From 0792dfeb4d85a1477ba0e7dd81f53a5f7d30122c Mon Sep 17 00:00:00 2001 From: Alessio Coltellacci Date: Wed, 10 Oct 2018 16:06:35 +0200 Subject: [PATCH 1/4] [WIP] Add test: https redirect --- src/test/java/SozuContainerTest.java | 14 ++++++++++++++ src/test/resources/sozu/config.toml | 10 ++++++++++ 2 files changed, 24 insertions(+) diff --git a/src/test/java/SozuContainerTest.java b/src/test/java/SozuContainerTest.java index 5204641..33b3633 100644 --- a/src/test/java/SozuContainerTest.java +++ b/src/test/java/SozuContainerTest.java @@ -19,6 +19,7 @@ import java.util.concurrent.TimeoutException; import java.util.logging.Logger; +import static java.net.HttpURLConnection.HTTP_MOVED_PERM; import static java.net.HttpURLConnection.HTTP_OK; import static java.net.HttpURLConnection.HTTP_UNAVAILABLE; import static org.junit.Assert.*; @@ -263,4 +264,17 @@ public void testStickySessions () throws Exception { nodeBackend2.stop(); nodeBackend3.stop(); } + + @Test + public void testHttpsredirect() throws Exception { + URL sozuUrl = sozuContainer.getBaseUrl("http", SozuContainer.DEFAULT_HTTP_PORT); + + HttpResponse res = curl("-H 'Host: httpsredirect.com' " + sozuUrl.toString()); + + // Verify that the proxy answers with a 301 to the HTTPS version + assertEquals(HTTP_MOVED_PERM, res.getStatusLine().getStatusCode()); + + String location = res.getFirstHeader("Location").getValue(); + assertEquals("https://httpsredirect.com/", location); + } } diff --git a/src/test/resources/sozu/config.toml b/src/test/resources/sozu/config.toml index c2a8062..9505337 100644 --- a/src/test/resources/sozu/config.toml +++ b/src/test/resources/sozu/config.toml @@ -115,4 +115,14 @@ frontends = [ backends = [ { address = "172.18.0.10:8002", sticky_id = "rogue" }, { address = "172.18.0.11:8003", sticky_id = "war" }, +] + +[applications.httpsredirect] +https_redirect = true +protocol = "http" +frontends = [ + { address = "0.0.0.0:80", hostname = "httpsredirect.com" }, +] +backends = [ + { address = "172.18.0.5:8004" } ] \ No newline at end of file From 33a1af33a6d4ddb00415423b52509934c91d1823 Mon Sep 17 00:00:00 2001 From: Alessio Coltellacci Date: Mon, 22 Oct 2018 16:25:31 +0200 Subject: [PATCH 2/4] Add script to create a CA and a SSL certificate --- gen-own-ssl-ca-and-cert.sh | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100755 gen-own-ssl-ca-and-cert.sh diff --git a/gen-own-ssl-ca-and-cert.sh b/gen-own-ssl-ca-and-cert.sh new file mode 100755 index 0000000..2a13194 --- /dev/null +++ b/gen-own-ssl-ca-and-cert.