Commit b5b7360d authored by Jérome Perrin's avatar Jérome Perrin

software/jstestnode: serve test files on https

Now that we have a more modern firefox, it requires secure context for
many things. This fixes `TypeError: crypto.subtle is undefined` test
failures for JIO.
parent 349df3cb
...@@ -15,16 +15,16 @@ ...@@ -15,16 +15,16 @@
[instance] [instance]
filename = instance.cfg.in filename = instance.cfg.in
md5sum = 84380fe6c268301a1e1f501e53943f58 md5sum = ad2797e1b83b6b3221f831950075a057
[template-nginx-service] [template-nginx-service]
filename = template-nginx-service.sh.in filename = template-nginx-service.sh.in
md5sum = 458870b70c33a1621b68961ae2372ad5 md5sum = d718fb950862769e57100986cfabb180
[template-nginx-configuration] [template-nginx-configuration]
filename = template-nginx.cfg.in filename = template-nginx.cfg.in
md5sum = 98faa5ad8cfb23a11d97a459078a1d05 md5sum = f15c5d9b8c2cf39cb6b2070d8d9d3a92
[template-runTestSuite] [template-runTestSuite]
filename = runTestSuite.in filename = runTestSuite.in
md5sum = 5db53d622bd68fb07e078ddc4403a240 md5sum = 98b7d79eb6af1c4120e3848e9e6fca61
...@@ -10,7 +10,7 @@ offline = true ...@@ -10,7 +10,7 @@ offline = true
[publish] [publish]
recipe = slapos.cookbook:publish.serialised recipe = slapos.cookbook:publish.serialised
nginx = http://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/ nginx = https://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/
[directory] [directory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
...@@ -97,13 +97,13 @@ virtual-depends = ...@@ -97,13 +97,13 @@ virtual-depends =
recipe = slapos.recipe.template recipe = slapos.recipe.template
url = ${template-nginx-configuration:output} url = ${template-nginx-configuration:output}
output = $${directory:etc}/nginx.cfg output = $${directory:etc}/nginx.cfg
access_log = $${directory:log}/nginx-access.log access-log = $${directory:log}/nginx-access.log
error_log = $${directory:log}/nginx-error.log error-log = $${directory:log}/nginx-error.log
ip = $${instance-parameter:ipv6-random} ip = $${instance-parameter:ipv6-random}
port = 9443 port = 9443
ssl_key = $${directory:ssl}/nginx.key ssl-csr = $${directory:ssl}/nginx.csr
ssl_csr = $${directory:ssl}/nginx.csr ssl-key = $${directory:ssl}/nginx.key
ssl_crt = $${directory:ssl}/nginx.crt ssl-crt = $${directory:ssl}/nginx.crt
[nginx-listen-promise] [nginx-listen-promise]
recipe = slapos.cookbook:check_port_listening recipe = slapos.cookbook:check_port_listening
......
...@@ -22,7 +22,7 @@ os.environ['XORG_LOCK_DIR'] = '$${xvfb-instance:lock-dir}' ...@@ -22,7 +22,7 @@ os.environ['XORG_LOCK_DIR'] = '$${xvfb-instance:lock-dir}'
os.environ['DISPLAY'] = '$${xvfb-instance:display}' os.environ['DISPLAY'] = '$${xvfb-instance:display}'
os.environ['FONTCONFIG_FILE'] = '$${fontconfig-conf:output}' os.environ['FONTCONFIG_FILE'] = '$${fontconfig-conf:output}'
BASE_URL = 'http://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/' BASE_URL = 'https://[$${nginx-configuration:ip}]:$${nginx-configuration:port}/'
ETC_DIRECTORY = '$${directory:etc}' ETC_DIRECTORY = '$${directory:etc}'
def main(): def main():
...@@ -91,6 +91,7 @@ def main(): ...@@ -91,6 +91,7 @@ def main():
if target == 'firefox': if target == 'firefox':
firefox_capabilities = webdriver.common.desired_capabilities.DesiredCapabilities.FIREFOX firefox_capabilities = webdriver.common.desired_capabilities.DesiredCapabilities.FIREFOX
firefox_capabilities['marionette'] = True firefox_capabilities['marionette'] = True
firefox_capabilities['acceptInsecureCerts'] = True
browser = webdriver.Firefox( browser = webdriver.Firefox(
capabilities=firefox_capabilities, capabilities=firefox_capabilities,
firefox_binary='${firefox-wrapper:location}', firefox_binary='${firefox-wrapper:location}',
......
