Skip to content

Commit

Permalink
modified: add tls supported; Wayde
Browse files Browse the repository at this point in the history
  • Loading branch information
@sunzhongmou
sunzhongmou committed Sep 9, 2019
1 parent c410152 commit ba94fec
Show file tree
Hide file tree
Showing 11 changed files with 115 additions and 5 deletions.
5 changes: 5 additions & 0 deletions CHANGES.rst
View file
@@ -1,6 +1,11 @@
Changelog
=========

0.1.1
-----

- Add server to support tls or not

0.1.0
-----

Expand Down
2 changes: 1 addition & 1 deletion ddd_nginx/__version__.py
View file
@@ -1 +1 @@
__version__ = '0.1.0'
__version__ = '0.1.1'
4 changes: 4 additions & 0 deletions ddd_nginx/server.py
View file
Expand Up @@ -12,6 +12,10 @@ def __init__(self, name):
super().__init__()
self.name = name
self.locations = []
self.tls = True

def disable_tls(self):
self.tls = False

def append(self, block):
if isinstance(block, Location):
Expand Down
4 changes: 3 additions & 1 deletion ddd_nginx/template/apigw/server-location.conf.jinja2
View file
Expand Up @@ -5,16 +5,18 @@ server {
access_log /var/log/nginx/api_access.log {{ name }};

listen 80;
listen 443 ssl;
server_name {{ name }};

{% if tls %}
# TLS config
listen 443 ssl;
ssl_certificate /etc/ssl/certs/{{ name }}.crt;
ssl_certificate_key /etc/ssl/private/{{ name }}.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1.1 TLSv1.2;
{% endif %}

# API definitions, one per file
{% for location in locations %}
Expand Down
4 changes: 3 additions & 1 deletion ddd_nginx/template/apigw/server.conf.jinja2
View file
Expand Up @@ -5,16 +5,18 @@ server {
access_log /var/log/nginx/api_access.log {{ name }};

listen 80;
listen 443 ssl;
server_name {{ name }};

{% if tls %}
# TLS config
listen 443 ssl;
ssl_certificate /etc/ssl/certs/{{ name }}.crt;
ssl_certificate_key /etc/ssl/private/{{ name }}.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_protocols TLSv1.1 TLSv1.2;
{% endif %}

# API definitions, one per file
include locations_conf.d/*.conf;
Expand Down
10 changes: 10 additions & 0 deletions tests/conftest.py
View file
Expand Up @@ -44,11 +44,21 @@ def server_conf():
return _get_test_data('server.conf')


@pytest.fixture(name='server_no_tls_conf')
def server_no_tls_conf():
return _get_test_data('server-no-tls.conf')


@pytest.fixture(name='server_location_conf')
def server_location_conf():
return _get_test_data('server-location.conf')


@pytest.fixture(name='server_location_no_tls_conf')
def server_location_no_tls_conf():
return _get_test_data('server-location-no-tls.conf')


@pytest.fixture(name='nginx_conf')
def nginx_conf():
return _get_test_data('nginx.conf')
26 changes: 26 additions & 0 deletions tests/test_data/server-location-no-tls.conf
View file
@@ -0,0 +1,26 @@
server {
set $api_name -;
access_log /var/log/nginx/api_access.log api.example.com;

listen 80;
server_name api.example.com;


# API definitions, one per file
location /api/warehouse/pricing {

set $upstream warehouse_pricing;
rewrite ^ /_warehouse last;
}
location = /_warehouse {
internal;
set $api_name "Warehouse";
proxy_pass http://$upstream$request_uri;
}

# Error responses
error_page 404 = @400; # Invalid paths are treated as bad requests
proxy_intercept_errors on; # Do not send backend errors to the client
include error_page.conf; # API client friendly JSON error responses
default_type application/json; # If no content-type then assume JSON
}
2 changes: 1 addition & 1 deletion tests/test_data/server-location.conf
View file
Expand Up @@ -3,10 +3,10 @@ server {
access_log /var/log/nginx/api_access.log api.example.com;

listen 80;
listen 443 ssl;
server_name api.example.com;

# TLS config
listen 443 ssl;
ssl_certificate /etc/ssl/certs/api.example.com.crt;
ssl_certificate_key /etc/ssl/private/api.example.com.key;
ssl_session_cache shared:SSL:10m;
Expand Down
17 changes: 17 additions & 0 deletions tests/test_data/server-no-tls.conf
View file
@@ -0,0 +1,17 @@
server {
set $api_name -;
access_log /var/log/nginx/api_access.log api.example.com;

listen 80;
server_name api.example.com;


# API definitions, one per file
include locations_conf.d/*.conf;

# Error responses
error_page 404 = @400; # Invalid paths are treated as bad requests
proxy_intercept_errors on; # Do not send backend errors to the client
include error_page.conf; # API client friendly JSON error responses
default_type application/json; # If no content-type then assume JSON
}
2 changes: 1 addition & 1 deletion tests/test_data/server.conf
View file
Expand Up @@ -3,10 +3,10 @@ server {
access_log /var/log/nginx/api_access.log api.example.com;

listen 80;
listen 443 ssl;
server_name api.example.com;

# TLS config
listen 443 ssl;
ssl_certificate /etc/ssl/certs/api.example.com.crt;
ssl_certificate_key /etc/ssl/private/api.example.com.key;
ssl_session_cache shared:SSL:10m;
Expand Down
44 changes: 44 additions & 0 deletions tests/test_server.py
View file
Expand Up @@ -23,9 +23,23 @@ def test_dump_server(server_conf):
assert sev.dump("server.conf.jinja2", {
"name": sev.name,
"variables": sev.sets,
"tls": sev.tls,
}) == server_conf


@pytest.mark.usefixtures("server_no_tls_conf")
def test_dump_server(server_no_tls_conf):
sev = Server(
name="api.example.com",
)
sev.set_var("$api_name", "-")

assert sev.dump("server.conf.jinja2", {
"name": sev.name,
"variables": sev.sets,
}) == server_no_tls_conf


@pytest.mark.usefixtures("server_location_conf")
def test_dump_server_dumps(server_location_conf):
sev = Server(
Expand All @@ -52,4 +66,34 @@ def test_dump_server_dumps(server_location_conf):
"name": sev.name,
"variables": sev.sets,
"locations": sev.locations,
"tls": sev.tls,
}) == server_location_conf


@pytest.mark.usefixtures("server_location_no_tls_conf")
def test_dump_server_dumps(server_location_no_tls_conf):
sev = Server(
name="api.example.com",
)
sev.set_var("$api_name", "-")

b_location = Location(
name="/api/warehouse/pricing",
proxy=ReverseProxyStrategy('rewrite', '^ /_warehouse last')
)
b_location.set_var("$upstream", "warehouse_pricing")
sev.append(b_location)

a_location = Location(
name="= /_warehouse",
proxy=ReverseProxyStrategy('proxy_pass', 'http://$upstream$request_uri'),
scope="internal"
)
a_location.set_var('$api_name', '"Warehouse"')
sev.append(a_location)

assert sev.dump("server-location.conf.jinja2", {
"name": sev.name,
"variables": sev.sets,
"locations": sev.locations,
}) == server_location_no_tls_conf

0 comments on commit ba94fec

Please sign in to comment.