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# Create Your Own SSL Certificate Authority for Local HTTPS Development +# $1 = hostname +# $2 = output directory (src/test/resources/certs by default) + +set -e +#set -x + +OUT_PATH=${2:-src/test/resources/certs} + +echo $# + +if [ "$#" -ne 1 -o "$#" -ne 2]; then + echo "Illegal number of parameters" + echo "Usage: DOMAIN [OUT_PATH]" + exit 1 +fi + +# Generate a passphrase +openssl rand -base64 48 > passphrase.txt + +# Create the Certificate Authority pem and key +openssl genrsa -des3 -passout file:passphrase.txt -out $OUT_PATH/CA.key 2048 +openssl req -x509 -passin file:passphrase.txt -new -nodes -key $OUT_PATH/CA.key -sha256 -days 7300 -out $OUT_PATH/CA.pem \ + -subj "/C=FR/O=clevercloud/OU=sozu/CN=ca.sozu.com" + + +# Create CA-Signed certificates for the test +openssl genrsa -passout file:passphrase.txt -out $OUT_PATH/$1.key 2048 + +openssl req -passin file:passphrase.txt -new -key $OUT_PATH/$1.key -out $OUT_PATH/$1.csr \ + -subj "/C=FR/O=devcompany/OU=dev/CN=$1" + +openssl x509 -req -passin file:passphrase.txt -in $OUT_PATH/$1.csr -CA $OUT_PATH/CA.pem -CAkey $OUT_PATH/CA.key -CAcreateserial -out $OUT_PATH/$1.crt -days 7300 -sha256 + +# == Clean == +rm -f passphrase.txt From b720889e9525b3ffd8092425ec67fb7e12c82aed Mon Sep 17 00:00:00 2001 From: Alessio Coltellacci Date: Tue, 23 Oct 2018 17:55:25 +0200 Subject: [PATCH 3/4] Add CA and SSL certficate for https redirect test --- src/main/java/SozuContainer.java | 1 + src/test/resources/certs/CA.key | 30 +++++++++++++++++++ src/test/resources/certs/CA.pem | 21 +++++++++++++ src/test/resources/certs/CA.srl | 1 + .../resources/certs/httpsredirect.com.crt | 19 ++++++++++++ .../resources/certs/httpsredirect.com.csr | 16 ++++++++++ .../resources/certs/httpsredirect.com.key | 27 +++++++++++++++++ 7 files changed, 115 insertions(+) create mode 100644 src/test/resources/certs/CA.key create mode 100644 src/test/resources/certs/CA.pem create mode 100644 src/test/resources/certs/CA.srl create mode 100644 src/test/resources/certs/httpsredirect.com.crt create mode 100644 src/test/resources/certs/httpsredirect.com.csr create mode 100644 src/test/resources/certs/httpsredirect.com.key diff --git a/src/main/java/SozuContainer.java b/src/main/java/SozuContainer.java index 3f3d9f3..c78ad84 100644 --- a/src/main/java/SozuContainer.java +++ b/src/main/java/SozuContainer.java @@ -41,6 +41,7 @@ public SozuContainer(final String pathToDockerFile) { @Override protected void configure() { mapResourceParameterAsVolume("sozu", "/etc"); + mapResourceParameterAsVolume("certs", "/"); //FIXME needed only for testHttpsredirect make this more configurable withNetworkMode("my-net"); addExposedPorts(DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT, 4000, 4001); } diff --git a/src/test/resources/certs/CA.key b/src/test/resources/certs/CA.key new file mode 100644 index 0000000..9c2be70 --- /dev/null +++ b/src/test/resources/certs/CA.