forked from alphagov/pay-nginx-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ci-build.sh
executable file
·152 lines (130 loc) · 5.83 KB
/
ci-build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/usr/bin/env bash
set -e
TAG=ngx
: "${BUILD_NUMBER:=${DRONE_BUILD_NUMBER}}"
PORT=$((${BUILD_NUMBER} + 1025))
: "${BUILD_NUMBER:=local}"
START_INSTANCE="docker run "
: ${DOCKER_HOST_NAME:=172.17.0.1}
MOCKSERVER="mockserver-${BUILD_NUMBER}"
SLOWMOCKSERVER="slowmockserver-${BUILD_NUMBER}"
MOCKSERVER_PORT=9000
SLOWMOCKSERVER_PORT=9001
WORKDIR="${PWD}"
function tear_down_container() {
container=$1
if docker ps -a | grep "${container}" &>/dev/null ; then
if docker ps | grep "${container}" &>/dev/null ; then
docker kill "${container}" &>/dev/null || true
fi
docker rm "${container}" &>/dev/null || true
fi
}
function clean_up() {
rm -f /tmp/file.txt
tear_down_container "${MOCKSERVER}"
tear_down_container "${SLOWMOCKSERVER}"
tear_down_container "${TAG}-${BUILD_NUMBER}"
}
function start_test() {
INSTANCE="${TAG}-${BUILD_NUMBER}"
tear_down_container "${INSTANCE}"
HTTPS_LISTEN_PORT=${HTTPS_LISTEN_PORT:-10443}
echo ""
echo ""
echo "_____________"
echo "STARTING TEST:$1"
echo "============="
shift
echo "Running:$@ --name ${INSTANCE} -p ${PORT}:${HTTPS_LISTEN_PORT} ${TAG}"
bash -c "$@ --name ${INSTANCE} -d -p ${PORT}:${HTTPS_LISTEN_PORT} ${TAG}"
docker run --rm --link ${INSTANCE}:${INSTANCE} martin/wait
}
clean_up
STD_CMD="${START_INSTANCE}"
echo "========"
echo "BUILD..."
echo "========"
echo "travis_fold:start:BUILD"
docker build -t ${TAG} .
echo "travis_fold:end:BUILD"
echo "Running mocking-server..."
docker build -t mockserver:latest ${WORKDIR} -f docker-config/Dockerfile.mockserver
${STD_CMD} -d \
--log-driver json-file \
--name="${MOCKSERVER}" mockserver:latest \
-config=/test-servers.yaml \
-debug \
-port=${MOCKSERVER_PORT}
docker run --rm --link "${MOCKSERVER}:${MOCKSERVER}" martin/wait -c "${MOCKSERVER}:${MOCKSERVER_PORT}"
echo "Running slow-mocking-server..."
docker build -t slowmockserver:latest ${WORKDIR} -f docker-config/Dockerfile.slowmockserver
${STD_CMD} -d \
--log-driver json-file \
--name="${SLOWMOCKSERVER}" slowmockserver:latest \
-config=/test-servers.yaml \
-monkeyConfig=/monkey-business.yaml \
-debug \
-port=${SLOWMOCKSERVER_PORT}
docker run --rm --link "${SLOWMOCKSERVER}:${SLOWMOCKSERVER}" martin/wait -c "${SLOWMOCKSERVER}:${SLOWMOCKSERVER_PORT}"
echo "=========="
echo "TESTING..."
echo "=========="
start_test "Start with minimal settings" "${STD_CMD} \
--log-driver json-file \
-e \"PROXY_SERVICE_HOST=http://www.w3.org\" \
-e \"PROXY_SERVICE_PORT=80\""
echo "Test it's up and working..."
