summaryrefslogtreecommitdiff
path: root/service/http
diff options
context:
space:
mode:
Diffstat (limited to 'service/http')
-rw-r--r--service/http/config.go31
-rw-r--r--service/http/config_test.go80
-rw-r--r--service/http/ssl_test.go215
3 files changed, 312 insertions, 14 deletions
diff --git a/service/http/config.go b/service/http/config.go
index d9adf727..54380d11 100644
--- a/service/http/config.go
+++ b/service/http/config.go
@@ -15,19 +15,7 @@ type Config struct {
Address string
// SSL defines https server options.
- SSL struct {
- // Port to listen as HTTPS server, defaults to 443.
- Port int
-
- // Redirect when enabled forces all http connections to switch to https.
- Redirect bool
-
- // Key defined private server key.
- Key string
-
- // Cert is https certificate.
- Cert string
- }
+ SSL SSLConfig
// MaxRequest specified max size for payload body in megabytes, set 0 to unlimited.
MaxRequest int64
@@ -39,6 +27,21 @@ type Config struct {
Workers *roadrunner.ServerConfig
}
+// SSLConfig defines https server configuration.
+type SSLConfig struct {
+ // Port to listen as HTTPS server, defaults to 443.
+ Port int
+
+ // Redirect when enabled forces all http connections to switch to https.
+ Redirect bool
+
+ // Key defined private server key.
+ Key string
+
+ // Cert is https certificate.
+ Cert string
+}
+
// EnableTLS returns true if rr must listen TLS connections.
func (c *Config) EnableTLS() bool {
return c.SSL.Key != "" || c.SSL.Cert != ""
@@ -107,7 +110,7 @@ func (c *Config) Valid() error {
if _, err := os.Stat(c.SSL.Cert); err != nil {
if os.IsNotExist(err) {
- return fmt.Errorf("cert file '%s' does not exists", c.SSL.Key)
+ return fmt.Errorf("cert file '%s' does not exists", c.SSL.Cert)
}
return err
diff --git a/service/http/config_test.go b/service/http/config_test.go
index 823efb32..07901cb6 100644
--- a/service/http/config_test.go
+++ b/service/http/config_test.go
@@ -51,6 +51,86 @@ func Test_Config_Valid(t *testing.T) {
assert.NoError(t, cfg.Valid())
}
+func Test_Config_Valid_SSL(t *testing.T) {
+ cfg := &Config{
+ Address: ":8080",
+ SSL: SSLConfig{
+ Cert: "fixtures/server.crt",
+ Key: "fixtures/server.key",
+ },
+ MaxRequest: 1024,
+ Uploads: &UploadsConfig{
+ Dir: os.TempDir(),
+ Forbid: []string{".go"},
+ },
+ Workers: &roadrunner.ServerConfig{
+ Command: "php tests/client.php echo pipes",
+ Relay: "pipes",
+ Pool: &roadrunner.Config{
+ NumWorkers: 1,
+ AllocateTimeout: time.Second,
+ DestroyTimeout: time.Second,
+ },
+ },
+ }
+
+ assert.Error(t, cfg.Hydrate(&testCfg{httpCfg: "{}"}))
+
+ assert.NoError(t, cfg.Valid())
+ assert.True(t, cfg.EnableTLS())
+ assert.Equal(t, 443, cfg.SSL.Port)
+}
+
+func Test_Config_SSL_No_key(t *testing.T) {
+ cfg := &Config{
+ Address: ":8080",
+ SSL: SSLConfig{
+ Cert: "fixtures/server.crt",
+ },
+ MaxRequest: 1024,
+ Uploads: &UploadsConfig{
+ Dir: os.TempDir(),
