test: tests for HTTP/3

Co-authored-by: Nicolas Duchon <nicolas.duchon@gmail.com> Co-authored-by: Niek <100143256+SchoNie@users.noreply.github.com>
2024-11-08 07:49:22 +01:00 · 2023-12-08 00:46:21 +01:00 · 2023-12-08 00:46:21 +01:00 · c4cb1c3797
commit c4cb1c3797
parent ae5beca0fe
10 changed files with 193 additions and 0 deletions
--- a/test/test_http2/test_http2_global_disabled.py
+++ b/test/test_http2/test_http2_global_disabled.py
@ -0,0 +1,8 @@
+import pytest
+import re
+
+def test_http2_global_disabled_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http2-global-disabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert not re.search(r"(?s)http2-global-disabled\.nginx-proxy\.tld.*http2 on", conf)
--- a/test/test_http2/test_http2_global_disabled.yml
+++ b/test/test_http2/test_http2_global_disabled.yml
@ -0,0 +1,15 @@
+services:
+  http2-global-disabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http2-global-disabled.nginx-proxy.tld
+
+  sut:
+    image: nginxproxy/nginx-proxy:test
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment:
+      ENABLE_HTTP2: "false"
--- a/test/test_http3/test_http3_global_disabled.py
+++ b/test/test_http3/test_http3_global_disabled.py
@ -0,0 +1,19 @@
+import pytest
+import re
+
+    #Python Requests is not able to do native http3 requests. 
+    #We only check for directives which should enable http3.
+
+def test_http3_global_disabled_ALTSVC_header(docker_compose, nginxproxy):
+    r = nginxproxy.get("http://http3-global-disabled.nginx-proxy.tld/headers")
+    assert r.status_code == 200
+    assert "Host: http3-global-disabled.nginx-proxy.tld" in r.text
+    assert not "alt-svc" in r.headers
+
+def test_http3_global_disabled_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http3-global-disabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert not re.search(r"(?s)listen 443 quic", conf)
+    assert not re.search(r"(?s)http3 on", conf)
+    assert not re.search(r"(?s)add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf)
--- a/test/test_http3/test_http3_global_disabled.yml
+++ b/test/test_http3/test_http3_global_disabled.yml
@ -0,0 +1,15 @@
+services:
+  http3-global-disabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http3-global-disabled.nginx-proxy.tld
+
+  sut:
+    image: nginxproxy/nginx-proxy:test
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    #environment:
+      #ENABLE_HTTP3: "false"    #Disabled by default
--- a/test/test_http3/test_http3_global_enabled.py
+++ b/test/test_http3/test_http3_global_enabled.py
@ -0,0 +1,21 @@
+import pytest
+import re
+
+    #Python Requests is not able to do native http3 requests. 
+    #We only check for directives which should enable http3.
+
+def test_http3_global_enabled_ALTSVC_header(docker_compose, nginxproxy):
+    r = nginxproxy.get("http://http3-global-enabled.nginx-proxy.tld/headers")
+    assert r.status_code == 200
+    assert "Host: http3-global-enabled.nginx-proxy.tld" in r.text
+    assert "alt-svc" in r.headers
+    assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;'
+
+def test_http3_global_enabled_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http3-global-enabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert re.search(r"listen 443 quic reuseport\;", conf)
+    assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*listen 443 quic", conf)
+    assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*http3 on\;", conf)
+    assert re.search(r"(?s)http3-global-enabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf)
--- a/test/test_http3/test_http3_global_enabled.yml
+++ b/test/test_http3/test_http3_global_enabled.yml
@ -0,0 +1,15 @@
+services:
+  http3-global-enabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http3-global-enabled.nginx-proxy.tld
+
+  sut:
+    image: nginxproxy/nginx-proxy:test
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+    environment:
+      ENABLE_HTTP3: "true"
--- a/test/test_http3/test_http3_vhost.py
+++ b/test/test_http3/test_http3_vhost.py
@ -0,0 +1,49 @@
+import pytest
+import re
+
+    #Python Requests is not able to do native http3 requests. 
+    #We only check for directives which should enable http3.
