nixos/tests/nginx-http3.nix

   1 import ./make-test-python.nix ({lib, pkgs, ...}:
   2 let
   3   hosts = ''
   4     192.168.2.101 acme.test
   5   '';
   6
   7 in
   8 {
   9   name = "nginx-http3";
  10   meta.maintainers = with pkgs.lib.maintainers; [ izorkin ];
  11
  12   nodes = {
  13     server = { pkgs, ... }: {
  14       networking = {
  15         interfaces.eth1 = {
  16           ipv4.addresses = [
  17             { address = "192.168.2.101"; prefixLength = 24; }
  18           ];
  19         };
  20         extraHosts = hosts;
  21         firewall.allowedTCPPorts = [ 443 ];
  22         firewall.allowedUDPPorts = [ 443 ];
  23       };
  24
  25       security.pki.certificates = [
  26         (builtins.readFile ./common/acme/server/ca.cert.pem)
  27       ];
  28
  29       services.nginx = {
  30         enable = true;
  31         package = pkgs.nginxQuic;
  32
  33         virtualHosts."acme.test" = {
  34           onlySSL = true;
  35           sslCertificate = ./common/acme/server/acme.test.cert.pem;
  36           sslCertificateKey = ./common/acme/server/acme.test.key.pem;
  37           http2 = true;
  38           http3 = true;
  39           reuseport = true;
  40           root = lib.mkForce (pkgs.runCommandLocal "testdir2" {} ''
  41             mkdir "$out"
  42             cat > "$out/index.html" <<EOF
  43             <html><body>Hello World!</body></html>
  44             EOF
  45             cat > "$out/example.txt" <<EOF
  46             Check http3 protocol.
  47             EOF
  48           '');
  49         };
  50       };
  51     };
  52
  53     client = { pkgs, ... }: {
  54       environment.systemPackages = [ pkgs.curlHTTP3 ];
  55       networking = {
  56         interfaces.eth1 = {
  57           ipv4.addresses = [
  58             { address = "192.168.2.201"; prefixLength = 24; }
  59           ];
  60         };
  61         extraHosts = hosts;
  62       };
  63
  64       security.pki.certificates = [
  65         (builtins.readFile ./common/acme/server/ca.cert.pem)
  66       ];
  67     };
  68   };
  69
  70   testScript = ''
  71     start_all()
  72
  73     server.wait_for_unit("nginx")
  74     server.wait_for_open_port(443)
  75
  76     # Check http connections
  77     client.succeed("curl --verbose --http3 https://acme.test | grep 'Hello World!'")
  78
  79     # Check downloadings
  80     client.succeed("curl --verbose --http3 https://acme.test/example.txt --output /tmp/example.txt")
  81     client.succeed("cat /tmp/example.txt | grep 'Check http3 protocol.'")
  82
  83     # Check header reading
  84     client.succeed("curl --verbose --http3 --head https://acme.test | grep 'content-type'")
  85
  86     # Check change User-Agent
  87     client.succeed("curl --verbose --http3 --user-agent 'Curl test 3.0' https://acme.test")
  88     server.succeed("cat /var/log/nginx/access.log | grep 'Curl test 3.0'")
  89
  90     server.shutdown()
  91     client.shutdown()
  92   '';
  93 })