nixos/tests/nginx-http3.nix

   1 import ./make-test-python.nix ({lib, pkgs, ...}:
   2 let
   3   hosts = ''
   4     192.168.2.101 acme.test
   5   '';
   6
   7 in
   8 {
   9   name = "nginx-http3";
  10   meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
  11
  12   nodes = {
  13     server = { pkgs, ... }: {
  14       networking = {
  15         interfaces.eth1 = {
  16           ipv4.addresses = [
  17             { address = "192.168.2.101"; prefixLength = 24; }
  18           ];
  19         };
  20         extraHosts = hosts;
  21         firewall.allowedTCPPorts = [ 443 ];
  22         firewall.allowedUDPPorts = [ 443 ];
  23       };
  24
  25       security.pki.certificates = [
  26         (builtins.readFile ./common/acme/server/ca.cert.pem)
  27       ];
  28
  29       services.nginx = {
  30         enable = true;
  31         package = pkgs.nginxQuic;
  32
  33         virtualHosts."acme.test" = {
  34           onlySSL = true;
  35           sslCertificate = ./common/acme/server/acme.test.cert.pem;
  36           sslCertificateKey = ./common/acme/server/acme.test.key.pem;
  37           http2 = true;
  38           http3 = true;
  39           http3_hq = false;
  40           quic = true;
  41           reuseport = true;
  42           root = lib.mkForce (pkgs.runCommandLocal "testdir" {} ''
  43             mkdir "$out"
  44             cat > "$out/index.html" <<EOF
  45             <html><body>Hello World!</body></html>
  46             EOF
  47             cat > "$out/example.txt" <<EOF
  48             Check http3 protocol.
  49             EOF
  50           '');
  51         };
  52       };
  53     };
  54
  55     client = { pkgs, ... }: {
  56       environment.systemPackages = [ pkgs.curlHTTP3 ];
  57       networking = {
  58         interfaces.eth1 = {
  59           ipv4.addresses = [
  60             { address = "192.168.2.201"; prefixLength = 24; }
  61           ];
  62         };
  63         extraHosts = hosts;
  64       };
  65
  66       security.pki.certificates = [
  67         (builtins.readFile ./common/acme/server/ca.cert.pem)
  68       ];
  69     };
  70   };
  71
  72   testScript = ''
  73     start_all()
  74
  75     server.wait_for_unit("nginx")
  76     server.wait_for_open_port(443)
  77
  78     # Check http connections
  79     client.succeed("curl --verbose --http3-only https://acme.test | grep 'Hello World!'")
  80
  81     # Check downloadings
  82     client.succeed("curl --verbose --http3-only https://acme.test/example.txt --output /tmp/example.txt")
  83     client.succeed("cat /tmp/example.txt | grep 'Check http3 protocol.'")
  84
  85     # Check header reading
  86     client.succeed("curl --verbose --http3-only --head https://acme.test | grep 'content-type'")
  87     client.succeed("curl --verbose --http3-only --head https://acme.test | grep 'HTTP/3 200'")
  88     client.succeed("curl --verbose --http3-only --head https://acme.test/error | grep 'HTTP/3 404'")
  89
  90     # Check change User-Agent
  91     client.succeed("curl --verbose --http3-only --user-agent 'Curl test 3.0' https://acme.test")
  92     server.succeed("cat /var/log/nginx/access.log | grep 'Curl test 3.0'")
  93
  94     server.shutdown()
  95     client.shutdown()
  96   '';
  97 })