Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 1 | varnishtest "Health-check test over TLS/SSL" |
Ilya Shipitsin | 9ab3138 | 2019-04-17 12:19:56 +0500 | [diff] [blame] | 2 | #REQUIRE_OPTIONS=OPENSSL |
Willy Tarreau | 8e8bd88 | 2019-05-17 17:15:20 +0200 | [diff] [blame] | 3 | #REGTEST_TYPE=slow |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 4 | feature ignore_unknown_macro |
| 5 | |
| 6 | |
| 7 | # This script tests health-checks for a TLS/SSL backend with "option httpchk" |
| 8 | # and "check-ssl" option enabled attached to h2 haproxy process. This haproxy |
| 9 | # h2 process is chained to h1 other one. |
| 10 | # |
| 11 | server s1 { |
| 12 | rxreq |
| 13 | expect req.method == OPTIONS |
| 14 | expect req.url == * |
| 15 | expect req.proto == HTTP/1.1 |
| 16 | txresp |
| 17 | } -start |
| 18 | |
| 19 | server s2 { |
| 20 | } -start |
| 21 | |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 22 | server s3 { |
| 23 | rxreq |
| 24 | expect req.method == OPTIONS |
| 25 | expect req.url == * |
| 26 | expect req.proto == HTTP/1.1 |
| 27 | txresp |
| 28 | } -start |
| 29 | |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 30 | syslog S1 -level notice { |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 31 | recv info |
| 32 | expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\"" |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 33 | } -start |
| 34 | |
| 35 | haproxy h1 -conf { |
| 36 | global |
| 37 | tune.ssl.default-dh-param 2048 |
| 38 | |
| 39 | defaults |
| 40 | mode http |
Willy Tarreau | f673923 | 2021-11-18 17:46:22 +0100 | [diff] [blame] | 41 | timeout client "${HAPROXY_TEST_TIMEOUT-5s}" |
| 42 | timeout server "${HAPROXY_TEST_TIMEOUT-5s}" |
| 43 | timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 44 | |
| 45 | backend be1 |
| 46 | server srv1 ${s1_addr}:${s1_port} |
| 47 | |
| 48 | backend be2 |
| 49 | server srv2 ${s2_addr}:${s2_port} |
| 50 | |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 51 | backend be3 |
| 52 | server srv3 ${s3_addr}:${s3_port} |
| 53 | |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 54 | frontend fe1 |
| 55 | option httplog |
| 56 | log ${S1_addr}:${S1_port} len 2048 local0 debug err |
| 57 | bind "fd@${fe1}" ssl crt ${testdir}/common.pem |
| 58 | use_backend be1 |
| 59 | |
| 60 | frontend fe2 |
| 61 | option tcplog |
| 62 | bind "fd@${fe2}" ssl crt ${testdir}/common.pem |
| 63 | use_backend be2 |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 64 | |
| 65 | frontend fe3 |
| 66 | option httplog |
| 67 | bind "fd@${fe3}" ssl crt ${testdir}/common.pem |
| 68 | use_backend be3 |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 69 | } -start |
| 70 | |
| 71 | syslog S2 -level notice { |
| 72 | recv |
Christopher Faulet | a67ed43 | 2020-04-20 14:59:20 +0200 | [diff] [blame] | 73 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP." |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 74 | } -start |
| 75 | |
| 76 | syslog S4 -level notice { |
| 77 | recv |
Christopher Faulet | a67ed43 | 2020-04-20 14:59:20 +0200 | [diff] [blame] | 78 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP." |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 79 | } -start |
| 80 | |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 81 | syslog S6 -level notice { |
| 82 | recv |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 83 | expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP." |
| 84 | } -start |
| 85 | |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 86 | haproxy h2 -conf { |
| 87 | global |
| 88 | tune.ssl.default-dh-param 2048 |
| 89 | |
| 90 | defaults |
Willy Tarreau | f673923 | 2021-11-18 17:46:22 +0100 | [diff] [blame] | 91 | timeout client "${HAPROXY_TEST_TIMEOUT-5s}" |
| 92 | timeout server "${HAPROXY_TEST_TIMEOUT-5s}" |
| 93 | timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" |
Willy Tarreau | 8e8bd88 | 2019-05-17 17:15:20 +0200 | [diff] [blame] | 94 | default-server downinter 1s inter 500 rise 1 fall 1 |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 95 | |
| 96 | backend be2 |
| 97 | option log-health-checks |
| 98 | option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www |
| 99 | log ${S2_addr}:${S2_port} daemon |
| 100 | server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check |
| 101 | |
| 102 | backend be4 |
| 103 | option log-health-checks |
| 104 | log ${S4_addr}:${S4_port} daemon |
| 105 | server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 106 | |
| 107 | backend be6 |
| 108 | option log-health-checks |
| 109 | option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www |
| 110 | log ${S6_addr}:${S6_port} daemon |
Christopher Faulet | ed48657 | 2020-05-25 07:59:59 +0200 | [diff] [blame] | 111 | server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80 |
Frédéric Lécaille | 0656d9c | 2018-12-18 10:31:04 +0100 | [diff] [blame] | 112 | } -start |
| 113 | |
| 114 | syslog S1 -wait |
| 115 | |
| 116 | syslog S2 -wait |
| 117 | syslog S4 -wait |
Christopher Faulet | 66163ec | 2020-05-20 22:36:24 +0200 | [diff] [blame] | 118 | syslog S6 -wait |