Verified Commit 231f7169 authored by tr's avatar tr
Browse files

Test the entrypoint configuration

parent 877c2760
Pipeline #6573 failed with stages
in 19 minutes and 8 seconds
......@@ -3,11 +3,51 @@ include:
- project: 'netlab/apps/base'
file: '/gitlab-ci.build.yml'
Test Image:
Test Image Base:
extends: .test-image
script:
- nginx -t 2>&1 | grep ModSecurity-nginx
- test -x /usr/local/bin/modsec-rules-check
- test -f /etc/modsecurity/coreruleset/crs-setup.conf
Test Image with Server Name:
extends: .test-image
variables:
SERVER_NAME: "www.example.com"
script:
- nginx -t 2>&1 | grep ModSecurity-nginx
- grep -E 'server_name.*www.example.com' /etc/nginx/conf.d/default.conf
Test Image TLS key:
extends: .test-image
variables:
TLS_KEY: "/etc/pki/tls/private/nginx.key"
TLS_CERT: "/etc/pki/tls/certs/nginx.pem"
script:
- nginx -t 2>&1 | grep ModSecurity-nginx
- test -f /etc/pki/tls/private/nginx.key
- test -f /etc/pki/tls/certs/nginx.pem
- grep -E 'listen.*:443.*ssl' /etc/nginx/conf.d/default.conf
- grep -E 'ssl.*on' /etc/nginx/conf.d/default.conf
- grep -E 'ssl_certificate_key.*/etc/pki/tls/private/nginx.key' /etc/nginx/conf.d/default.conf
- grep -E 'ssl_certificate.*/etc/pki/tls/certs/nginx.pem' /etc/nginx/conf.d/default.conf
Test Image Base Backend:
extends: .test-image
variables:
BACKEND: "https://www.example.com/"
script:
- nginx -t 2>&1 | grep ModSecurity-nginx
- grep -E 'proxy_ssl_ciphers' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_ssl_protocols' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_ssl_session_reuse' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_ssl_verify.*on' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_pass.*https://www.example.com/' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_request_buffering' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_buffering' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_cache_use_stale' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_read_timeout' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_connect_timeout' /etc/nginx/conf.d/default.conf
- grep -E 'proxy_send_timeout' /etc/nginx/conf.d/default.conf
# vim: set ts=2 sw=2 :
......@@ -27,6 +27,10 @@ fi
if [ -n "$BACKEND" ]; then
sed \
-e "/client_max_body_size.*/a \ \ proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_protocols TLSv1.3;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_session_reuse on;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_verify ${BACKEND_VERIFY:-on};" \
-e "/root\ .*/d" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_pass $BACKEND;" \
-e "/^\ \ location\ \/\ {$/a \ \ \ \ proxy_request_buffering off;" \
......@@ -38,13 +42,4 @@ if [ -n "$BACKEND" ]; then
-i /etc/nginx/conf.d/default.conf
fi
if [ -n "$BACKEND_TLS" ]; then
sed \
-e "/client_max_body_size.*/a \ \ proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_protocols TLSv1.3;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_session_reuse on;" \
-e "/client_max_body_size.*/a \ \ proxy_ssl_verify off;" \
-i /etc/nginx/conf.d/default.conf
fi
exec "$@"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment