blob: 6ac1782bb9403eb35a977e2b7da3c941dcf36612 [file] [log] [blame]
Christopher Fauletaec7f762020-04-22 15:16:58 +02001varnishtest "Health-checks: tcp-check health-check with ssl options"
2#REQUIRE_OPTION=OPENSSL
3#REQUIRE_VERSION=2.2
4#REGTEST_TYPE=slow
5feature ignore_unknown_macro
6
7syslog S_ok -level notice {
8 recv
Christopher Fauletaec7f762020-04-22 15:16:58 +02009 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
10 recv
11 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
12 recv
13 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
14 recv
15 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
16 recv
17 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be[0-9]+/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
18} -start
19
20syslog S3 -level notice {
21 recv
Christopher Faulet8d38f0a2020-05-06 11:10:51 +020022 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+info: \"(Connection closed during SSL handshake|SSL handshake failure)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
Christopher Fauletaec7f762020-04-22 15:16:58 +020023} -start
24
25syslog S4 -level notice {
26 recv
Christopher Faulet8d38f0a2020-05-06 11:10:51 +020027 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be4/srv failed, reason: Layer6 invalid response.+info: \"(Connection closed during SSL handshake|SSL handshake failure) at step 1 of tcp-check \\(connect\\)\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
Christopher Fauletaec7f762020-04-22 15:16:58 +020028} -start
29
30
31haproxy htst -conf {
32 global
33 tune.ssl.default-dh-param 2048
34
35 defaults
36 mode tcp
Willy Tarreauf6739232021-11-18 17:46:22 +010037 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
38 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
39 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
Christopher Fauletaec7f762020-04-22 15:16:58 +020040
41 listen li1
42 bind "fd@${li1}"
43 tcp-request inspect-delay 100ms
44 tcp-request content reject if { req.ssl_hello_type 0 }
45 tcp-request content accept if { req.ssl_sni check.haproxy.org }
46 tcp-request content accept if { req.ssl_sni connect.haproxy.org }
47 tcp-request content reject
48 server fe1 ${htst_fe1_addr}:${htst_fe1_port}
49
50 listen li2
51 bind "fd@${li2}"
52 tcp-request inspect-delay 100ms
53 tcp-request content reject if { req.ssl_hello_type 0 }
54 tcp-request content accept if { req.ssl_alpn h2 }
55 tcp-request content accept if { req.ssl_alpn http/1.1 }
56 tcp-request content reject
57 server fe1 ${htst_fe1_addr}:${htst_fe1_port}
58
59 frontend fe1
60 bind "fd@${fe1}" ssl crt ${testdir}/common.pem
61
62} -start
63
64haproxy h1 -conf {
65 defaults
66 mode tcp
Willy Tarreauf6739232021-11-18 17:46:22 +010067 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
68 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
69 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
Christopher Fauletaec7f762020-04-22 15:16:58 +020070
71 backend be1
72 log ${S_ok_addr}:${S_ok_port} daemon
73 option log-health-checks
74 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
75
76 backend be2
77 log ${S_ok_addr}:${S_ok_port} daemon
78 option log-health-checks
79 option tcp-check
80 tcp-check connect ssl sni connect.haproxy.org
81 server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
82
83 backend be3
84 log ${S3_addr}:${S3_port} daemon
85 option log-health-checks
86 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni bad.haproxy.org inter 1s rise 1 fall 1 verify none
87
88 backend be4
89 log ${S4_addr}:${S4_port} daemon
90 option log-health-checks
91 option tcp-check
92 tcp-check connect ssl sni bad.haproxy.org
93 server srv ${htst_li1_addr}:${htst_li1_port} check inter 1s rise 1 fall 1 verify none
94
95 backend be5
96 log ${S_ok_addr}:${S_ok_port} daemon
97 option log-health-checks
98 option tcp-check
99 tcp-check connect default
100 server srv ${htst_li1_addr}:${htst_li1_port} check check-ssl check-sni check.haproxy.org inter 1s rise 1 fall 1 verify none
101
102 backend be6
103 log ${S_ok_addr}:${S_ok_port} daemon
104 option log-health-checks
105 server srv ${htst_li2_addr}:${htst_li2_port} check check-ssl check-alpn "h2,http/1.1" inter 1s rise 1 fall 1 verify none
106
107 backend be7
108 log ${S_ok_addr}:${S_ok_port} daemon
109 option log-health-checks
110 option tcp-check
111 tcp-check connect ssl alpn "h2,http/1.1"
112 server srv ${htst_li2_addr}:${htst_li2_port} check inter 1s rise 1 fall 1 verify none
113
114} -start
115
116syslog S_ok -wait
117syslog S3 -wait
118syslog S4 -wait