| Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 1 | varnishtest "Health-check test over TLS/SSL" |
| Ilya Shipitsin | 9ab3138 | 2019-04-17 12:19:56 +0500 | [diff] [blame] | 2 | #REQUIRE_OPTIONS=OPENSSL |
| Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 3 | feature ignore_unknown_macro |
| 4 | |
| 5 | |
| 6 | # This script tests health-checks for a TLS/SSL backend with "option httpchk" |
| 7 | # and "check-ssl" option enabled attached to h2 haproxy process. This haproxy |
| 8 | # h2 process is chained to h1 other one. |
| 9 | # |
| 10 | server s1 { |
| 11 | rxreq |
| 12 | expect req.method == OPTIONS |
| 13 | expect req.url == * |
| 14 | expect req.proto == HTTP/1.1 |
| 15 | txresp |
| 16 | } -start |
| 17 | |
| 18 | server s2 { |
| 19 | } -start |
| 20 | |
| 21 | syslog S1 -level notice { |
| 22 | recv |
| 23 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy fe1 started." |
| 24 | recv info |
| 25 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\"" |
| 26 | recv info |
| 27 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 504 [[:digit:]]+ - - sH-- .* \"OPTIONS \\* HTTP/1.1\"" |
| 28 | } -start |
| 29 | |
| 30 | haproxy h1 -conf { |
| 31 | global |
| 32 | tune.ssl.default-dh-param 2048 |
| 33 | |
| 34 | defaults |
| 35 | mode http |
| Willy Tarreau | 2eb1c79 | 2019-05-07 07:26:08 +0200 | [diff] [blame] | 36 | timeout client 20 |
| 37 | timeout server 20 |
| 38 | timeout connect 20 |
| Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 39 | |
| 40 | backend be1 |
| 41 | server srv1 ${s1_addr}:${s1_port} |
| 42 | |
| 43 | backend be2 |
| 44 | server srv2 ${s2_addr}:${s2_port} |
| 45 | |
| 46 | frontend fe1 |
| 47 | option httplog |
| 48 | log ${S1_addr}:${S1_port} len 2048 local0 debug err |
| 49 | bind "fd@${fe1}" ssl crt ${testdir}/common.pem |
| 50 | use_backend be1 |
| 51 | |
| 52 | frontend fe2 |
| 53 | option tcplog |
| 54 | bind "fd@${fe2}" ssl crt ${testdir}/common.pem |
| 55 | use_backend be2 |
| 56 | } -start |
| 57 | |
| 58 | syslog S2 -level notice { |
| 59 | recv |
| 60 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be2 started." |
| 61 | recv |
| 62 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed, code: 200, info: \"OK\", check duration: [[:digit:]]+ms, status: 1/1 UP." |
| 63 | recv |
| 64 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 failed, reason: Layer7 wrong status, code: 504, info: \"Gateway Time-out\", check duration: [[:digit:]]+ms, status: 0/1 DOWN." |
| 65 | } -start |
| 66 | |
| 67 | syslog S4 -level notice { |
| 68 | recv |
| 69 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be4 started." |
| 70 | recv |
| 71 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed, check duration: [[:digit:]]+ms, status: 1/1 UP." |
| 72 | } -start |
| 73 | |
| 74 | haproxy h2 -conf { |
| 75 | global |
| 76 | tune.ssl.default-dh-param 2048 |
| 77 | |
| 78 | defaults |
| Willy Tarreau | 2eb1c79 | 2019-05-07 07:26:08 +0200 | [diff] [blame] | 79 | timeout client 20 |
| 80 | timeout server 20 |
| 81 | timeout connect 20 |
| Willy Tarreau | 1bbc74b | 2019-05-13 10:47:41 +0200 | [diff] [blame] | 82 | default-server downinter 1s inter 100 rise 1 fall 1 |
| Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 83 | |
| 84 | backend be2 |
| 85 | option log-health-checks |
| 86 | option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www |
| 87 | log ${S2_addr}:${S2_port} daemon |
| 88 | server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check |
| 89 | |
| 90 | backend be4 |
| 91 | option log-health-checks |
| 92 | log ${S4_addr}:${S4_port} daemon |
| 93 | server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check |
| 94 | } -start |
| 95 | |
| 96 | syslog S1 -wait |
| 97 | |
| 98 | syslog S2 -wait |
| 99 | syslog S4 -wait |
| 100 | |