def get_base_config():
resolver = get_resolver()
auth = get_auth_config()
config = [get_listen_config(is_proxy=True)]
if settings.PROXIES_CONFIG.ssl_enabled:
config.append(get_ssl_config())
config += [
get_logging_config(),
get_gzip_config(),
get_charset_config(),
get_buffering_config(),
get_timeout_config(),
get_error_page_config(),
get_robots_config(),
get_favicon_config(),
get_healthz_location_config(),
get_auth_location_config(resolver=resolver),
get_streams_location_config(resolver=resolver, auth=auth),
get_services_location_config(resolver=resolver, auth=auth, rewrite=False),
get_services_location_config(resolver=resolver, auth=auth, rewrite=True),
get_api_location_config(resolver=resolver, auth=auth),
]
# config += get_plugins_location_config(resolver=resolver, auth=auth)
return clean_config(config)
def test_ssl(self):
expected = r"""
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
ssl_certificate /etc/ssl/polyaxon/polyaxon.com.crt;
ssl_certificate_key /etc/ssl/polyaxon/polyaxon.com.key;
""" # noqa
assert get_ssl_config() == expected
expected = r"""
# SSL
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s;
resolver_timeout 2s;
ssl_certificate /foo/polyaxon.com.crt;
ssl_certificate_key /foo/polyaxon.com.key;
""" # noqa
settings.PROXIES_CONFIG.ssl_path = "/foo"
assert get_ssl_config() == expected
