blob: ebc3c280afd1c1281450b31ae5411bcfd40fb263 [file] [log] [blame]
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +01001varnishtest "Health-check test over TLS/SSL"
Ilya Shipitsin9ab31382019-04-17 12:19:56 +05002#REQUIRE_OPTIONS=OPENSSL
Willy Tarreau8e8bd882019-05-17 17:15:20 +02003#REGTEST_TYPE=slow
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +01004feature ignore_unknown_macro
5
6
7# This script tests health-checks for a TLS/SSL backend with "option httpchk"
8# and "check-ssl" option enabled attached to h2 haproxy process. This haproxy
9# h2 process is chained to h1 other one.
10#
11server s1 {
12 rxreq
13 expect req.method == OPTIONS
14 expect req.url == *
15 expect req.proto == HTTP/1.1
16 txresp
17} -start
18
19server s2 {
20} -start
21
Christopher Faulet66163ec2020-05-20 22:36:24 +020022server s3 {
23 rxreq
24 expect req.method == OPTIONS
25 expect req.url == *
26 expect req.proto == HTTP/1.1
27 txresp
28} -start
29
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010030syslog S1 -level notice {
31 recv
32 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Proxy fe1 started."
33 recv info
34 expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010035} -start
36
37haproxy h1 -conf {
38 global
39 tune.ssl.default-dh-param 2048
40
41 defaults
42 mode http
Willy Tarreau2eb1c792019-05-07 07:26:08 +020043 timeout client 20
44 timeout server 20
45 timeout connect 20
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010046
47 backend be1
48 server srv1 ${s1_addr}:${s1_port}
49
50 backend be2
51 server srv2 ${s2_addr}:${s2_port}
52
Christopher Faulet66163ec2020-05-20 22:36:24 +020053 backend be3
54 server srv3 ${s3_addr}:${s3_port}
55
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010056 frontend fe1
57 option httplog
58 log ${S1_addr}:${S1_port} len 2048 local0 debug err
59 bind "fd@${fe1}" ssl crt ${testdir}/common.pem
60 use_backend be1
61
62 frontend fe2
63 option tcplog
64 bind "fd@${fe2}" ssl crt ${testdir}/common.pem
65 use_backend be2
Christopher Faulet66163ec2020-05-20 22:36:24 +020066
67 frontend fe3
68 option httplog
69 bind "fd@${fe3}" ssl crt ${testdir}/common.pem
70 use_backend be3
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010071} -start
72
73syslog S2 -level notice {
74 recv
75 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be2 started."
76 recv
Christopher Fauleta67ed432020-04-20 14:59:20 +020077 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010078} -start
79
80syslog S4 -level notice {
81 recv
82 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be4 started."
83 recv
Christopher Fauleta67ed432020-04-20 14:59:20 +020084 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010085} -start
86
Christopher Faulet66163ec2020-05-20 22:36:24 +020087syslog S6 -level notice {
88 recv
89 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Proxy be6 started."
90 recv
91 expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
92} -start
93
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +010094haproxy h2 -conf {
95 global
96 tune.ssl.default-dh-param 2048
97
98 defaults
Willy Tarreau2eb1c792019-05-07 07:26:08 +020099 timeout client 20
100 timeout server 20
101 timeout connect 20
Willy Tarreau8e8bd882019-05-17 17:15:20 +0200102 default-server downinter 1s inter 500 rise 1 fall 1
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +0100103
104 backend be2
105 option log-health-checks
106 option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
107 log ${S2_addr}:${S2_port} daemon
108 server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check
109
110 backend be4
111 option log-health-checks
112 log ${S4_addr}:${S4_port} daemon
113 server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
Christopher Faulet66163ec2020-05-20 22:36:24 +0200114
115 backend be6
116 option log-health-checks
117 option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
118 log ${S6_addr}:${S6_port} daemon
Christopher Fauleted486572020-05-25 07:59:59 +0200119 server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80
Frédéric Lécaille0656d9c2018-12-18 10:31:04 +0100120} -start
121
122syslog S1 -wait
123
124syslog S2 -wait
125syslog S4 -wait
Christopher Faulet66163ec2020-05-20 22:36:24 +0200126syslog S6 -wait