def get_base_config(): resolver = get_resolver() auth = get_auth_config() config = [get_listen_config(is_proxy=True)] if settings.PROXIES_CONFIG.ssl_enabled: config.append(get_ssl_config()) config += [ get_logging_config(), get_gzip_config(), get_charset_config(), get_buffering_config(), get_timeout_config(), get_error_page_config(), get_robots_config(), get_favicon_config(), get_healthz_location_config(), get_auth_location_config(resolver=resolver), get_streams_location_config(resolver=resolver, auth=auth), get_services_location_config(resolver=resolver, auth=auth, rewrite=False), get_services_location_config(resolver=resolver, auth=auth, rewrite=True), get_api_location_config(resolver=resolver, auth=auth), ] # config += get_plugins_location_config(resolver=resolver, auth=auth) return clean_config(config)
def test_ssl(self): expected = r""" # SSL ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # modern configuration ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers on; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; resolver_timeout 2s; ssl_certificate /etc/ssl/polyaxon/polyaxon.com.crt; ssl_certificate_key /etc/ssl/polyaxon/polyaxon.com.key; """ # noqa assert get_ssl_config() == expected expected = r""" # SSL ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # modern configuration ssl_protocols TLSv1.2; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_prefer_server_ciphers on; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; resolver_timeout 2s; ssl_certificate /foo/polyaxon.com.crt; ssl_certificate_key /foo/polyaxon.com.key; """ # noqa settings.PROXIES_CONFIG.ssl_path = "/foo" assert get_ssl_config() == expected