blob: 1989d6508b8583cfd004c828e080e3319583ab22 [file] [log] [blame]
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +01001varnishtest "Health-check test over TLS/SSL"
Ilya Shipitsin9ab31382019-04-17 12:19:56 +05002#REQUIRE_OPTIONS=OPENSSL
Willy Tarreau8e8bd882019-05-17 17:15:20 +02003#REGTEST_TYPE=slow
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +01004feature ignore_unknown_macro
5
6
7# This script tests health-checks for a TLS/SSL backend with "option httpchk"
8# and "check-ssl" option enabled attached to h2 haproxy process. This haproxy
9# h2 process is chained to h1 other one.
10#
11server s1 {
12 rxreq
13 expect req.method == OPTIONS
14 expect req.url == *
15 expect req.proto == HTTP/1.1
16 txresp
17} -start
18
19server s2 {
20} -start
21
Christopher Faulet66163ec2020-05-20 22:36:24 +020022server s3 {
23 rxreq
24 expect req.method == OPTIONS
25 expect req.url == *
26 expect req.proto == HTTP/1.1
27 txresp
28} -start
29
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010030syslog S1 -level notice {
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010031 recv info
32 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010033} -start
34
35haproxy h1 -conf {
36 global
37 tune.ssl.default-dh-param 2048
38
39 defaults
40 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010041 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
42 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
43 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010044
45 backend be1
46 server srv1 ${s1_addr}:${s1_port}
47
48 backend be2
49 server srv2 ${s2_addr}:${s2_port}
50
Christopher Faulet66163ec2020-05-20 22:36:24 +020051 backend be3
52 server srv3 ${s3_addr}:${s3_port}
53
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010054 frontend fe1
55 option httplog
56 log ${S1_addr}:${S1_port} len 2048 local0 debug err
57 bind "fd@${fe1}" ssl crt ${testdir}/common.pem
58 use_backend be1
59
60 frontend fe2
61 option tcplog
62 bind "fd@${fe2}" ssl crt ${testdir}/common.pem
63 use_backend be2
Christopher Faulet66163ec2020-05-20 22:36:24 +020064
65 frontend fe3
66 option httplog
67 bind "fd@${fe3}" ssl crt ${testdir}/common.pem
68 use_backend be3
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010069} -start
70
71syslog S2 -level notice {
72 recv
Christopher Fauleta67ed432020-04-20 14:59:20 +020073 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010074} -start
75
76syslog S4 -level notice {
77 recv
Christopher Fauleta67ed432020-04-20 14:59:20 +020078 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010079} -start
80
Christopher Faulet66163ec2020-05-20 22:36:24 +020081syslog S6 -level notice {
82 recv
Christopher Faulet66163ec2020-05-20 22:36:24 +020083 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
84} -start
85
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010086haproxy h2 -conf {
87 global
88 tune.ssl.default-dh-param 2048
89
90 defaults
Willy Tarreauf6739232021-11-18 17:46:22 +010091 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
92 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
93 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
Willy Tarreau8e8bd882019-05-17 17:15:20 +020094 default-server downinter 1s inter 500 rise 1 fall 1
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010095
96 backend be2
97 option log-health-checks
98 option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
99 log ${S2_addr}:${S2_port} daemon
100 server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check
101
102 backend be4
103 option log-health-checks
104 log ${S4_addr}:${S4_port} daemon
105 server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
Christopher Faulet66163ec2020-05-20 22:36:24 +0200106
107 backend be6
108 option log-health-checks
109 option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
110 log ${S6_addr}:${S6_port} daemon
Christopher Fauleted486572020-05-25 07:59:59 +0200111 server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +0100112} -start
113
114syslog S1 -wait
115
116syslog S2 -wait
117syslog S4 -wait
Christopher Faulet66163ec2020-05-20 22:36:24 +0200118syslog S6 -wait