From 25b7b82ee08c4422d53f2acb69753774a0fd74ca Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 28 Jul 2023 19:36:55 +0200 Subject: [PATCH] nixos/nginx: add test for status page --- nixos/tests/all-tests.nix | 1 + nixos/tests/nginx-status-page.nix | 72 +++++++++++++++++++++++++++++ pkgs/servers/http/nginx/generic.nix | 2 +- 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/nginx-status-page.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c707200def09..02c4cbb67aaa 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -538,6 +538,7 @@ in { nginx-pubhtml = handleTest ./nginx-pubhtml.nix {}; nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {}; nginx-sso = handleTest ./nginx-sso.nix {}; + nginx-status-page = handleTest ./nginx-status-page.nix {}; nginx-variants = handleTest ./nginx-variants.nix {}; nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {}; nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {}; diff --git a/nixos/tests/nginx-status-page.nix b/nixos/tests/nginx-status-page.nix new file mode 100644 index 000000000000..ff2c0940379c --- /dev/null +++ b/nixos/tests/nginx-status-page.nix @@ -0,0 +1,72 @@ +import ./make-test-python.nix ({ pkgs, ... }: { + name = "nginx-status-page"; + meta = with pkgs.lib.maintainers; { + maintainers = [ h7x4 ]; + }; + + nodes = { + webserver = { ... }: { + virtualisation.vlans = [ 1 ]; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + }; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.1/24"; + }; + + services.nginx = { + enable = true; + statusPage = true; + virtualHosts."localhost".locations."/index.html".return = "200 'hello world\n'"; + }; + + environment.systemPackages = with pkgs; [ curl ]; + }; + + client = { ... }: { + virtualisation.vlans = [ 1 ]; + + networking = { + useNetworkd = true; + useDHCP = false; + firewall.enable = false; + }; + + systemd.network.networks."01-eth1" = { + name = "eth1"; + networkConfig.Address = "10.0.0.2/24"; + }; + + environment.systemPackages = with pkgs; [ curl ]; + }; + }; + + testScript = { nodes, ... }: '' + start_all() + + webserver.wait_for_unit("nginx") + webserver.wait_for_open_port(80) + + def expect_http_code(node, code, url): + http_code = node.succeed(f"curl -w '%{{http_code}}' '{url}'") + assert http_code.split("\n")[-1].strip() == code, \ + f"expected {code} but got following response:\n{http_code}" + + with subtest("localhost can access status page"): + expect_http_code(webserver, "200", "http://localhost/nginx_status") + + with subtest("localhost can access other page"): + expect_http_code(webserver, "200", "http://localhost/index.html") + + with subtest("client can not access status page"): + expect_http_code(client, "403", "http://10.0.0.1/nginx_status") + + with subtest("client can access other page"): + expect_http_code(client, "200", "http://10.0.0.1/index.html") + ''; +}) diff --git a/pkgs/servers/http/nginx/generic.nix b/pkgs/servers/http/nginx/generic.nix index f8768461ab4a..13fb5faee560 100644 --- a/pkgs/servers/http/nginx/generic.nix +++ b/pkgs/servers/http/nginx/generic.nix @@ -178,7 +178,7 @@ stdenv.mkDerivation { passthru = { inherit modules; tests = { - inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol; + inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol nginx-status-page; variants = lib.recurseIntoAttrs nixosTests.nginx-variants; acme-integration = nixosTests.acme; } // passthru.tests;