d3234553aa
nginx lua needs resty
the enableSandbox option of nginx was removed in 535896671b
the test fails with
```
vm-test-run-nginx-sandbox> machine # [ 47.753580] nginx[1142]: nginx: [alert] detected a LuaJIT version which is not OpenResty's; many optimizations will be disabled and performance will be compromised (see https://github.com/openresty/luajit2 for OpenResty's LuaJIT or, even better, consider using the OpenResty releases from https://openresty.org/en/download.html)
vm-test-run-nginx-sandbox> machine # [ 47.756064] nginx[1142]: nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found:
vm-test-run-nginx-sandbox> machine # [ 57.911766] systemd[1]: Failed to start Nginx Web Server.
```
101 lines
3.3 KiB
Nix
101 lines
3.3 KiB
Nix
import ./make-test-python.nix ({ pkgs, lib, ... }:
|
|
let
|
|
lualibs = [
|
|
pkgs.lua.pkgs.markdown
|
|
];
|
|
|
|
getPath = lib: type: "${lib}/share/lua/${pkgs.lua.luaversion}/?.${type}";
|
|
getLuaPath = lib: getPath lib "lua";
|
|
luaPath = lib.concatStringsSep ";" (map getLuaPath lualibs);
|
|
in
|
|
{
|
|
name = "openresty-lua";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ bbigras ];
|
|
};
|
|
|
|
nodes = {
|
|
webserver = { pkgs, lib, ... }: {
|
|
networking = {
|
|
extraHosts = ''
|
|
127.0.0.1 default.test
|
|
127.0.0.1 sandbox.test
|
|
'';
|
|
};
|
|
services.nginx = {
|
|
enable = true;
|
|
package = pkgs.openresty;
|
|
|
|
commonHttpConfig = ''
|
|
lua_package_path '${luaPath};;';
|
|
'';
|
|
|
|
virtualHosts."default.test" = {
|
|
default = true;
|
|
locations."/" = {
|
|
extraConfig = ''
|
|
default_type text/html;
|
|
access_by_lua '
|
|
local markdown = require "markdown"
|
|
markdown("source")
|
|
';
|
|
'';
|
|
};
|
|
};
|
|
|
|
virtualHosts."sandbox.test" = {
|
|
locations."/test1-write" = {
|
|
extraConfig = ''
|
|
content_by_lua_block {
|
|
local create = os.execute('${pkgs.coreutils}/bin/mkdir /tmp/test1-read')
|
|
local create = os.execute('${pkgs.coreutils}/bin/touch /tmp/test1-read/foo.txt')
|
|
local echo = os.execute('${pkgs.coreutils}/bin/echo worked > /tmp/test1-read/foo.txt')
|
|
}
|
|
'';
|
|
};
|
|
locations."/test1-read" = {
|
|
root = "/tmp";
|
|
};
|
|
locations."/test2-write" = {
|
|
extraConfig = ''
|
|
content_by_lua_block {
|
|
local create = os.execute('${pkgs.coreutils}/bin/mkdir /var/web/test2-read')
|
|
local create = os.execute('${pkgs.coreutils}/bin/touch /var/web/test2-read/bar.txt')
|
|
local echo = os.execute('${pkgs.coreutils}/bin/echo error-worked > /var/web/test2-read/bar.txt')
|
|
}
|
|
'';
|
|
};
|
|
locations."/test2-read" = {
|
|
root = "/var/web";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = { nodes, ... }:
|
|
''
|
|
url = "http://localhost"
|
|
|
|
webserver.wait_for_unit("nginx")
|
|
webserver.wait_for_open_port(80)
|
|
|
|
http_code = webserver.succeed(
|
|
f"curl -w '%{{http_code}}' --head --fail {url}"
|
|
)
|
|
assert http_code.split("\n")[-1] == "200"
|
|
|
|
# This test checks the creation and reading of a file in sandbox mode.
|
|
# Checking write in temporary folder
|
|
webserver.succeed("$(curl -vvv http://sandbox.test/test1-write)")
|
|
webserver.succeed('test "$(curl -fvvv http://sandbox.test/test1-read/foo.txt)" = worked')
|
|
# Checking write in protected folder. In sandbox mode for the nginx service, the folder /var/web is mounted
|
|
# in read-only mode.
|
|
webserver.succeed("mkdir -p /var/web")
|
|
webserver.succeed("chown nginx:nginx /var/web")
|
|
webserver.succeed("$(curl -vvv http://sandbox.test/test2-write)")
|
|
assert "404 Not Found" in machine.succeed(
|
|
"curl -vvv -s http://sandbox.test/test2-read/bar.txt"
|
|
)
|
|
'';
|
|
})
|