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,59812418522C401C + +93f3vx2tC2EBgquJpiMQ+YjOcn3rQvpsxj5+3S3H4XmSdA5NTRUB+Zsxz+KsJ7sG +ZDYsr0ueAivJvstwi15DVZOPIgdhxHAz/Z0132MUYrUyuWx4xf74GhdS5P6CuyNl +NIm0g9Vr8M1tLi7PxXXAGsEHFd7/eSGbTJHWWtIWc99S8BTNA8/lNUXNN7M9noyp +cRJybckpBHUxAEMzb7q+RC1Y9YKvvV1/ENQxVQxEh4vKtnw9EKRbk7QUB1D5MORS +jaEuSboVRnni5kwWx7O24E51m6ilaFCq/i4JnyER8bWfVxsuQhi3+gcN0myh86/p +KbaT0vQ8dt5Oj4rIyShVOfiufdo/klXJV55yVl//3f7oYxeQ6ORshU3d/ysNCLfJ +kKeoPXw/SoLqn5+VZZfFwDQNEdcIM45BF5egrDo1HM5wGW1NC7bO+cHnZxHeguoI +B8cK0+9ix0fXqNynjQSE+4PCQ5uIQq8mIeR4hXREPcpUBWcxlYy31YWMWB0V1ORn +45Lm1eNp6UP77f8wxMm+DnSYJhi/LZQj23ZR6J32nn6BI7zHwq2KaJA0B75qQxO+ +GA4CdRtf6cPY8wGv4HO/QSpWGKQaBAtWzfst0EFz07oGfDqMmhLkw1edIzxSfHiD +wVrTpPT9irKAOOmlDbkwDA0VkCJXod6yBXlkBW56UaYK3FxB/mGC+ulaHy/ixmOV +pKeEx4jHPAUa1u28dNcyrLd+H02RyUeYftKbPD38vpVO1TfTRiXH1uRiRmAf2C8T +lKJ0AcvEEQ9RTFDM1xQ5kC3cR9AyAEa0+xIWEEXXfBMpljJH3sGnPPo4T5TqB8h+ +K79A9/m7tqnMEX14V5Sr8TXRZHg4rKnebPHuhJ9D7fEqUBrVjk+YtqwadBaAJ7kC +6DMVYZHrsnud7T69IR0ModHi/U3xAP1+RtweSQmMfp86TDc+ZTcmBpKEbHLiTW3y +5Yz20JGltR2MbgJukEpb8n0x8Jpao9hSmkE9PfT7UpzM6tVctMIpej//5vTWw4lq +3npWVRNivyH5L77UKtx7R5UdGeli4HeCl39+avurB/RyCy/V4BLXDEH5PfGrOu8j +v7UruZKdkMGEXLlARo4JqdC24T6UD6TYHQuA4TlNReQ0BHoXIrCUFpSfQ+2cJ+B4 +ZJopHa/n5+XBjAWm0BpUoRU6YYUYprUGALNTM+8Si8Uz8Am6HrSqymCRfwjIfQme +lcf0PW6bSO58WDPKXgQAiw7CddZQioNkeOiI3Z3lyYYVxcCcxsg889W6YD9R7VIe +Nn4smlo3yJ6nq6/dM/GgMmiT7YWaChSlDgJNk/hAoiOPD7XLr6aOz4Z+LPdNLemK +xShxrn2nxXLCzQ8A5dOKEcEjtY5YJcA2XDrUZ9eSAJNKUJzNtoRETgMnp1pxcxQW +y/4ynCnrE5edEXsTT2ENQISOx3dsipzdE9HeZRCoX4btn2W/UzeJx4OPnytyq3Cs +XzaiplFPVeQXNgjeieI0bkWvQzLzNEJ6qeDv5JJIav7zqZppx0rR+s95ivtNPz5b +sxWmMtYDyhKrgs0SVhTBpDocZWDM/pmGw8z/e4sp0VI/PM8SC1PXHqWT6jYvnCnI +-----END RSA PRIVATE KEY----- diff --git a/src/test/resources/certs/CA.pem b/src/test/resources/certs/CA.pem new file mode 100644 index 0000000..f8ffe0b --- /dev/null +++ b/src/test/resources/certs/CA.