+ Forbid: []string{".go"},
+ },
+ Workers: &roadrunner.ServerConfig{
+ Command: "php tests/client.php echo pipes",
+ Relay: "pipes",
+ Pool: &roadrunner.Config{
+ NumWorkers: 1,
+ AllocateTimeout: time.Second,
+ DestroyTimeout: time.Second,
+ },
+ },
+ }
+
+ assert.Error(t, cfg.Valid())
+}
+
+func Test_Config_SSL_No_Cert(t *testing.T) {
+ cfg := &Config{
+ Address: ":8080",
+ SSL: SSLConfig{
+ Key: "fixtures/server.key",
+ },
+ MaxRequest: 1024,
+ Uploads: &UploadsConfig{
+ Dir: os.TempDir(),
+ Forbid: []string{".go"},
+ },
+ Workers: &roadrunner.ServerConfig{
+ Command: "php tests/client.php echo pipes",
+ Relay: "pipes",
+ Pool: &roadrunner.Config{
+ NumWorkers: 1,
+ AllocateTimeout: time.Second,
+ DestroyTimeout: time.Second,
+ },
+ },
+ }
+
+ assert.Error(t, cfg.Valid())
+}
+
func Test_Config_NoUploads(t *testing.T) {
cfg := &Config{
Address: ":8080",
diff --git a/service/http/ssl_test.go b/service/http/ssl_test.go
new file mode 100644
index 00000000..5fcd19ce
--- /dev/null
+++ b/service/http/ssl_test.go
@@ -0,0 +1,215 @@
+package http
+
+import (
+ "testing"
+ "github.com/sirupsen/logrus/hooks/test"
+ "github.com/sirupsen/logrus"
+ "github.com/spiral/roadrunner/service"
+ "github.com/stretchr/testify/assert"
+ "time"
+ "net/http"
+ "io/ioutil"
+ "crypto/tls"
+)
+
+var sslClient = &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ InsecureSkipVerify: true,
+ },
+ },
+}
+
+func Test_SSL_Service_Echo(t *testing.T) {
+ logger, _ := test.NewNullLogger()
+ logger.SetLevel(logrus.DebugLevel)
+
+ c := service.NewContainer(logger)
+ c.Register(ID, &Service{})
+
+ assert.NoError(t, c.Init(&testCfg{httpCfg: `{
+ "address": ":6029",
+ "ssl": {
+ "port": 6900,
+ "key": "fixtures/server.key",
+ "cert": "fixtures/server.crt"
+ },
+ "workers":{
+ "command": "php ../../tests/http/client.php echo pipes",
+ "pool": {"numWorkers": 1}
+ }
+ }`}))
+
+ s, st := c.Get(ID)
+ assert.NotNil(t, s)
+ assert.Equal(t, service.StatusOK, st)
+
+ // should do nothing
+ s.(*Service).Stop()
+
+ go func() { c.Serve() }()
+ time.Sleep(time.Millisecond * 100)
+ defer c.Stop()
+
+ req, err := http.NewRequest("GET", "https://localhost:6900?hello=world", nil)
+ assert.NoError(t, err)
+
+ r, err := sslClient.Do(req)
+ assert.NoError(t, err)
+ defer r.Body.Close()
+
+ b, err := ioutil.ReadAll(r.Body)
+ assert.NoError(t, err)
+
+ assert.NoError(t, err)
+ assert.Equal(t, 201, r.StatusCode)
+ assert.Equal(t, "WORLD", string(b))
+}
+
+func Test_SSL_Service_NoRedirect(t *testing.T) {
+ logger, _ := test.NewNullLogger()
+ logger.SetLevel(logrus.DebugLevel)
+
+ c := service.NewContainer(logger)
+ c.Register(ID, &Service{})
+
+ assert.NoError(t, c.Init(&testCfg{httpCfg: `{
+ "address": ":6029",
+ "ssl": {
+ "port": 6900,
+ "key": "fixtures/server.key",
+ "cert": "fixtures/server.crt"
+ },
+ "workers":{
+ "command": "php ../../tests/http/client.php echo pipes",
