RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-16 00:14:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
eb8c2c69fa
haproxy/reg-tests/checks/tls_health_checks.vtc
Christopher Faulet ed48657e02 REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used 
In tls_health_checks.vtc, when IPv6 addresses are used, A config error is
reported because of the "addr" server parameter. Because there is no specified
port, the IPv6 address must be enclosed into brackets to be properly parsed. It
also works with IPv4 addresses. But instead, a dummy port is added to the addr
parameter. This way, we also check the port parameter, when specified, is used
in priority over the port found in the addr parameter.

This patch should fix the issue #646.
2020-05-25 08:06:30 +02:00

127 lines
3.4 KiB
Plaintext
Raw Blame History

varnishtest "Health-check test over TLS/SSL"
#REQUIRE_OPTIONS=OPENSSL
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This script tests health-checks for a TLS/SSL backend with "option httpchk"
# and "check-ssl" option enabled attached to h2 haproxy process. This haproxy
# h2 process is chained to h1 other one.
#
server s1 {
rxreq
expect req.method == OPTIONS
expect req.url == *
expect req.proto == HTTP/1.1
txresp
} -start
server s2 {
} -start
server s3 {
rxreq
expect req.method == OPTIONS
expect req.url == *
expect req.proto == HTTP/1.1
txresp
} -start
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy fe1 started."
recv info
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
} -start
haproxy h1 -conf {
global
tune.ssl.default-dh-param 2048
defaults
mode http
timeout client 20
timeout server 20
timeout connect 20
backend be1
server srv1 ${s1_addr}:${s1_port}
backend be2
server srv2 ${s2_addr}:${s2_port}
backend be3
server srv3 ${s3_addr}:${s3_port}
frontend fe1
option httplog
log ${S1_addr}:${S1_port} len 2048 local0 debug err
bind "fd@${fe1}" ssl crt ${testdir}/common.pem
use_backend be1
frontend fe2
option tcplog
bind "fd@${fe2}" ssl crt ${testdir}/common.pem
use_backend be2
frontend fe3
option httplog
bind "fd@${fe3}" ssl crt ${testdir}/common.pem
use_backend be3
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be2 started."
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S4 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be4 started."
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S6 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be6 started."
recv
expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
haproxy h2 -conf {
global
tune.ssl.default-dh-param 2048
defaults
timeout client 20
timeout server 20
timeout connect 20
default-server downinter 1s inter 500 rise 1 fall 1
backend be2
option log-health-checks
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
log ${S2_addr}:${S2_port} daemon
server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check
backend be4
option log-health-checks
log ${S4_addr}:${S4_port} daemon
server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
backend be6
option log-health-checks
option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
log ${S6_addr}:${S6_port} daemon
server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80
} -start
syslog S1 -wait
syslog S2 -wait
syslog S4 -wait
syslog S6 -wait
Reference in New Issue View Git Blame Copy Permalink