KNEL/KNELProductionContainers
2
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(apisix): add Cloudron package

Browse Source 
- Implements Apache APISIX packaging for Cloudron platform.
- Includes Dockerfile, CloudronManifest.json, and start.sh.
- Configured to use Cloudron's etcd addon.

🤖 Generated with Gemini CLI
Co-Authored-By: Gemini <noreply@google.com>
This commit is contained in:
Charles N Wyble - admin
2025-09-04 09:42:47 -05:00
parent f7bae09f22
commit 54cc5f7308
1608 changed files with 388342 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

290
CloudronPackages/APISIX/apisix-source/t/stream-node/healthcheck-resty-events.t Normal file
View File

@@ -0,0 +1,290 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
BEGIN {
if ($ENV{TEST_EVENTS_MODULE} ne "lua-resty-events") {
$SkipReason = "Only for lua-resty-events events module";
}
}
use Test::Nginx::Socket::Lua $SkipReason ? (skip_all => $SkipReason) : ();
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
run_tests();
__DATA__
=== TEST 1: create stream route with a upstream that enable active healthcheck only, \
two upstream nodes: one healthy + one unhealthy, unhealthy node with high priority
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": [
{ "host": "127.0.0.1", "port": 1995, "weight": 100, "priority": 0 },
{ "host": "127.0.0.1", "port": 9995, "weight": 100, "priority": 1 }
],
"type": "roundrobin",
"retries": 0,
"checks": {
"active": {
"type": "tcp",
"timeout": 1,
"healthy": {
"interval": 1,
"successes": 2
},
"unhealthy": {
"interval": 1,
"tcp_failures": 1,
"timeouts": 1
}
}
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit stream routes
--- stream_conf_enable
--- config
location /t {
content_by_lua_block {
-- send first request to create health checker
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local data, _ = sock:receive()
assert(data == nil, "first request should fail")
sock:close()
-- wait for health check to take effect
ngx.sleep(2.5)
for i = 1, 3 do
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local _, err = sock:send("mmm")
if err then
ngx.say("failed to send: ", err)
return
end
local data, err = sock:receive()
if err then
ngx.say("failed to receive: ", err)
return
end
assert(data == "hello world", "response should be 'hello world'")
sock:close()
end
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_DELETE
)
if code >= 300 then
ngx.status = code
ngs.say("failed to delete stream route")
return
end
-- wait for checker to release
ngx.sleep(1)
ngx.say("passed")
}
}
--- timeout: 10
--- request
GET /t
--- response_body
passed
--- error_log
create new checker
proxy request to 127.0.0.1:9995 while connecting to upstream
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995"
unhealthy TCP increment (1/1) for '127.0.0.1(127.0.0.1:9995)'
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
try to release checker
=== TEST 3: create stream route with a upstream that enable active and passive healthcheck, \
configure active healthcheck with a high unhealthy threshold, \
two upstream nodes: one healthy + one unhealthy, unhealthy node with high priority
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": [
{ "host": "127.0.0.1", "port": 1995, "weight": 100, "priority": 0 },
{ "host": "127.0.0.1", "port": 9995, "weight": 100, "priority": 1 }
],
"type": "roundrobin",
"retries": 0,
"checks": {
"active": {
"type": "tcp",
"timeout": 1,
"healthy": {
"interval": 60,
"successes": 2
},
"unhealthy": {
"interval": 1,
"tcp_failures": 254,
"timeouts": 1
}
},
"passive": {
"type": "tcp",
"healthy": {
"successes": 1
},
"unhealthy": {
"tcp_failures": 1
}
}
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: hit stream routes
--- stream_conf_enable
--- config
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local data, _ = sock:receive()
assert(data == nil, "first request should fail")
sock:close()
-- Due to the implementation of lua-resty-events, it relies on the kernel and
-- the Nginx event loop to process socket connections.
-- When lua-resty-healthcheck handles passive healthchecks and uses lua-resty-events
-- as the events module, the synchronization of the first event usually occurs
-- before the start of the passive healthcheck. So when the execution finishes and
-- healthchecker tries to record the healthcheck status, it will not be able to find
-- an existing target (because the synchronization event has not finished yet), which
-- will lead to some anomalies that deviate from the original test case, so compatibility
-- operations are performed here.
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local data, _ = sock:receive()
assert(data == nil, "first request should fail")
sock:close()
for i = 1, 3 do
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local _, err = sock:send("mmm")
if err then
ngx.say("failed to send: ", err)
return
end
local data, err = sock:receive()
if err then
ngx.say("failed to receive: ", err)
return
end
assert(data == "hello world", "response should be 'hello world'")
sock:close()
end
ngx.say("passed")
}
}
--- request
GET /t
--- response_body
passed
--- error_log
proxy request to 127.0.0.1:9995 while connecting to upstream
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995"
enabled healthcheck passive while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995",
unhealthy TCP increment (1/1) for '(127.0.0.1:9995)' while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995",
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
--- timeout: 10

271
CloudronPackages/APISIX/apisix-source/t/stream-node/healthcheck-resty-worker-events.t Normal file
View File

@@ -0,0 +1,271 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
BEGIN {
if ($ENV{TEST_EVENTS_MODULE} ne "lua-resty-worker-events") {
$SkipReason = "Only for lua-resty-worker-events events module";
}
}
use Test::Nginx::Socket::Lua $SkipReason ? (skip_all => $SkipReason) : ();
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
run_tests();
__DATA__
=== TEST 1: create stream route with a upstream that enable active healthcheck only, \
two upstream nodes: one healthy + one unhealthy, unhealthy node with high priority
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": [
{ "host": "127.0.0.1", "port": 1995, "weight": 100, "priority": 0 },
{ "host": "127.0.0.1", "port": 9995, "weight": 100, "priority": 1 }
],
"type": "roundrobin",
"retries": 0,
"checks": {
"active": {
"type": "tcp",
"timeout": 1,
"healthy": {
"interval": 1,
"successes": 2
},
"unhealthy": {
"interval": 1,
"tcp_failures": 1,
"timeouts": 1
}
}
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit stream routes
--- stream_conf_enable
--- config
location /t {
content_by_lua_block {
-- send first request to create health checker
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local data, _ = sock:receive()
assert(data == nil, "first request should fail")
sock:close()
-- wait for health check to take effect
ngx.sleep(2.5)
for i = 1, 3 do
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local _, err = sock:send("mmm")
if err then
ngx.say("failed to send: ", err)
return
end
local data, err = sock:receive()
if err then
ngx.say("failed to receive: ", err)
return
end
assert(data == "hello world", "response should be 'hello world'")
sock:close()
end
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_DELETE
)
if code >= 300 then
ngx.status = code
ngs.say("failed to delete stream route")
return
end
-- wait for checker to release
ngx.sleep(1)
ngx.say("passed")
}
}
--- timeout: 10
--- request
GET /t
--- response_body
passed
--- error_log
create new checker
proxy request to 127.0.0.1:9995 while connecting to upstream
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995"
unhealthy TCP increment (1/1) for '127.0.0.1(127.0.0.1:9995)'
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
try to release checker
=== TEST 3: create stream route with a upstream that enable active and passive healthcheck, \
configure active healthcheck with a high unhealthy threshold, \
two upstream nodes: one healthy + one unhealthy, unhealthy node with high priority
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": [
{ "host": "127.0.0.1", "port": 1995, "weight": 100, "priority": 0 },
{ "host": "127.0.0.1", "port": 9995, "weight": 100, "priority": 1 }
],
"type": "roundrobin",
"retries": 0,
"checks": {
"active": {
"type": "tcp",
"timeout": 1,
"healthy": {
"interval": 60,
"successes": 2
},
"unhealthy": {
"interval": 1,
"tcp_failures": 254,
"timeouts": 1
}
},
"passive": {
"type": "tcp",
"healthy": {
"successes": 1
},
"unhealthy": {
"tcp_failures": 1
}
}
}
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: hit stream routes
--- stream_conf_enable
--- config
location /t {
content_by_lua_block {
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local data, _ = sock:receive()
assert(data == nil, "first request should fail")
sock:close()
for i = 1, 3 do
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
local _, err = sock:send("mmm")
if err then
ngx.say("failed to send: ", err)
return
end
local data, err = sock:receive()
if err then
ngx.say("failed to receive: ", err)
return
end
assert(data == "hello world", "response should be 'hello world'")
sock:close()
end
ngx.say("passed")
}
}
--- request
GET /t
--- response_body
passed
--- error_log
proxy request to 127.0.0.1:9995 while connecting to upstream
connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995"
enabled healthcheck passive while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995",
unhealthy TCP increment (1/1) for '(127.0.0.1:9995)' while connecting to upstream, client: 127.0.0.1, server: 0.0.0.0:1985, upstream: "127.0.0.1:9995",
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
proxy request to 127.0.0.1:1995 while connecting to upstream
--- timeout: 10

335
CloudronPackages/APISIX/apisix-source/t/stream-node/mtls.t Normal file
View File

@@ -0,0 +1,335 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
BEGIN {
if ($ENV{TEST_NGINX_CHECK_LEAK}) {
$SkipReason = "unavailable for the hup tests";
} else {
$ENV{TEST_NGINX_USE_HUP} = 1;
undef $ENV{TEST_NGINX_USE_STAP};
}
}
use t::APISIX;
my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
my $version = eval { `$nginx_binary -V 2>&1` };
if ($version !~ m/\/apisix-nginx-module/) {
plan(skip_all => "apisix-nginx-module not installed");
} else {
plan('no_plan');
}
repeat_each(1);
add_block_preprocessor(sub {
my ($block) = @_;
});
run_tests();
__DATA__
=== TEST 1: set client certificate
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local json = require("toolkit.json")
local ssl_ca_cert = t.read_file("t/certs/mtls_ca.crt")
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
local ssl_key = t.read_file("t/certs/mtls_client.key")
local data = {
upstream = {
scheme = "https",
type = "roundrobin",
nodes = {
["127.0.0.1:2005"] = 1,
},
tls = {
client_cert = ssl_cert,
client_key = ssl_key,
}
},
plugins = {
["proxy-rewrite"] = {
uri = "/hello"
}
},
uri = "/mtls"
}
local code, body = t.test('/apisix/admin/routes/1',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
ngx.say(body)
return
end
local data = {
upstream = {
type = "roundrobin",
nodes = {
["127.0.0.1:1995"] = 1,
},
}
}
assert(t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
json.encode(data)
))
local data = {
cert = ssl_cert,
key = ssl_key,
sni = "localhost",
client = {
ca = ssl_ca_cert,
depth = 2,
}
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
end
ngx.print(body)
}
}
--- request
GET /t
=== TEST 2: hit
--- stream_enable
--- request
GET /mtls
--- more_headers
Host: localhost
--- ignore_response
--- error_log
proxy request to 127.0.0.1:2005
proxy request to 127.0.0.1:1995
=== TEST 3: reject client without cetificate
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local json = require("toolkit.json")
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
local ssl_key = t.read_file("t/certs/mtls_client.key")
local data = {
upstream = {
scheme = "https",
type = "roundrobin",
nodes = {
["127.0.0.1:2005"] = 1,
}
},
plugins = {
["proxy-rewrite"] = {
uri = "/hello"
}
},
uri = "/mtls"
}
local code, body = t.test('/apisix/admin/routes/1',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
ngx.say(body)
return
end
ngx.print(body)
}
}
--- request
GET /t
=== TEST 4: hit
--- stream_enable
--- request
GET /mtls
--- more_headers
Host: localhost
--- ignore_response
--- error_log
proxy request to 127.0.0.1:2005
--- no_error_log
proxy request to 127.0.0.1:1995
=== TEST 5: reject client with bad cetificate
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local json = require("toolkit.json")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {
upstream = {
scheme = "https",
type = "roundrobin",
nodes = {
["127.0.0.1:2005"] = 1,
},
tls = {
client_cert = ssl_cert,
client_key = ssl_key,
}
},
plugins = {
["proxy-rewrite"] = {
uri = "/hello"
}
},
uri = "/mtls"
}
local code, body = t.test('/apisix/admin/routes/1',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
ngx.say(body)
return
end
ngx.print(body)
}
}
--- request
GET /t
=== TEST 6: hit
--- stream_enable
--- request
GET /mtls
--- more_headers
Host: localhost
--- ignore_response
--- error_log
proxy request to 127.0.0.1:2005
--- no_error_log
proxy request to 127.0.0.1:1995
=== TEST 7: 2 ssl objects, both have mTLS and with different CA
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local json = require("toolkit.json")
local ssl_ca_cert = t.read_file("t/certs/mtls_ca.crt")
local ssl_cert = t.read_file("t/certs/mtls_client.crt")
local ssl_key = t.read_file("t/certs/mtls_client.key")
local ssl_ca_cert2 = t.read_file("t/certs/apisix.crt")
local data = {
upstream = {
type = "roundrobin",
nodes = {
["127.0.0.1:1995"] = 1,
},
}
}
assert(t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
json.encode(data)
))
local data = {
cert = ssl_cert,
key = ssl_key,
sni = "localhost",
client = {
ca = ssl_ca_cert,
depth = 2,
}
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
return
end
local data = {
cert = ssl_cert,
key = ssl_key,
sni = "test.com",
client = {
ca = ssl_ca_cert2,
depth = 2,
}
}
local code, body = t.test('/apisix/admin/ssls/2',
ngx.HTTP_PUT,
json.encode(data)
)
if code >= 300 then
ngx.status = code
end
ngx.print(body)
}
}
--- request
GET /t
=== TEST 8: request localhost and save tls session to reuse
--- stream_enable
--- max_size: 1048576
--- exec
echo "" | timeout 1 openssl s_client -ign_eof -connect 127.0.0.1:2005 \
-servername localhost -cert t/certs/mtls_client.crt -key t/certs/mtls_client.key \
-sess_out session.dat
=== TEST 9: request test.com with saved tls session
--- stream_enable
--- max_size: 1048576
--- exec
echo "" | openssl s_client -connect 127.0.0.1:2005 -servername test.com \
-sess_in session.dat
--- error_log
sni in client hello mismatch hostname of ssl session, sni: test.com, hostname: localhost

153
CloudronPackages/APISIX/apisix-source/t/stream-node/priority-balancer.t Normal file
View File

@@ -0,0 +1,153 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
repeat_each(2); # repeat each test to ensure after_balance is called correctly
log_level('info');
no_root_location();
worker_connections(1024);
no_shuffle();
add_block_preprocessor(sub {
my ($block) = @_;
if ($block->apisix_yaml) {
if (!$block->yaml_config) {
my $yaml_config = <<_EOC_;
apisix:
node_listen: 1984
deployment:
role: data_plane
role_data_plane:
config_provider: yaml
_EOC_
$block->set_value("yaml_config", $yaml_config);
}
}
$block->set_value("stream_enable", 1);
if (!$block->stream_request) {
$block->set_value("stream_request", "mmm");
}
});
run_tests();
__DATA__
=== TEST 1: sanity
--- apisix_yaml
stream_routes:
- id: 1
upstream:
type: least_conn
nodes:
- host: 127.0.0.1
port: 1979
weight: 2
priority: 1
- host: 127.0.0.2
port: 1979
weight: 1
priority: 1
- host: 127.0.0.3
port: 1979
weight: 2
priority: 0
- host: 127.0.0.4
port: 1979
weight: 1
priority: 0
- host: 127.0.0.1
port: 1995
weight: 2
priority: -1
#END
--- stream_response
hello world
--- error_log
connect() failed
failed to get server from current priority 1, try next one
failed to get server from current priority 0, try next one
--- grep_error_log eval
qr/proxy request to \S+/
--- grep_error_log_out
proxy request to 127.0.0.1:1979
proxy request to 127.0.0.2:1979
proxy request to 127.0.0.3:1979
proxy request to 127.0.0.4:1979
proxy request to 127.0.0.1:1995
=== TEST 2: default priority is 0
--- apisix_yaml
stream_routes:
- id: 1
upstream:
type: least_conn
nodes:
- host: 127.0.0.1
port: 1979
weight: 2
priority: 1
- host: 127.0.0.2
port: 1979
weight: 1
priority: 1
- host: 127.0.0.3
port: 1979
weight: 2
- host: 127.0.0.4
port: 1979
weight: 1
- host: 127.0.0.1
port: 1995
weight: 2
priority: -1
#END
--- stream_response
hello world
--- error_log
connect() failed
failed to get server from current priority 1, try next one
failed to get server from current priority 0, try next one
--- grep_error_log eval
qr/proxy request to \S+/
--- grep_error_log_out
proxy request to 127.0.0.1:1979
proxy request to 127.0.0.2:1979
proxy request to 127.0.0.3:1979
proxy request to 127.0.0.4:1979
proxy request to 127.0.0.1:1995
=== TEST 3: fix priority for nonarray nodes
--- apisix_yaml
stream_routes:
- id: 1
upstream:
type: roundrobin
nodes:
"127.0.0.1:1995": 1
"127.0.0.2:1995": 1
#END
--- stream_response
hello world

79
CloudronPackages/APISIX/apisix-source/t/stream-node/random.t Normal file
View File

@@ -0,0 +1,79 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
workers(4);
log_level('info');
worker_connections(256);
repeat_each(1);
no_long_string();
no_root_location();
run_tests();
__DATA__
=== TEST 1: generate different random number in different worker process
--- stream_enable
--- config
location /test {
content_by_lua_block {
ngx.sleep(0.3)
local log_file = ngx.config.prefix() .. "logs/error.log"
local file = io.open(log_file, "r")
local log = file:read("*a")
local it, err = ngx.re.gmatch(log, [[random stream test in \[1, 10000\]: (\d+)]], "jom")
if not it then
ngx.log(ngx.ERR, "failed to gmatch: ", err)
return
end
local random_nums = {}
while true do
local m, err = it()
if err then
ngx.log(ngx.ERR, "error: ", err)
return
end
if not m then
break
end
-- found a match
table.insert(random_nums, m[1])
end
for i = 2, #random_nums do
local pre = random_nums[i - 1]
local cur = random_nums[i]
ngx.say("random[", i - 1, "] == random[", i, "]: ", pre == cur)
if not pre == cur then
ngx.say("random info in log: ", table.concat(random_nums, ", "))
break
end
end
}
}
--- request
GET /test
--- response_body
random[1] == random[2]: false
random[2] == random[3]: false
random[3] == random[4]: false
random[4] == random[5]: false

134
CloudronPackages/APISIX/apisix-source/t/stream-node/sanity-repeat.t Normal file
View File

@@ -0,0 +1,134 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
workers(1);
repeat_each(2);
run_tests();
__DATA__
=== TEST 1: set stream route(id: 1) -> service(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"service_id": 1
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 3: set stream / ssl
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {
cert = ssl_cert, key = ssl_key,
sni = "*.test.com",
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data)
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"sni": "a.test.com",
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: hit route
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.1:1995

294
CloudronPackages/APISIX/apisix-source/t/stream-node/sanity-with-service.t Normal file
View File

@@ -0,0 +1,294 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
run_tests();
__DATA__
=== TEST 1: set stream route(id: 1) -> service(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"service_id": 1
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 3: set stream route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.2",
"service_id": 1
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: not hit route
--- stream_enable
--- stream_response
=== TEST 5: delete route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_DELETE
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 6: set service upstream (id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
end
code, body = t('/apisix/admin/services/1',
ngx.HTTP_PUT,
[[{
"upstream_id": 1
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 7: set stream route (id: 1) with service (id: 1) which uses upstream_id
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"service_id": 1
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 8: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 9: set stream route (id: 1) which uses upstream_id and remote address with IP CIDR
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1/26",
"service_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 10: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 11: reject bad CIDR
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": ":/8",
"service_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.print(body)
}
}
--- request
GET /t
--- error_code: 400
--- response_body
{"error_msg":"invalid remote_addr: :/8"}
=== TEST 12: skip upstream http host check in stream subsystem
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"127.0.0.1:1995": 1,
"127.0.0.2:1995": 1
},
"pass_host": "node",
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 13: hit route
--- stream_request eval
mmm
--- stream_response
hello world

403
CloudronPackages/APISIX/apisix-source/t/stream-node/sanity.t Normal file
View File

@@ -0,0 +1,403 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
run_tests();
__DATA__
=== TEST 1: set stream route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 3: set stream route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.2",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: not hit route
--- stream_enable
--- stream_response
=== TEST 5: delete route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_DELETE
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 6: set stream route(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"server_port": 1995,
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 7: set upstream (id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 8: set stream route (id: 1) which uses upstream_id
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 9: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 10: skip route config tombstone
--- stream_conf_enable
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
t('/apisix/admin/stream_routes/1', ngx.HTTP_DELETE)
t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
local sock = ngx.socket.tcp()
local ok, err = sock:connect("127.0.0.1", 1985)
if not ok then
ngx.say("failed to connect: ", err)
return
end
assert(sock:send("mmm"))
local data = assert(sock:receive("*a"))
ngx.print(data)
}
}
--- request
GET /t
--- response_body
hello world
=== TEST 11: set stream route (id: 1) which uses upstream_id and remote address with IP CIDR
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1/26",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 12: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 13: reject bad CIDR
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": ":/8",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.print(body)
}
}
--- request
GET /t
--- error_code: 400
--- response_body
{"error_msg":"invalid remote_addr: :/8"}
=== TEST 14: skip upstream http host check in stream subsystem
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"127.0.0.1:1995": 1,
"127.0.0.2:1995": 1
},
"pass_host": "node",
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 15: hit route
--- stream_request eval
mmm
--- stream_response
hello world
=== TEST 16: reuse ctx and more
--- stream_extra_init_by_lua
local ctx = require("apisix.core.ctx")
local tablepool = require("apisix.core").tablepool
local old_set_vars_meta = ctx.set_vars_meta
ctx.set_vars_meta = function(...)
ngx.log(ngx.WARN, "fetch ctx var")
return old_set_vars_meta(...)
end
local old_release_vars = ctx.release_vars
ctx.release_vars = function(...)
ngx.log(ngx.WARN, "release ctx var")
return old_release_vars(...)
end
local old_fetch = tablepool.fetch
tablepool.fetch = function(name, ...)
ngx.log(ngx.WARN, "fetch table ", name)
return old_fetch(name, ...)
end
local old_release = tablepool.release
tablepool.release = function(name, ...)
ngx.log(ngx.WARN, "release table ", name)
return old_release(name, ...)
end
--- stream_request eval
mmm
--- stream_response
hello world
--- grep_error_log eval
qr/(fetch|release) (ctx var|table \w+)/
--- grep_error_log_out
fetch table api_ctx
fetch ctx var
fetch table ctx_var
fetch table plugins
release ctx var
release table ctx_var
release table plugins
release table api_ctx

341
CloudronPackages/APISIX/apisix-source/t/stream-node/sni.t Normal file
View File

@@ -0,0 +1,341 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
worker_connections(1024);
no_shuffle();
add_block_preprocessor(sub {
my ($block) = @_;
});
run_tests();
__DATA__
=== TEST 1: set stream / ssl
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {
cert = ssl_cert, key = ssl_key,
sni = "*.test.com",
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data)
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"sni": "a.test.com",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/2',
ngx.HTTP_PUT,
[[{
"sni": "*.test.com",
"upstream": {
"nodes": {
"127.0.0.2:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/3',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.3:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.1:1995
=== TEST 3: hit route (session reuse)
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- stream_session_reuse
--- response_body
hello world
hello world
--- grep_error_log eval
qr/proxy request to 127.0.0.\d:1995/
--- grep_error_log_out
proxy request to 127.0.0.1:1995
proxy request to 127.0.0.1:1995
=== TEST 4: hit route, wildcard SNI
--- stream_tls_request
mmm
--- stream_sni: b.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.2:1995
=== TEST 5: hit route, no TLS
--- stream_request
mmm
--- stream_response
hello world
--- error_log
proxy request to 127.0.0.3:1995
=== TEST 6: set different stream route with the same sni
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local code, body = t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"sni": "a.test.com",
"remote_addr": "127.0.0.2",
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/4',
ngx.HTTP_PUT,
[[{
"sni": "a.test.com",
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"127.0.0.4:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 7: hit route
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.4:1995
=== TEST 8: change a.test.com route to fall back to wildcard route
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local code, body = t.test('/apisix/admin/stream_routes/4',
ngx.HTTP_PUT,
[[{
"sni": "a.test.com",
"remote_addr": "127.0.0.3",
"upstream": {
"nodes": {
"127.0.0.4:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 9: hit route
--- stream_tls_request
mmm
--- stream_sni: a.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.2:1995
=== TEST 10: use fallback sni to match route
--- yaml_config
apisix:
node_listen: 1984
proxy_mode: http&stream
stream_proxy:
tcp:
- 9100
ssl:
fallback_sni: a.test.com
--- stream_tls_request
mmm
--- response_body
hello world
--- error_log
proxy request to 127.0.0.2:1995
=== TEST 11: no sni matched, fall back to non-sni route
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
local code, body = t.test('/apisix/admin/stream_routes/2',
ngx.HTTP_DELETE)
if code >= 300 then
ngx.status = code
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 12: hit route
--- stream_tls_request
mmm
--- stream_sni: b.test.com
--- response_body
hello world
--- error_log
proxy request to 127.0.0.3:1995
=== TEST 13: clean up routes
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin")
for i = 1, 4 do
t.test('/apisix/admin/stream_routes/' .. i, ngx.HTTP_DELETE)
end
}
}
--- request
GET /t

135
CloudronPackages/APISIX/apisix-source/t/stream-node/tls.t Normal file
View File

@@ -0,0 +1,135 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
worker_connections(1024);
no_shuffle();
add_block_preprocessor(sub {
my ($block) = @_;
});
run_tests();
__DATA__
=== TEST 1: set stream / ssl
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {
cert = ssl_cert, key = ssl_key,
sni = "test.com",
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data)
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t.test('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"upstream": {
"nodes": {
"127.0.0.1:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_tls_request
mmm
--- stream_sni: test.com
--- response_body
hello world
=== TEST 3: wrong sni
--- stream_tls_request
mmm
--- stream_sni: xx.com
--- error_log
failed to match any SSL certificate by SNI: xx.com
=== TEST 4: missing sni
--- stream_tls_request
mmm
--- error_log
failed to find SNI
=== TEST 5: ensure table is reused in TLS handshake
--- stream_extra_init_by_lua
local tablepool = require("apisix.core").tablepool
local old_fetch = tablepool.fetch
tablepool.fetch = function(name, ...)
ngx.log(ngx.WARN, "fetch table ", name)
return old_fetch(name, ...)
end
local old_release = tablepool.release
tablepool.release = function(name, ...)
ngx.log(ngx.WARN, "release table ", name)
return old_release(name, ...)
end
--- stream_tls_request
mmm
--- stream_sni: test.com
--- response_body
hello world
--- grep_error_log eval
qr/(fetch|release) table \w+/
--- grep_error_log_out
fetch table api_ctx
release table api_ctx
fetch table api_ctx
fetch table ctx_var
fetch table plugins
release table ctx_var
release table plugins
release table api_ctx

