind" line.
|
|
# It requires OpenSSL >= 1.0.2 for ALPN
|
|
|
|
varnishtest "Test the bind 'alpn' setting"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev7)'"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.0.2)'"
|
|
feature ignore_unknown_macro
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
defaults
|
|
mode http
|
|
option httplog
|
|
log stderr local0 debug err
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
listen px-clr
|
|
bind "fd@${clearfe}"
|
|
default-server ssl verify none
|
|
|
|
# first digit select the alpn sent by the client, second digit, the server one
|
|
use-server s00 if { path /00 }
|
|
server s00 "${tmpdir}/ssl0.sock"
|
|
use-server s01 if { path /01 }
|
|
server s01 "${tmpdir}/ssl1.sock"
|
|
use-server s02 if { path /02 }
|
|
server s02 "${tmpdir}/ssl2.sock"
|
|
use-server s03 if { path /03 }
|
|
server s03 "${tmpdir}/ssl3.sock"
|
|
use-server s04 if { path /04 }
|
|
server s04 "${tmpdir}/ssl4.sock"
|
|
|
|
use-server s10 if { path /10 }
|
|
server s10 "${tmpdir}/ssl0.sock" alpn http/1.1
|
|
use-server s11 if { path /11 }
|
|
server s11 "${tmpdir}/ssl1.sock" alpn http/1.1
|
|
use-server s12 if { path /12 }
|
|
server s12 "${tmpdir}/ssl2.sock" alpn http/1.1
|
|
use-server s13 if { path /13 }
|
|
server s13 "${tmpdir}/ssl3.sock" alpn http/1.1
|
|
use-server s14 if { path /14 }
|
|
server s14 "${tmpdir}/ssl4.sock" alpn http/1.1
|
|
|
|
use-server s20 if { path /20 }
|
|
server s20 "${tmpdir}/ssl0.sock" alpn h2
|
|
use-server s21 if { path /21 }
|
|
server s21 "${tmpdir}/ssl1.sock" alpn h2
|
|
use-server s22 if { path /22 }
|
|
server s22 "${tmpdir}/ssl2.sock" alpn h2
|
|
use-server s23 if { path /23 }
|
|
server s23 "${tmpdir}/ssl3.sock" alpn h2
|
|
use-server s24 if { path /24 }
|
|
server s24 "${tmpdir}/ssl4.sock" alpn h2
|
|
|
|
use-server s30 if { path /30 }
|
|
server s30 "${tmpdir}/ssl0.sock" alpn h2,http/1.1
|
|
use-server s31 if { path /31 }
|
|
server s31 "${tmpdir}/ssl1.sock" alpn h2,http/1.1
|
|
use-server s32 if { path /32 }
|
|
server s32 "${tmpdir}/ssl2.sock" alpn h2,http/1.1
|
|
use-server s33 if { path /33 }
|
|
server s33 "${tmpdir}/ssl3.sock" alpn h2,http/1.1
|
|
use-server s34 if { path /34 }
|
|
server s34 "${tmpdir}/ssl4.sock" alpn h2,http/1.1
|
|
|
|
frontend fe-ssl
|
|
bind "${tmpdir}/ssl0.sock" ssl crt ${testdir}/common.pem
|
|
bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem alpn http/1.1
|
|
bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem alpn h2
|
|
bind "${tmpdir}/ssl3.sock" ssl crt ${testdir}/common.pem alpn h2,http/1.1
|
|
bind "${tmpdir}/ssl4.sock" ssl crt ${testdir}/common.pem no-alpn
|
|
http-request return status 200 hdr x-alpn _%[ssl_fc_alpn] hdr x-path %[path] hdr x-ver _%[req.ver]
|
|
} -start
|
|
|
|
# client sends no alpn
|
|
client c1 -connect ${h1_clearfe_sock} {
|
|
txreq -url "/00"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/01"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/02"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/03"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/04"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
} -run
|
|
|
|
# client sends alpn=http/1.1
|
|
client c1 -connect ${h1_clearfe_sock} {
|
|
txreq -url "/10"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_http/1.1"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/11"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_http/1.1"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/12"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/13"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_http/1.1"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/14"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
} -run
|
|
|
|
# client sends alpn=h2
|
|
client c1 -connect ${h1_clearfe_sock} {
|
|
txreq -url "/20"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/21"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/22"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/23"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/24"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
} -run
|
|
|
|
# client sends alpn=h2,http/1.1
|
|
client c1 -connect ${h1_clearfe_sock} {
|
|
txreq -url "/30"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/31"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_http/1.1"
|
|
expect resp.http.x-ver == "_1.1"
|
|
|
|
txreq -url "/32"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/33"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_h2"
|
|
expect resp.http.x-ver == "_2.0"
|
|
|
|
txreq -url "/34"
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-alpn == "_"
|
|
expect resp.http.x-ver == "_1.1"
|
|
} -run
|