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDZjCCAk6gAwIBAgIJALFeYtVRE2D2MA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNV +BAYTAkZSMRQwEgYDVQQKDAtjbGV2ZXJjbG91ZDENMAsGA1UECwwEc296dTEUMBIG +A1UEAwwLY2Euc296dS5jb20wHhcNMTgxMDIyMTkzMTM2WhcNMzgxMDE3MTkzMTM2 +WjBIMQswCQYDVQQGEwJGUjEUMBIGA1UECgwLY2xldmVyY2xvdWQxDTALBgNVBAsM +BHNvenUxFDASBgNVBAMMC2NhLnNvenUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAwClI9TYCvgHsxV0vW9ruyaGzEAcE1JdJRqIos2ver1nhHjqV +jRpjm2FhniByXZN73bS1h3VyybLlvp2buShX3phMer+yaM+NZpHEUCSXTs6dT7EH +pONbLvIqq2dDgc/lWpstwsS4pPn2AAiCQnF2F/QLm+49ZgO4EcHvLArfXi2SYRMR +eg86BW7onygzXH/6rxXt0nhF0ht0R1FRMWEMlnJzmb540PT/5Q41mQRQZBYZn26P +cucOEILC0pLfyIAcCGYRuo+o1fknvy8Es7m8/pONQ9HaG4Trz7zQ0xGd6NkKgxaq +6+Fdy+ypWwLY7FToIAeBBqdjM9TMMIF9C2PbPwIDAQABo1MwUTAdBgNVHQ4EFgQU +ggJahkhIR8sneZM/Zs4By86ld1QwHwYDVR0jBBgwFoAUggJahkhIR8sneZM/Zs4B +y86ld1QwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAvu4ZeQ04 +IoHW4JE3WLOzGxbD9ul0AQyRjmvmcTuMnMWZyPigyJRqoMfGsijuf3kustVGq0QH +XTP1I5Xh1y2pTRHgtOOFApQxPWqyxPm/FnjhCsKGB4b98ApXVWdfMJ1XUO+BvNn0 +w2+7M6m9mYY89loktYuNw2fl68llMq/xG4R9RCCmCzZt8u6JeGW+KODgqyW9OXwp +imzsDJRxeiV2b48aIu666szi9wokB0IR242Yx9UJ6zHD0EeueFvVPspL/NJsuoNZ +cQsGPLqOMzLSHzblG9KITxktA4So7GVOcB41elB/Rg2pL1aOeMgl2xewKOMBtE4i +y+/AeyJmz8DOUQ== +-----END CERTIFICATE----- diff --git a/src/test/resources/certs/CA.srl b/src/test/resources/certs/CA.srl new file mode 100644 index 0000000..0c910f8 --- /dev/null +++ b/src/test/resources/certs/CA.srl @@ -0,0 +1 @@ +9578BAE2065F5060 diff --git a/src/test/resources/certs/httpsredirect.com.crt b/src/test/resources/certs/httpsredirect.com.crt new file mode 100644 index 0000000..909f0ea --- /dev/null +++ b/src/test/resources/certs/httpsredirect.com.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDEDCCAfgCCQCVeLriBl9QYDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJG +UjEUMBIGA1UECgwLY2xldmVyY2xvdWQxDTALBgNVBAsMBHNvenUxFDASBgNVBAMM +C2NhLnNvenUuY29tMB4XDTE4MTAyMjE5MzEzNloXDTM4MTAxNzE5MzEzNlowTDEL +MAkGA1UEBhMCRlIxEzARBgNVBAoMCmRldmNvbXBhbnkxDDAKBgNVBAsMA2RldjEa +MBgGA1UEAwwRaHR0cHNyZWRpcmVjdC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDXowLkr/VPKTTnuzxF1bUHcCG81E3z5iJ/jm9TjJ5JGSZcxI22 +Z11aR7WapPnlab/nB9RW0jpk8YxD/To2WH78OOP3hFG8GsDn37bGN6E290iv8O1C +0m+3tX7BYDq9P3CR9CcPYsmLiXiC4AkImgn3eEgrjM76nqebvGEvs04Py+yaDnwr +/xiZoB7zWU1+Nw4jahFuD7PGusN+ifFOYXrGdSPM0GCjjS8WDEtgp12ed7BBewyL +/V6pSoQR/d+zt2rpD1tiHjPymv4/zit+zqBSVks+HlJnCrWRNZa2ALE0HDwtQUF4 +zRawlTR0Y1b+/iSZy3n3zXeNyo3hcjlwMK4LAgMBAAEwDQYJKoZIhvcNAQELBQAD +ggEBABG3ocszFSangqqihhK/1cjRo+KKoK6f2lVmD6U7ZAAqTucC9oB1yv0i/5fx +wQgcdZm8Q8czIh5TFFM/CPsjAx2FaETa+MDxMAMWuzrcthw54+RncJ6crAP7UUTX +Gpq+Kq7ImQBr1xeC7zlo3CIeKM+rH/YyHkhUWmtmo0IYmbF9krtrKHoBvoEhL8SQ +gn4xxui0THCyuWrtUoRXhEm+G17x7npIaEMNGIW0XF7zl1BuCEWpKUOW1UZEEI30 +h7jywJiuK+Hb5/BSc2iQ5cJ4dllgiTdusGjANQQuUr5yVW+QCXxLV39NhDSNmHif +hRApE2QuxAtkuEyMZzohB2uux0w= +-----END CERTIFICATE----- diff --git a/src/test/resources/certs/httpsredirect.com.csr b/src/test/resources/certs/httpsredirect.com.csr new file mode 100644 index 0000000..a86333b --- /dev/null +++ b/src/test/resources/certs/httpsredirect.com.