+ "pool": {"numWorkers": 1}
+ }
+ }`}))
+
+ s, st := c.Get(ID)
+ assert.NotNil(t, s)
+ assert.Equal(t, service.StatusOK, st)
+
+ // should do nothing
+ s.(*Service).Stop()
+
+ go func() { c.Serve() }()
+ time.Sleep(time.Millisecond * 100)
+ defer c.Stop()
+
+ req, err := http.NewRequest("GET", "http://localhost:6029?hello=world", nil)
+ assert.NoError(t, err)
+
+ r, err := sslClient.Do(req)
+ assert.NoError(t, err)
+ defer r.Body.Close()
+
+ assert.Nil(t, r.TLS)
+
+ b, err := ioutil.ReadAll(r.Body)
+ assert.NoError(t, err)
+
+ assert.NoError(t, err)
+ assert.Equal(t, 201, r.StatusCode)
+ assert.Equal(t, "WORLD", string(b))
+}
+
+func Test_SSL_Service_Redirect(t *testing.T) {
+ logger, _ := test.NewNullLogger()
+ logger.SetLevel(logrus.DebugLevel)
+
+ c := service.NewContainer(logger)
+ c.Register(ID, &Service{})
+
+ assert.NoError(t, c.Init(&testCfg{httpCfg: `{
+ "address": ":6029",
+ "ssl": {
+ "port": 6900,
+ "redirect": true,
+ "key": "fixtures/server.key",
+ "cert": "fixtures/server.crt"
+ },
+ "workers":{
+ "command": "php ../../tests/http/client.php echo pipes",
+ "pool": {"numWorkers": 1}
+ }
+ }`}))
+
+ s, st := c.Get(ID)
+ assert.NotNil(t, s)
+ assert.Equal(t, service.StatusOK, st)
+
+ // should do nothing
+ s.(*Service).Stop()
+
+ go func() { c.Serve() }()
+ time.Sleep(time.Millisecond * 100)
+ defer c.Stop()
+
+ req, err := http.NewRequest("GET", "http://localhost:6029?hello=world", nil)
+ assert.NoError(t, err)
+
+ r, err := sslClient.Do(req)
+ assert.NoError(t, err)
+ defer r.Body.Close()
+
+ assert.NotNil(t, r.TLS)
+
+ b, err := ioutil.ReadAll(r.Body)
+ assert.NoError(t, err)
+
+ assert.NoError(t, err)
+ assert.Equal(t, 201, r.StatusCode)
+ assert.Equal(t, "WORLD", string(b))
+}
+
+func Test_SSL_Service_Push(t *testing.T) {
+ logger, _ := test.NewNullLogger()
+ logger.SetLevel(logrus.DebugLevel)
+
+ c := service.NewContainer(logger)
+ c.Register(ID, &Service{})
+
+ assert.NoError(t, c.Init(&testCfg{httpCfg: `{
+ "address": ":6029",
+ "ssl": {
+ "port": 6900,
+ "redirect": true,
+ "key": "fixtures/server.key",
+ "cert": "fixtures/server.crt"
+ },
+ "workers":{
+ "command": "php ../../tests/http/client.php push pipes",
+ "pool": {"numWorkers": 1}
+ }
+ }`}))
+
+ s, st := c.Get(ID)
+ assert.NotNil(t, s)
+ assert.Equal(t, service.StatusOK, st)
+
+ // should do nothing
+ s.(*Service).Stop()
+
+ go func() { c.Serve() }()
+ time.Sleep(time.Millisecond * 100)
+ defer c.Stop()
+
+ req, err := http.NewRequest("GET", "https://localhost:6900?hello=world", nil)
+ assert.NoError(t, err)
+
+ r, err := sslClient.Do(req)
+ assert.NoError(t, err)
+ defer r.Body.Close()
+
+ assert.NotNil(t, r.TLS)
+
+ b, err := ioutil.ReadAll(r.Body)
+ assert.NoError(t, err)
+
+ assert.Equal(t, "", r.Header.Get("http2-push"))
+
+ assert.NoError(t, err)
+ assert.Equal(t, 201, r.StatusCode)
+ assert.Equal(t, "WORLD", string(b))
+}