mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-09 07:09:35 +00:00
43ba3cf2b5
Its sole remaining purpose was to display "proxy foo started", which has little benefit and pollutes output for those with plenty of proxies. Let's remove it now. The VTCs were updated to reflect this, because many of them had explicit counts of dropped lines to match this message. This is tagged as MEDIUM because some users may be surprized by the loss of this quite old message.
119 lines
3.1 KiB
Plaintext
119 lines
3.1 KiB
Plaintext
varnishtest "Health-check test over TLS/SSL"
|
|
#REQUIRE_OPTIONS=OPENSSL
|
|
#REGTEST_TYPE=slow
|
|
feature ignore_unknown_macro
|
|
|
|
|
|
# This script tests health-checks for a TLS/SSL backend with "option httpchk"
|
|
# and "check-ssl" option enabled attached to h2 haproxy process. This haproxy
|
|
# h2 process is chained to h1 other one.
|
|
#
|
|
server s1 {
|
|
rxreq
|
|
expect req.method == OPTIONS
|
|
expect req.url == *
|
|
expect req.proto == HTTP/1.1
|
|
txresp
|
|
} -start
|
|
|
|
server s2 {
|
|
} -start
|
|
|
|
server s3 {
|
|
rxreq
|
|
expect req.method == OPTIONS
|
|
expect req.url == *
|
|
expect req.proto == HTTP/1.1
|
|
txresp
|
|
} -start
|
|
|
|
syslog S1 -level notice {
|
|
recv info
|
|
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
|
|
} -start
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
defaults
|
|
mode http
|
|
timeout client 20
|
|
timeout server 20
|
|
timeout connect 20
|
|
|
|
backend be1
|
|
server srv1 ${s1_addr}:${s1_port}
|
|
|
|
backend be2
|
|
server srv2 ${s2_addr}:${s2_port}
|
|
|
|
backend be3
|
|
server srv3 ${s3_addr}:${s3_port}
|
|
|
|
frontend fe1
|
|
option httplog
|
|
log ${S1_addr}:${S1_port} len 2048 local0 debug err
|
|
bind "fd@${fe1}" ssl crt ${testdir}/common.pem
|
|
use_backend be1
|
|
|
|
frontend fe2
|
|
option tcplog
|
|
bind "fd@${fe2}" ssl crt ${testdir}/common.pem
|
|
use_backend be2
|
|
|
|
frontend fe3
|
|
option httplog
|
|
bind "fd@${fe3}" ssl crt ${testdir}/common.pem
|
|
use_backend be3
|
|
} -start
|
|
|
|
syslog S2 -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
} -start
|
|
|
|
syslog S4 -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
} -start
|
|
|
|
syslog S6 -level notice {
|
|
recv
|
|
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
|
|
} -start
|
|
|
|
haproxy h2 -conf {
|
|
global
|
|
tune.ssl.default-dh-param 2048
|
|
|
|
defaults
|
|
timeout client 20
|
|
timeout server 20
|
|
timeout connect 20
|
|
default-server downinter 1s inter 500 rise 1 fall 1
|
|
|
|
backend be2
|
|
option log-health-checks
|
|
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
|
|
log ${S2_addr}:${S2_port} daemon
|
|
server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check
|
|
|
|
backend be4
|
|
option log-health-checks
|
|
log ${S4_addr}:${S4_port} daemon
|
|
server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
|
|
|
|
backend be6
|
|
option log-health-checks
|
|
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
|
|
log ${S6_addr}:${S6_port} daemon
|
|
server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80
|
|
} -start
|
|
|
|
syslog S1 -wait
|
|
|
|
syslog S2 -wait
|
|
syslog S4 -wait
|
|
syslog S6 -wait
|