curl --fail -sk -o /dev/null https://${DOCKER_HOST_NAME}:${PORT}/
echo "Check the log output"
# Should look something like: {localhost:10443 0cedbe2eae0760fd180a4347975376d3 - 172.17.0.1 - [11/Sep/2019:14:00:53 +0000] "GET / HTTP/1.1" 200 32424 0.294 - "-" "curl/7.54.0"}
docker logs "$INSTANCE" | grep -E '\{[^:]+:'${HTTPS_LISTEN_PORT:-10443}' [0-9a-f]+ - [0-9.]+ - \[[0-9]+/[A-Z][a-z][a-z]/[0-9:]{13} \+[0-9]{4}\] "GET / HTTP/1\.1" [0-9]{3} [0-9]+ [0-9]+\.[0-9]{3} - "-" "[^"]+"\}'
echo "Test limited protcol and SSL cipher... "
docker run --link ${INSTANCE}:${INSTANCE}--rm --entrypoint bash ngx -c "echo GET / | /usr/bin/openssl s_client -cipher 'AES256+EECDH' -tls1_2 -connect ${INSTANCE}:10443" &> /dev/null;
echo "Test sslv2 not accepted...."
if docker run --link ${INSTANCE}:${INSTANCE}--rm --entrypoint bash ngx -c "echo GET / | /usr/bin/openssl s_client -ssl2 -connect ${INSTANCE}:10443" &> /dev/null; then
echo "FAIL SSL defaults settings allow ssl2 ......"
exit 2
fi
start_test "Test response has gzip" "${STD_CMD} \
--log-driver json-file \
-e \"PROXY_SERVICE_HOST=http://${MOCKSERVER}\" \
-e \"PROXY_SERVICE_PORT=${MOCKSERVER_PORT}\" \
--link \"${MOCKSERVER}:${MOCKSERVER}\" "
echo "Test gzip ok..."
curl -s -I -X GET -k --compressed https://${DOCKER_HOST_NAME}:${PORT}/gzip | grep -q 'Content-Encoding: gzip'
start_test "Start with multi locations settings" "${STD_CMD} \
--log-driver json-file \
-e \"LOCATIONS_CSV=/,/news\" \
-e \"PROXY_SERVICE_HOST_1=http://www.w3.org\" \
-e \"PROXY_SERVICE_PORT_1=80\" \
-e \"PROXY_SERVICE_HOST_2=http://www.bbc.co.uk\" \
-e \"PROXY_SERVICE_PORT_2=80\""
echo "Test for location 1 @ /..."
curl --fail -sk -o /dev/null https://${DOCKER_HOST_NAME}:${PORT}/
echo "Test for news..."
curl --fail -sk -o /dev/null -H "Host: www.bbc.co.uk" https://${DOCKER_HOST_NAME}:${PORT}/news
start_test "Start with Multiple locations, single proxy and NAXSI download." "${STD_CMD} \
--log-driver json-file \
-e \"PROXY_SERVICE_HOST=http://www.bbc.co.uk\" \
-e \"PROXY_SERVICE_PORT=80\" \
-e \"LOCATIONS_CSV=/,/news\" \
-e \"NAXSI_RULES_URL_CSV_1=https://raw.githubusercontent.com/nbs-system/naxsi-rules/master/drupal.rules\" \
-e \"NAXSI_RULES_MD5_CSV_1=3b3c24ed61683ab33d8441857c315432\""
echo "Test for all OK..."
curl --fail -sk -o /dev/null -H "Host: www.bbc.co.uk" https://${DOCKER_HOST_NAME}:${PORT}/
start_test "Start with Custom upload size" "${STD_CMD} \
--log-driver json-file \
-e \"PROXY_SERVICE_HOST=http://${MOCKSERVER}\" \
-e \"PROXY_SERVICE_PORT=${MOCKSERVER_PORT}\" \
-e \"CLIENT_MAX_BODY_SIZE=15\" \
-e \"NAXSI_USE_DEFAULT_RULES=FALSE\" \
--link \"${MOCKSERVER}:${MOCKSERVER}\" "
dd if=/dev/urandom of=/tmp/file.txt bs=1048576 count=10
echo "Upload a large file"
curl -k -F "file=@/tmp/file.txt;filename=nameinpost" \
https://${DOCKER_HOST_NAME}:${PORT}/uploads/doc &> /tmp/upload_test.txt
grep "Thanks for the big doc" /tmp/upload_test.txt &> /dev/null
echo "_________________________________"
echo "We got here, ALL tests successful"
clean_up