197
CloudronPackages/APISIX/apisix-source/t/stream-node/upstream-domain.t Normal file
View File

@@ -0,0 +1,197 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX 'no_plan';
log_level('info');
no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
if (!$block->request) {
$block->set_value("stream_enable", 1);
if (!$block->stream_request) {
$block->set_value("stream_request", "mmm");
}
}
});
run_tests();
__DATA__
=== TEST 1: set upstream & stream_routes (id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"localhost:1995": 1
},
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_response
hello world
=== TEST 3: set stream_routes with upstream(id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"localhost:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: hit route
--- stream_response
hello world
=== TEST 5: bad domain in the upstream
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"nodes": {
"local:1995": 1
},
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 6: hit route
--- stream_response
receive stream response error: connection reset by peer
--- error_log
=== TEST 7: bad domain in the stream route
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream": {
"nodes": {
"local:1995": 1
},
"type": "roundrobin"
}
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 8: hit route
--- stream_response
receive stream response error: connection reset by peer
--- error_log
no valid upstream node

142
CloudronPackages/APISIX/apisix-source/t/stream-node/upstream-tls.t Normal file
View File

@@ -0,0 +1,142 @@
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
use t::APISIX;
my $nginx_binary = $ENV{'TEST_NGINX_BINARY'} || 'nginx';
my $version = eval { `$nginx_binary -V 2>&1` };
if ($version !~ m/\/apisix-nginx-module/) {
plan(skip_all => "apisix-nginx-module not installed");
} else {
plan('no_plan');
}
add_block_preprocessor(sub {
my ($block) = @_;
if (!$block->request) {
$block->set_value("stream_enable", 1);
my $stream_config = $block->stream_config // '';
$stream_config .= <<_EOC_;
server {
listen 8765 ssl;
ssl_certificate cert/apisix.crt;
ssl_certificate_key cert/apisix.key;
content_by_lua_block {
local sock = ngx.req.socket()
local data = sock:receive("1")
ngx.say("hello ", ngx.var.ssl_server_name)
}
}
_EOC_
$block->set_value("extra_stream_config", $stream_config);
}
});
run_tests();
__DATA__
=== TEST 1: set upstream & stream_routes (id: 1)
--- config
location /t {
content_by_lua_block {
local t = require("lib.test_admin").test
local code, body = t('/apisix/admin/upstreams/1',
ngx.HTTP_PUT,
[[{
"scheme": "tls",
"nodes": {
"localhost:8765": 1
},
"type": "roundrobin"
}]]
)
if code >= 300 then
ngx.status = code
return
end
local code, body = t('/apisix/admin/stream_routes/1',
ngx.HTTP_PUT,
[[{
"remote_addr": "127.0.0.1",
"upstream_id": "1"
}]]
)
if code >= 300 then
ngx.status = code
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 2: hit route
--- stream_request
mmm
--- stream_response
hello apisix_backend
=== TEST 3: set ssl
--- config
location /t {
content_by_lua_block {
local core = require("apisix.core")
local t = require("lib.test_admin")
local ssl_cert = t.read_file("t/certs/apisix.crt")
local ssl_key = t.read_file("t/certs/apisix.key")
local data = {
cert = ssl_cert, key = ssl_key,
sni = "test.com",
}
local code, body = t.test('/apisix/admin/ssls/1',
ngx.HTTP_PUT,
core.json.encode(data)
)
if code >= 300 then
ngx.status = code
return
end
ngx.say(body)
}
}
--- request
GET /t
--- response_body
passed
=== TEST 4: hit route
--- stream_tls_request
mmm
--- stream_sni: test.com
--- response_body
hello test.com