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICkTCCAXkCAQAwTDELMAkGA1UEBhMCRlIxEzARBgNVBAoMCmRldmNvbXBhbnkx +DDAKBgNVBAsMA2RldjEaMBgGA1UEAwwRaHR0cHNyZWRpcmVjdC5jb20wggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXowLkr/VPKTTnuzxF1bUHcCG81E3z +5iJ/jm9TjJ5JGSZcxI22Z11aR7WapPnlab/nB9RW0jpk8YxD/To2WH78OOP3hFG8 +GsDn37bGN6E290iv8O1C0m+3tX7BYDq9P3CR9CcPYsmLiXiC4AkImgn3eEgrjM76 +nqebvGEvs04Py+yaDnwr/xiZoB7zWU1+Nw4jahFuD7PGusN+ifFOYXrGdSPM0GCj +jS8WDEtgp12ed7BBewyL/V6pSoQR/d+zt2rpD1tiHjPymv4/zit+zqBSVks+HlJn +CrWRNZa2ALE0HDwtQUF4zRawlTR0Y1b+/iSZy3n3zXeNyo3hcjlwMK4LAgMBAAGg +ADANBgkqhkiG9w0BAQsFAAOCAQEAOu1OjSdb/2jdD652asZtY3h/0m/uOXpJ7yCD +t5c5c7YvbLswHVUElohG4fQtV1bd4wDYr6MH/D4gd6e6deK55dqj8UcKIoUAXpfm +3M7EhTwCYYBrqzfr6r4wq8d/QP/Xuq0ucK7Pgm7/pfdX9JOim0ac9sV3h2Iujpx+ +MzZjFTlW5Rv2yDBueLkshy1FB1HDvALk958/kAQUrh50Glsw+f6YX3ThW8kyMJWi +P2FROCh+drPUUFG4+fGb0+vZL1i74qr95c3rdVowZ52dR/PsSSMmWlQV6jrXRJvg +AFXrI12WNR/hcJPhLFOOnCgD6wAgsrg9OlF+z7Egvc6YeqBvOA== +-----END CERTIFICATE REQUEST----- diff --git a/src/test/resources/certs/httpsredirect.com.key b/src/test/resources/certs/httpsredirect.com.key new file mode 100644 index 0000000..efa9709 --- /dev/null +++ b/src/test/resources/certs/httpsredirect.com.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA16MC5K/1Tyk057s8RdW1B3AhvNRN8+Yif45vU4yeSRkmXMSN +tmddWke1mqT55Wm/5wfUVtI6ZPGMQ/06Nlh+/Djj94RRvBrA59+2xjehNvdIr/Dt +QtJvt7V+wWA6vT9wkfQnD2LJi4l4guAJCJoJ93hIK4zO+p6nm7xhL7NOD8vsmg58 +K/8YmaAe81lNfjcOI2oRbg+zxrrDfonxTmF6xnUjzNBgo40vFgxLYKddnnewQXsM +i/1eqUqEEf3fs7dq6Q9bYh4z8pr+P84rfs6gUlZLPh5SZwq1kTWWtgCxNBw8LUFB +eM0WsJU0dGNW/v4kmct59813jcqN4XI5cDCuCwIDAQABAoIBAE+qNaNvLl20h4sl +LTtPnLXGw3ATr0jwOMaPRKnFRaUT2YxkQUamIWL9Iyai1H/g9bjQt63rtQ8d/ggQ +QbVaNG/SRMZo6BlqeOIxUEEixDieWwhFJiKNxCBGuTGP76ODEH+bh+KzSGp4u0D+ +q9e1sQDwOxl7x+vnOVzb17vbrnc+3WHduWLpq2QgpY+ngyjcQIUt5bHWY0xNn9lB +o2N1eQeTgDlMdrDUL+FsXH/NS8o2tHD5z2TG8uNnU3nS4HhQxxsDuclR7JIv3VP9 +O8Mu+jQMMvAA1fpUhOoLTOG35K9Wq5QY1JF4Mbfwa93OSgfjGWYnv3HD1gwbyiM1 +IAYBLkECgYEA/jHbRsJ5OcJILUtbSeK/gWnMUDeLM7EWRohssPdhRVrsU7hCMevJ +IbrJfaAw7ccHLWhhXuwa60jfpbDMnYcPqAlWaV1InyrcBOHvhbSBQk4NQfnZAn49 +xm4sLVVXGYdguYSu2h4bEpSSdSBWewJY+3jUuaMVtG2eSfoRtieGQ9MCgYEA2SsN +vrBU3ugiK+7SYVMm7KxEsopBysm3eeLFRmBL0tLkohlpbg8nur23eFFsoRNtT6Jv +EGTRlExOCWEq4+llaNWKy5A8P693FLtaRd15bAarrKSIPbtvme521c5nodVMYCkN +ztI1IhgDNvOvDhTIVbwVL3YNaF2FT4uGND9OYekCgYEAlstAx6NKgucsJiKUDyrC +bKU0nUm1/H5LNqBryjeWrqwXkjq2miLD+Ix0R2AmZogxS9CmIsdx2K4sboCJgdHD +ie2wI2VBVZr5VrQpgWnpXEotNzxebkoxn2twLZx4xR44VRXPHHnLmaQllfIPG33z +B4tQtqd2ksiMpFoC88pSrh0CgYEAoWtADzIwE3PGGpOsqozNDPRLJ85ecuYWy7FE +Yzgmg/Ef4mEzHYyEQmjL29HiBaRUBvI8zZmysiE5i/0+jSOprg+z1/VA4zGAONe9 +lNq3axVWO8AcSI5uuKMoj2mZXBAYcg1x5v4WYl4o3Yqp3rSR6DAiKyH7e0ywT1zt +Bx7bGykCgYEAkrbIv9OhBNNCG9zGZxeKgh2n1cZInFf0qAvZ9klNl22nC7avQBNl +JE0KFrzFSpbsG39Nzwa7g6dLAfiIYQypL4Hh3z8LCXhA8rbhkAbhBn32PmtYeK2e +3Cwfk1Z6lDFo/y9lOmV3udOyHgCU4sLL/bx03ISjJdq+HCDa8SFCfuY= +-----END RSA PRIVATE KEY----- From d24554de45422f8d8e5b993e2d06374c734f44bb Mon Sep 17 00:00:00 2001 From: Alessio Coltellacci Date: Tue, 23 Oct 2018 17:57:35 +0200 Subject: [PATCH 4/4] Add a https request and verify that the server gets the correct protocol in the Forwarded-* headers --- src/test/java/SozuContainerTest.java | 33 ++++++++++++++++++- .../node-backends/app-x-forwarded-proto.js | 16 +++++++++ src/test/resources/sozu/config.toml | 9 +++-- 3 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 src/test/resources/node-backends/app-x-forwarded-proto.js diff --git a/src/test/java/SozuContainerTest.java b/src/test/java/SozuContainerTest.java index 33b3633..98afb62 100644 --- a/src/test/java/SozuContainerTest.java +++ b/src/test/java/SozuContainerTest.java @@ -17,6 +17,7 @@ import java.util.concurrent.CompletableFuture; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import java.util.logging.Level; import java.util.logging.Logger; import static java.net.HttpURLConnection.HTTP_MOVED_PERM; @@ -268,13 +269,43 @@ public void testStickySessions () throws Exception { @Test public void testHttpsredirect() throws Exception { URL sozuUrl = sozuContainer.getBaseUrl("http", SozuContainer.DEFAULT_HTTP_PORT); + int sozuHttpsPort = sozuContainer.getMappedPort(SozuContainer.DEFAULT_HTTPS_PORT); + + + // Setup the backend with app-x-forwarded-proto.js as binary + Backend backend = new Backend("paladin", "172.18.0.14", 8006); + NodeBackendContainer nodeBackend = new NodeBackendContainer(backend.getAddress(), Paths.get("node-backends/app-x-forwarded-proto.js"), backend.getPort()); + nodeBackend.start(); + sozuContainer.addBackend("httpsredirect", backend.getId(), backend.getAddressWithPort()); - HttpResponse res = curl("-H 'Host: httpsredirect.com' " + sozuUrl.toString()); // Verify that the proxy answers with a 301 to the HTTPS version + HttpResponse res = curl("-H 'Host: httpsredirect.com' " + sozuUrl.toString()); assertEquals(HTTP_MOVED_PERM, res.getStatusLine().getStatusCode()); String location = res.getFirstHeader("Location").getValue(); assertEquals("https://httpsredirect.com/", location); + + + // The client does a HTTPS request + // FIXME We set in a magic string the ip gateway of the bridge network until #17 is fixed + // TODO Maybe we should move the /certs folder in a better place + Process p = Runtime.getRuntime().exec("curl -s --cacert ./src/test/resources/certs/CA.pem --resolve httpsredirect.com:" + sozuHttpsPort + ":172.18.0.1 https://httpsredirect.com:" + sozuHttpsPort); + String stdout = IOUtils.toString(p.getInputStream(), "UTF-8"); + String stderr = IOUtils.toString(p.getErrorStream(), "UTF-8"); + + + // Verify that the server gets the correct protocol in the Forwarded-* headers + if(!stdout.isEmpty()) { + // The backend should return the x-forwarded-proto header content + assertEquals("https", stdout); + } + else { + log.log(Level.SEVERE, stderr); + nodeBackend.stop(); + fail(); + } + + nodeBackend.stop(); } } diff --git a/src/test/resources/node-backends/app-x-forwarded-proto.js b/src/test/resources/node-backends/app-x-forwarded-proto.js new file mode 100644 index 0000000..bd9e66e --- /dev/null +++ b/src/test/resources/node-backends/app-x-forwarded-proto.js @@ -0,0 +1,16 @@ +const http = require('http') +const port = process.env.PORT || 8080 + +const requestHandler = (request, response) => { + response.end(request.headers['x-forwarded-proto']) +} + +const server = http.createServer(requestHandler) + +server.listen(port, (err) => { + if (err) { + return console.log('something bad happened', err) + } + + console.log(`server simple is listening on ${port}`) +}) \ No newline at end of file diff --git a/src/test/resources/sozu/config.toml b/src/test/resources/sozu/config.toml index 9505337..596c34b 100644 --- a/src/test/resources/sozu/config.toml +++ b/src/test/resources/sozu/config.toml @@ -23,6 +23,10 @@ protocol = "http" address = "0.0.0.0:80" sticky_name = "SOZUBALANCEID" +[[listeners]] +protocol = "https" +address = "0.0.0.0:443" + [[listeners]] protocol = "http" @@ -122,7 +126,6 @@ https_redirect = true protocol = "http" frontends = [ { address = "0.0.0.0:80", hostname = "httpsredirect.com" }, + { address = "0.0.0.0:443", hostname = "httpsredirect.com", certificate = "/certs/httpsredirect.com.crt", key = "/certs/httpsredirect.com.key" }, ] -backends = [ - { address = "172.18.0.5:8004" } -] \ No newline at end of file +backends = [] \ No newline at end of file