+
+def test_http3_vhost_enabled_ALTSVC_header(docker_compose, nginxproxy):
+    r = nginxproxy.get("http://http3-vhost-enabled.nginx-proxy.tld/headers")
+    assert r.status_code == 200
+    assert "Host: http3-vhost-enabled.nginx-proxy.tld" in r.text
+    assert "alt-svc" in r.headers
+    assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;'
+
+def test_http3_vhost_enabled_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http3-vhost-enabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert re.search(r"listen 443 quic reuseport\;", conf)
+    assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*listen 443 quic", conf)
+    assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*http3 on\;", conf)
+    assert re.search(r"(?s)http3-vhost-enabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'", conf)
+
+def test_http3_vhost_disabled_ALTSVC_header(docker_compose, nginxproxy):
+    r = nginxproxy.get("http://http3-vhost-disabled.nginx-proxy.tld/headers")
+    assert r.status_code == 200
+    assert "Host: http3-vhost-disabled.nginx-proxy.tld" in r.text
+    assert not "alt-svc" in r.headers
+
+def test_http3_vhost_disabled_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http3-vhost-disabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld.*listen 443 quic.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf)
+    assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld.*http3 on.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf)
+    assert not re.search(r"(?s)http3-vhost-disabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'.*\# http3-vhost-enabled\.nginx-proxy\.tld", conf)
+
+def test_http3_vhost_disabledbydefault_ALTSVC_header(docker_compose, nginxproxy):
+    r = nginxproxy.get("http://http3-vhost-default-disabled.nginx-proxy.tld/headers")
+    assert r.status_code == 200
+    assert "Host: http3-vhost-default-disabled.nginx-proxy.tld" in r.text
+    assert not "alt-svc" in r.headers
+
+def test_http3_vhost_disabledbydefault_config(docker_compose, nginxproxy):
+    conf = nginxproxy.get_conf().decode('ASCII')
+    r = nginxproxy.get("http://http3-vhost-default-disabled.nginx-proxy.tld")
+    assert r.status_code == 200
+    assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld.*listen 443 quic.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf)
+    assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld.*http3 on.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf)
+    assert not re.search(r"(?s)http3-vhost-default-disabled\.nginx-proxy\.tld;.*add_header alt-svc \'h3=\":443\"; ma=86400;\'.*\# http3-vhost-disabled\.nginx-proxy\.tld", conf)
--- a/test/test_http3/test_http3_vhost.yml
+++ b/test/test_http3/test_http3_vhost.yml
@ -0,0 +1,33 @@
+services:
+  http3-vhost-enabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http3-vhost-enabled.nginx-proxy.tld
+    labels:
+      com.github.nginx-proxy.nginx-proxy.http3.enable: "true"
+
+  http3-vhost-disabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http3-vhost-disabled.nginx-proxy.tld
+    labels:
+      com.github.nginx-proxy.nginx-proxy.http3.enable: "false"
+
+  http3-vhost-default-disabled:
+    image: web
+    expose:
+      - "80"
+    environment:
+      WEB_PORTS: 80
+      VIRTUAL_HOST: http3-vhost-default-disabled.nginx-proxy.tld
+
+  sut:
+    image: nginxproxy/nginx-proxy:test
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock:ro
--- a/test/test_ssl/test_hsts.py
+++ b/test/test_ssl/test_hsts.py
@ -31,3 +31,11 @@ def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
    r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
    assert "answer from port 81\n" in r.text
    assert "Strict-Transport-Security" not in r.headers
+
+def test_http3_vhost_enabled_HSTS_default(docker_compose, nginxproxy):
+    r = nginxproxy.get("https://http3-vhost-enabled.nginx-proxy.tld/port", allow_redirects=False)
+    assert "answer from port 81\n" in r.text
+    assert "Strict-Transport-Security" in r.headers
+    assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
+    assert "alt-svc" in r.headers
+    assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;'
--- a/test/test_ssl/test_hsts.yml
+++ b/test/test_ssl/test_hsts.yml
@ -34,6 +34,16 @@ web4:
    HSTS: "off"
    HTTPS_METHOD: "noredirect"

+web5:
+  image: web
+  expose:
+    - "81"
+  environment:
+    WEB_PORTS: "81"
+    VIRTUAL_HOST: http3-vhost-enabled.nginx-proxy.tld
+  labels:
+    com.github.nginx-proxy.nginx-proxy.http3.enable: "true"
+
 sut:
  image: nginxproxy/nginx-proxy:test
  volumes: