Пример #1
0
    def test_one_node_bk_80_ft_detect(self):
        name = "One node backend 80, autodiscover for frontend"
        _services = [{
            "name": "service-1",
            "ip": "10.0.0.1",
            "port": "1200",
            "id": "node1:80",
            "tags": [
                "dns=domain.tld",
                "vhost=test",
            ]
        }]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld }

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:80" 10.0.0.1:1200 check
"""
        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #2
0
    def test_one_node_bk_80_ft_80_with_api_and_no_check(self):
        name = "One node backend 80, frontend 80 with options"
        _services = [{
            "name":
            "service-1",
            "ip":
            "10.0.0.1",
            "port":
            "1200",
            "id":
            "node1:80",
            "tags": [
                "dns=domain.tld", "vhost=test", "http=80", "url_prefix=/api",
                r"check=disabled"
            ]
        }]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld } { path_beg -i /api }

backend bk_service-1
    mode http
    balance roundrobin
    server "node1:80" 10.0.0.1:1200
"""
        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #3
0
    def test_one_node_tcp(self):
        name = "One node tcp port 5222"
        _services = [{
            "name": "service-1",
            "ip": "10.0.0.1",
            "port": "1200",
            "id": "node1:5222",
            "tags": [
                "dns=domain.tld",
                "vhost=test",
                "tcp=5222",
            ]
        }]
        _expected = r"""
frontend tcp-5222-in:
    mode tcp
    bind :5222
    default_backend bk_tcp_service-1

backend bk_tcp-service-1
    mode tcp
    balance roundrobin
    server "node1:5222" 10.0.0.1:1200
"""
        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #4
0
    def test_one_node_bk_80_ft_80_with_api_and_check(self):
        name = "One node backend 80, frontend 80 with options"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:80",
                "tags": [
                    "dns=domain.tld",
                    "vhost=test",
                    "http=80",
                    "url_prefix=/api",
                    r"check=OPTIONS \r\n/api/events",
                ],
            }
        ]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld } { path_beg -i /api }

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk OPTIONS \r\n/api/events
    server "node1:80" 10.0.0.1:1200 check
"""
        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #5
0
    def test_one_node_bk_80_ft_detect(self):
        name = "One node backend 80, autodiscover for frontend"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:80",
                "tags": ["dns=domain.tld", "vhost=test"],
            }
        ]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld }

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:80" 10.0.0.1:1200 check
"""
        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #6
0
    def test_one_node_bk_443_ft_80_http_multiple_domains(self):
        name = "One node ssl backend 443 and ssl port 80 frontend"
        _services = [{
            "name":
            "service-1",
            "ip":
            "10.0.0.1",
            "port":
            "1200",
            "id":
            "node1:443",
            "tags": [
                "dns=bla.tld",
                "dns=coin.tld",
                "https=80",
                "vhost=test",
            ]
        }]
        _expected = r"""
frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:443" 10.0.0.1:1200 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :80
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_service-1 if { hdr(host) -i test.bla.tld }
    use_backend bk_service-1 if { hdr(host) -i test.coin.tld }
"""

        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #7
0
    def test_two_nodes_one_80_other_80_ft_80_with_options(self):
        name = "Two nodes 80 frontend port 80 frontend"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:80",
                "tags": [
                        "dns=domain.tld",
                        "vhost=test",
                        "http=80"
                        ]
            },
            {
                "name": "service-2",
                "ip": "10.0.0.2",
                "port": "1202",
                "id": "node2:80",
                "tags": [
                        "dns=domain.tld",
                        "vhost=test",
                        "http=80",
                        "url_prefix=/api"
                        ]
            }
        ]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_service-2 if { hdr(host) -i test.domain.tld } { path_beg -i /api }
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld }

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:80" 10.0.0.1:1200 check

backend bk_service-2
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node2:80" 10.0.0.2:1202 check
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #8
0
    def test_two_node_tcp_different_server(self):
        name = "Two nodes tcp port 5222"
        _services = [
        {
            "name": "service-1",
            "ip": "10.0.0.1",
            "port": "1200",
            "id": "node1:5222",
            "tags": [
                    "dns=domain.tld",
                    "vhost=test",
                    "tcp=5222",
                    ]
        },
        {
            "name": "service-2",
            "ip": "10.0.0.2",
            "port": "1200",
            "id": "node2:5443",
            "tags": [
                    "dns=domain.tld",
                    "vhost=test",
                    "tcp=5433",
                    ]
        }
        ]
        _expected =r"""
frontend tcp-5222-in:
    mode tcp
    bind :5222
    default_backend bk_tcp_service-1

frontend tcp-5433-in:
    mode tcp
    bind :5433
    default_backend bk_tcp_service-2

backend bk_tcp-service-1
    mode tcp
    balance roundrobin
    server "node1:5222" 10.0.0.1:1200

backend bk_tcp-service-2
    mode tcp
    balance roundrobin
    server "node2:5443" 10.0.0.2:1200
"""
        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #9
0
    def test_one_node_bk_443_ft_443_ssl_pass_through(self):
        name = "One node backend 443, frontend 443 ssl-passthrough"
        _services = [{
            "name":
            "service-1",
            "ip":
            "10.0.0.1",
            "port":
            "1200",
            "id":
            "node1:443",
            "tags":
            ["dns=domain.tld", "vhost=test", "https=443", "ssl=pass-through"]
        }]
        _expected = r"""
frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_service-1
    mode tcp
    server "node1:443" 10.0.0.1:1200 check

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend bk_service-1 if { req.ssl_sni -i test.domain.tld }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
"""
        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #10
0
    def test_one_node_bk_443_ft_80_http_multiple_domains(self):
        name = "One node ssl backend 443 and ssl port 80 frontend"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:443",
                "tags": ["dns=bla.tld", "dns=coin.tld", "https=80", "vhost=test"],
            }
        ]
        _expected = r"""
frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:443" 10.0.0.1:1200 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :80
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_service-1 if { hdr(host) -i test.bla.tld }
    use_backend bk_service-1 if { hdr(host) -i test.coin.tld }
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #11
0
    def test_one_node_bk_443_ft_443_ssl_pass_through(self):
        name = "One node backend 443, frontend 443 ssl-passthrough"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:443",
                "tags": ["dns=domain.tld", "vhost=test", "https=443", "ssl=pass-through"],
            }
        ]
        _expected = r"""
frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_service-1
    mode tcp
    server "node1:443" 10.0.0.1:1200 check

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend bk_service-1 if { req.ssl_sni -i test.domain.tld }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
"""
        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #12
0
    def test_one_node_tcp(self):
        name = "One node tcp port 5222"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:5222",
                "tags": ["dns=domain.tld", "vhost=test", "tcp=5222"],
            }
        ]
        _expected = r"""
frontend tcp-5222-in:
    mode tcp
    bind :5222
    default_backend bk_tcp_service-1

backend bk_tcp-service-1
    mode tcp
    balance roundrobin
    server "node1:5222" 10.0.0.1:1200
"""
        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #13
0
    def test_application_2(self):
        name = "Application with a SQL cluster database, specific balancing and one service ssl-passthrough"
        _services = [{
            "name":
            "myapplication-db",
            "ip":
            "10.0.0.1",
            "port":
            "1200",
            "id":
            "node1:3306",
            "tags": [
                "dns=domain.tld", "tcp=3306", "vhost=myapp",
                "check=mysql-check user root", "balance=source"
            ]
        }, {
            "name":
            "myapplication-db",
            "ip":
            "10.0.0.2",
            "port":
            "1200",
            "id":
            "node2:3306",
            "tags": [
                "dns=domain.tld", "tcp=3306", "vhost=myapp",
                "check=mysql-check user root", "balance=source"
            ]
        }, {
            "name":
            "myapplication-service",
            "ip":
            "10.0.0.3",
            "port":
            "1200",
            "id":
            "node3:443",
            "tags":
            ["dns=domain.tld", "https=443", "vhost=myapp", "ssl=pass-through"]
        }]
        _expected = r"""
frontend tcp-3306-in:
    mode tcp
    bind :3306
    default_backend bk_tcp_myapplication-db

backend bk_tcp-myapplication-db
    mode tcp
    option mysql-check user root
    balance source
    server "node1:3306" 10.0.0.1:1200 check
    server "node2:3306" 10.0.0.2:1200 check

frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_myapplication-service
    mode tcp
    server "node3:443" 10.0.0.3:1200 check

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend bk_myapplication-service if { req.ssl_sni -i myapp.domain.tld }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
"""

        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #14
0
    def test_two_nodes_one_443_other_443_ft_detect_with_options(self):
        name = "Two nodes 443 backend autodetect frontend"
        _services = [
            {
                "name": "service-1",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:443",
                "tags": [
                        "dns=domain.tld",
                        "vhost=test",
                        ]
            },
            {
                "name": "service-2",
                "ip": "10.0.0.2",
                "port": "1202",
                "id": "node2:443",
                "tags": [
                        "dns=domain.tld",
                        "vhost=test",
                        "url_prefix=/api"
                        ]
            }
        ]
        _expected = r"""
frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_service-1
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:443" 10.0.0.1:1200 check ssl verify none

backend bk_service-2
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node2:443" 10.0.0.2:1202 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_service-2 if { hdr(host) -i test.domain.tld } { path_beg -i /api }
    use_backend bk_service-1 if { hdr(host) -i test.domain.tld }
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #15
0
    def test_application_1(self):
        name = "Application with two backend tcp, one frontend ssl with 2 servers for 2 services"
        _services = [
            {
                "name": "myapplication-frontend",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:443",
                "tags": [
                        "dns=domain.tld",
                        "https=443",
                        "vhost=myapp",
                        ]
            },
            {
                "name": "myapplication-frontend",
                "ip": "10.0.0.2",
                "port": "1200",
                "id": "node2:443",
                "tags": [
                        "dns=domain.tld",
                        "https=443",
                        "vhost=myapp",
                        ]
            },
            {
                "name": "myapplication-api",
                "ip": "10.0.0.3",
                "port": "1200",
                "id": "node3:443",
                "tags": [
                        "dns=domain.tld",
                        "https=443",
                        "vhost=myapp",
                        "url_prefix=/api"
                        ]
            },
            {
                "name": "myapplication-xmpp",
                "ip": "10.0.0.4",
                "port": "1200",
                "id": "node4:5222",
                "tags": [
                        "dns=domain.tld",
                        "tcp=5222",
                        "vhost=myapp",
                        ]
            },
            {
                "name": "myapplication-xmpp",
                "ip": "10.0.0.5",
                "port": "1200",
                "id": "node5:5222",
                "tags": [
                        "dns=domain.tld",
                        "tcp=5222",
                        "vhost=myapp",
                        ]
            }

        ]
        _expected = r"""
frontend tcp-5222-in:
    mode tcp
    bind :5222
    default_backend bk_tcp_myapplication-xmpp

backend bk_tcp-myapplication-xmpp
    mode tcp
    balance roundrobin
    server "node4:5222" 10.0.0.4:1200
    server "node5:5222" 10.0.0.5:1200

frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_myapplication-api
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node3:443" 10.0.0.3:1200 check ssl verify none

backend bk_myapplication-frontend
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:443" 10.0.0.1:1200 check ssl verify none
    server "node2:443" 10.0.0.2:1200 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_myapplication-api if { hdr(host) -i myapp.domain.tld } { path_beg -i /api }
    use_backend bk_myapplication-frontend if { hdr(host) -i myapp.domain.tld }
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #16
0
    def test_application_3(self):
        name = "Application with http frontend and http frontend as well"
        _services = [{
            "name":
            "myapplication-http",
            "ip":
            "10.0.0.1",
            "port":
            "80",
            "id":
            "node1:80",
            "tags":
            ["dns=domain.tld", "vhost=myapp", "check=disabled", "http=80"]
        }, {
            "name": "myapplication-https",
            "ip": "10.0.0.3",
            "port": "443",
            "id": "node3:443",
            "tags": ["dns=domain.tld", "https=443", "vhost=myapp"]
        }]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_myapplication-http if { hdr(host) -i myapp.domain.tld }
    default_backend https-redirect

backend bk_myapplication-http
    mode http
    balance roundrobin
    server "node1:80" 10.0.0.1:80

backend bk_myapplication-https
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node3:443" 10.0.0.3:443 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_myapplication-https if { hdr(host) -i myapp.domain.tld }
"""

        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #17
0
    def test_application_3(self):
        name = "Application with http frontend and http frontend as well"
        _services = [
            {
                "name": "myapplication-http",
                "ip": "10.0.0.1",
                "port": "80",
                "id": "node1:80",
                "tags": [
                        "dns=domain.tld",
                        "vhost=myapp",
                        "check=disabled",
                        "http=80"
                        ]
            },
            {
                "name": "myapplication-https",
                "ip": "10.0.0.3",
                "port": "443",
                "id": "node3:443",
                "tags": [
                        "dns=domain.tld",
                        "https=443",
                        "vhost=myapp"
                        ]
            }
        ]
        _expected = r"""
frontend http-in
    bind :80 name http
    mode http
    reqadd X-Forwarded-Proto:\ http
    use_backend bk_myapplication-http if { hdr(host) -i myapp.domain.tld }
    default_backend https-redirect

backend bk_myapplication-http
    mode http
    balance roundrobin
    server "node1:80" 10.0.0.1:80

backend bk_myapplication-https
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node3:443" 10.0.0.3:443 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_myapplication-https if { hdr(host) -i myapp.domain.tld }
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)
Пример #18
0
    def test_application_1(self):
        name = "Application with two backend tcp, one frontend ssl with 2 servers for 2 services"
        _services = [{
            "name": "myapplication-frontend",
            "ip": "10.0.0.1",
            "port": "1200",
            "id": "node1:443",
            "tags": [
                "dns=domain.tld",
                "https=443",
                "vhost=myapp",
            ]
        }, {
            "name": "myapplication-frontend",
            "ip": "10.0.0.2",
            "port": "1200",
            "id": "node2:443",
            "tags": [
                "dns=domain.tld",
                "https=443",
                "vhost=myapp",
            ]
        }, {
            "name":
            "myapplication-api",
            "ip":
            "10.0.0.3",
            "port":
            "1200",
            "id":
            "node3:443",
            "tags":
            ["dns=domain.tld", "https=443", "vhost=myapp", "url_prefix=/api"]
        }, {
            "name": "myapplication-xmpp",
            "ip": "10.0.0.4",
            "port": "1200",
            "id": "node4:5222",
            "tags": [
                "dns=domain.tld",
                "tcp=5222",
                "vhost=myapp",
            ]
        }, {
            "name": "myapplication-xmpp",
            "ip": "10.0.0.5",
            "port": "1200",
            "id": "node5:5222",
            "tags": [
                "dns=domain.tld",
                "tcp=5222",
                "vhost=myapp",
            ]
        }]
        _expected = r"""
frontend tcp-5222-in:
    mode tcp
    bind :5222
    default_backend bk_tcp_myapplication-xmpp

backend bk_tcp-myapplication-xmpp
    mode tcp
    balance roundrobin
    server "node4:5222" 10.0.0.4:1200
    server "node5:5222" 10.0.0.5:1200

frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_myapplication-api
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node3:443" 10.0.0.3:1200 check ssl verify none

backend bk_myapplication-frontend
    mode http
    balance roundrobin
    option httpchk HEAD / HTTP/1.1\r\nHost:localhost
    server "node1:443" 10.0.0.1:1200 check ssl verify none
    server "node2:443" 10.0.0.2:1200 check ssl verify none

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
    use_backend bk_myapplication-api if { hdr(host) -i myapp.domain.tld } { path_beg -i /api }
    use_backend bk_myapplication-frontend if { hdr(host) -i myapp.domain.tld }
"""

        self._assertEquals(name, _services,
                           _generate_conf(_services, "tests/test.jinja2"),
                           _expected)
Пример #19
0
    def test_application_2(self):
        name = "Application with a SQL cluster database, specific balancing and one service ssl-passthrough"
        _services = [
            {
                "name": "myapplication-db",
                "ip": "10.0.0.1",
                "port": "1200",
                "id": "node1:3306",
                "tags": [
                        "dns=domain.tld",
                        "tcp=3306",
                        "vhost=myapp",
                        "check=mysql-check user root",
                        "balance=source"
                        ]
            },
            {
                "name": "myapplication-db",
                "ip": "10.0.0.2",
                "port": "1200",
                "id": "node2:3306",
                "tags": [
                        "dns=domain.tld",
                        "tcp=3306",
                        "vhost=myapp",
                        "check=mysql-check user root",
                        "balance=source"
                        ]
            },
            {
                "name": "myapplication-service",
                "ip": "10.0.0.3",
                "port": "1200",
                "id": "node3:443",
                "tags": [
                        "dns=domain.tld",
                        "https=443",
                        "vhost=myapp",
                        "ssl=pass-through"
                        ]
            }
        ]
        _expected = r"""
frontend tcp-3306-in:
    mode tcp
    bind :3306
    default_backend bk_tcp_myapplication-db

backend bk_tcp-myapplication-db
    mode tcp
    option mysql-check user root
    balance source
    server "node1:3306" 10.0.0.1:1200 check
    server "node2:3306" 10.0.0.2:1200 check

frontend http-in
    bind :80
    mode http
    default_backend https-redirect

backend bk_myapplication-service
    mode tcp
    server "node3:443" 10.0.0.3:1200 check

backend https-redirect
    mode http
    redirect scheme https code 301 if !{ ssl_fc }

frontend https-in
    bind :443
    mode tcp
    tcp-request content accept if { req_ssl_hello_type 1 }
    use_backend bk_myapplication-service if { req.ssl_sni -i myapp.domain.tld }
    default_backend https-no-sni

backend https-no-sni
    mode tcp
    server "https-no-sni-loop" localhost:10443

frontend https-in-no-sni
    mode http
    bind localhost:10443 ssl crt /etc/haproxy/certs/
    reqadd X-Forwarded-Proto:\ https
"""

        self._assertEquals(name, _services, _generate_conf(_services, "tests/test.jinja2"), _expected)