test: add apache, caddy, and nginx smoke test environments

Signed-off-by: Xe Iaso <me@xeiaso.net>
2026-04-14 20:48:44 +00:00 · 2025-04-28 17:52:23 -04:00
parent 884af5fd4c
commit dfa7025afe
20 changed files with 275 additions and 0 deletions
--- a/test/nginx/Dockerfile
+++ b/test/nginx/Dockerfile
@@ -0,0 +1,4 @@
+FROM nginx
+
+COPY conf.d/ /etc/nginx/conf.d/
+COPY snippets /etc/nginx/snippets
--- a/test/nginx/conf.d/http.conf
+++ b/test/nginx/conf.d/http.conf
@@ -0,0 +1,10 @@
+server {
+       listen 80;
+       listen [::]:80;
+       server_name nginx.local.cetacean.club;
+
+       location / {
+              proxy_pass http://anubis:3000;
+              include snippets/proxy_params;
+       }
+}
--- a/test/nginx/conf.d/https.conf
+++ b/test/nginx/conf.d/https.conf
@@ -0,0 +1,14 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name nginx.local.cetacean.club;
+
+  ssl_certificate /etc/techaro/pki/nginx.local.cetacean.club/cert.pem;
+  ssl_certificate_key /etc/techaro/pki/nginx.local.cetacean.club/key.pem;
+  include snippets/ssl_params;
+
+  location / {
+    proxy_pass http://anubis:3000;
+    include snippets/proxy_params;
+  }
+}
--- a/test/nginx/docker-compose.yaml
+++ b/test/nginx/docker-compose.yaml
@@ -0,0 +1,22 @@
+services:
+  httpd:
+    image: xxxtest/nginx
+    build: .
+    volumes:
+      - "../pki/nginx.local.cetacean.club:/etc/techaro/pki/nginx.local.cetacean.club/"
+    ports:
+      - 8080:80
+      - 8443:443
+
+  anubis:
+    image: git.xeserv.us/techaro/anubis:cel
+    environment:
+      BIND: ":3000"
+      TARGET: http://httpdebug:3000
+      POLICY_FNAME: /etc/techaro/anubis/less_paranoid.yaml
+    volumes:
+      - ../anubis_configs:/etc/techaro/anubis
+
+  httpdebug:
+    image: ghcr.io/xe/x/httpdebug
+    pull_policy: always
--- a/test/nginx/snippets/proxy_params
+++ b/test/nginx/snippets/proxy_params
@@ -0,0 +1,7 @@
+proxy_set_header Host $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Http-Version $server_protocol;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Request-Id $request_id;
+proxy_set_header X-Forwarded-Host $host;
--- a/test/nginx/snippets/ssl_params
+++ b/test/nginx/snippets/ssl_params
@@ -0,0 +1,11 @@
+ssl_protocols TLSv1.3;
+ssl_prefer_server_ciphers on;
+ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
+ssl_ecdh_curve secp384r1;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 5s;
--- a/test/nginx/start.sh
+++ b/test/nginx/start.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+# If the transient local TLS certificate doesn't exist, mint a new one
+if [ ! -f ../pki/nginx.local.cetacean.club/cert.pem ]; then
+  # Subshell to contain the directory change
+  (
+    cd ../pki \
+    && mkdir -p nginx.local.cetacean.club \
+    && \
+    # Try using https://github.com/FiloSottile/mkcert for better DevEx,
+    # but fall back to using https://github.com/jsha/minica in case
+    # you don't have that installed.
+    (
+      mkcert \
+        --cert-file ./nginx.local.cetacean.club/cert.pem \
+        --key-file ./nginx.local.cetacean.club/key.pem nginx.local.cetacean.club \
+      || go tool minica -domains nginx.local.cetacean.club
+    )
+  )
+fi
+
+docker compose up --build