diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml index ab78c38f..4257bc23 100644 --- a/.github/workflows/smoke-tests.yml +++ b/.github/workflows/smoke-tests.yml @@ -23,6 +23,7 @@ jobs: - healthcheck - i18n - log-file + - nginx - palemoon/amd64 #- palemoon/i386 - robots_txt @@ -35,10 +36,10 @@ jobs: - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 with: - node-version: '24.11.0' + node-version: "24.11.0" - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 with: - go-version: '1.25.4' + go-version: "1.25.4" - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 diff --git a/docs/docs/admin/environments/nginx/conf-anubis.inc b/docs/docs/admin/environments/nginx/conf-anubis.inc index 78c10ca9..6e5083ae 100644 --- a/docs/docs/admin/environments/nginx/conf-anubis.inc +++ b/docs/docs/admin/environments/nginx/conf-anubis.inc @@ -1,4 +1,4 @@ -# /etc/nginx/conf.d/conf-anubis.inc +# /etc/nginx/conf-anubis.inc # Forward to anubis location / { diff --git a/test/nginx/conf/nginx/conf-anubis.inc b/test/nginx/conf/nginx/conf-anubis.inc new file mode 100644 index 00000000..6e5083ae --- /dev/null +++ b/test/nginx/conf/nginx/conf-anubis.inc @@ -0,0 +1,8 @@ +# /etc/nginx/conf-anubis.inc + +# Forward to anubis +location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://anubis; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf new file mode 100644 index 00000000..e0e69e6c --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/server-mimi-techaro-lol.conf @@ -0,0 +1,29 @@ +# /etc/nginx/conf.d/server-mimi-techaro-lol.conf + +server { + # Listen on 443 with SSL + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + # Slipstream via Anubis + include "conf-anubis.inc"; + + server_name mimi.techaro.lol; + + ssl_certificate /techaro/pki/mimi.techaro.lol/cert.pem; + ssl_certificate_key /techaro/pki/mimi.techaro.lol/key.pem; +} + +server { + listen unix:/tmp/nginx.sock; + + server_name mimi.techaro.lol; + + port_in_redirect off; + root "/srv/http/mimi.techaro.lol"; + index index.html; + + # Your normal configuration can go here + # location .php { fastcgi...} etc. +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/conf.d/upstream-anubis.conf b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf new file mode 100644 index 00000000..7aca929f --- /dev/null +++ b/test/nginx/conf/nginx/conf.d/upstream-anubis.conf @@ -0,0 +1,17 @@ +# /etc/nginx/conf.d/upstream-anubis.conf + +upstream anubis { + zone anubis_zone 64k; + # Make sure this matches the values you set for `BIND` and `BIND_NETWORK`. + # If this does not match, your services will not be protected by Anubis. + + # Try anubis first over a UNIX socket + #server unix:/run/anubis/nginx.sock; + server anubis:3000 resolve; + + # Optional: fall back to serving the websites directly. This allows your + # websites to be resilient against Anubis failing, at the risk of exposing + # them to the raw internet without protection. This is a tradeoff and can + # be worth it in some edge cases. + #server unix:/run/nginx.sock backup; +} \ No newline at end of file diff --git a/test/nginx/conf/nginx/mime.types b/test/nginx/conf/nginx/mime.types new file mode 100644 index 00000000..1c00d701 --- /dev/null +++ b/test/nginx/conf/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/test/nginx/conf/nginx/nginx.conf b/test/nginx/conf/nginx/nginx.conf new file mode 100644 index 00000000..90be80e7 --- /dev/null +++ b/test/nginx/conf/nginx/nginx.conf @@ -0,0 +1,32 @@ +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + resolver 169.254.42.1 valid=300s ipv6=on; + resolver_timeout 10s; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/test/nginx/test.sh b/test/nginx/test.sh new file mode 100755 index 00000000..4062cfe7 --- /dev/null +++ b/test/nginx/test.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +export VERSION=$GITHUB_COMMIT-test +export KO_DOCKER_REPO=ko.local + +source ../lib/lib.sh + +set -euo pipefail + +build_anubis_ko +mint_cert mimi.techaro.lol + +docker run --rm -it \ + -v ./conf/nginx:/etc/nginx:ro \ + -v ../pki:/techaro/pki:ro \ + nginx \ + nginx -t + +docker compose up -d + +docker compose down -t 1 || : +docker compose rm -f || : + +exit 0