...@@ -2,16 +2,16 @@ ...@@ -2,16 +2,16 @@
# BEWARE: This file is operated by slapos node # BEWARE: This file is operated by slapos node
# BEWARE: It will be overwritten automatically # BEWARE: It will be overwritten automatically
if [ ! -e $${nginx-configuration:ssl_crt} ] if [ ! -e $${nginx-configuration:ssl-crt} ]
then then
${openssl-output:openssl} genrsa -out $${nginx-configuration:ssl_key} 2048 ${openssl-output:openssl} genrsa -out $${nginx-configuration:ssl-key} 2048
${openssl-output:openssl} req -new \ ${openssl-output:openssl} req -new \
-subj "/C=AA/ST=Denial/L=Nowhere/O=Dis/CN=$${nginx-configuration:ip}" \ -subj "/C=AA/ST=Denial/L=Nowhere/O=Dis/CN=$${nginx-configuration:ip}" \
-key $${nginx-configuration:ssl_key} -out $${nginx-configuration:ssl_csr} -key $${nginx-configuration:ssl-key} -out $${nginx-configuration:ssl-csr}
${openssl-output:openssl} x509 -req -days 365 \ ${openssl-output:openssl} x509 -req -days 365 \
-in $${nginx-configuration:ssl_csr} \ -in $${nginx-configuration:ssl-csr} \
-signkey $${nginx-configuration:ssl_key} \ -signkey $${nginx-configuration:ssl-key} \
-out $${nginx-configuration:ssl_crt} -out $${nginx-configuration:ssl-crt}
fi fi
exec ${nginx-output:nginx} \ exec ${nginx-output:nginx} \
......
...@@ -8,14 +8,14 @@ events { ...@@ -8,14 +8,14 @@ events {
# multi_accept on; # multi_accept on;
} }
error_log $${nginx-configuration:error_log}; error_log $${nginx-configuration:error-log};
http {
http {
## ##
# Basic Settings # Basic Settings
## ##
sendfile on; sendfile on;
tcp_nopush on; tcp_nopush on;
tcp_nodelay on; tcp_nodelay on;
...@@ -32,14 +32,14 @@ http { ...@@ -32,14 +32,14 @@ http {
## ##
# Logging Settings # Logging Settings
## ##
access_log $${nginx-configuration:access_log}; access_log $${nginx-configuration:access-log};
error_log $${nginx-configuration:error_log}; error_log $${nginx-configuration:error-log};
## ##
# Gzip Settings # Gzip Settings
## ##
gzip on; gzip on;
gzip_disable "msie6"; gzip_disable "msie6";
...@@ -51,11 +51,9 @@ http { ...@@ -51,11 +51,9 @@ http {
gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_types text/html text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
server { server {
listen [$${nginx-configuration:ip}]:$${nginx-configuration:port}; listen [$${nginx-configuration:ip}]:$${nginx-configuration:port} ssl;
ssl_certificate $${nginx-configuration:ssl-crt};
# ssl on; ssl_certificate_key $${nginx-configuration:ssl-key};
# ssl_certificate $${nginx-configuration:ssl_crt};
# ssl_certificate_key $${nginx-configuration:ssl_key};
fastcgi_temp_path $${directory:varnginx} 1 2; fastcgi_temp_path $${directory:varnginx} 1 2;
uwsgi_temp_path $${directory:varnginx} 1 2; uwsgi_temp_path $${directory:varnginx} 1 2;
...@@ -74,31 +72,31 @@ server { ...@@ -74,31 +72,31 @@ server {
return 204; return 204;
} }
location /renderjs location /renderjs
{ {
alias ${renderjs-repository.git:location}; alias ${renderjs-repository.git:location};
autoindex on; autoindex on;
disable_symlinks on; disable_symlinks on;
} }
location /jio location /jio
{ {
alias ${jio-repository.git:location}; alias ${jio-repository.git:location};
autoindex on; autoindex on;
disable_symlinks on; disable_symlinks on;
} }
location /rsvp location /rsvp
{ {
alias ${rsvp-repository.git:location}; alias ${rsvp-repository.git:location};
autoindex on; autoindex on;
disable_symlinks on; disable_symlinks on;
} }
location /uritemplate location /uritemplate
{ {
alias ${uritemplate-repository.git:location}; alias ${uritemplate-repository.git:location};
autoindex on; autoindex on;
disable_symlinks on; disable_symlinks on;
} }
location / location /
{ {
root $${directory:www}; root $${directory:www};
# autoindex on; # autoindex on;
disable_symlinks on; disable_symlinks on;
......
...@@ -52,14 +52,14 @@ class TestJSTestNode(InstanceTestCase): ...@@ -52,14 +52,14 @@ class TestJSTestNode(InstanceTestCase):
self.assertEqual( self.assertEqual(
{ {
'nginx': 'http://[%s]:9443/' % (self.computer_partition_ipv6_address, ) 'nginx': 'https://[%s]:9443/' % (self.computer_partition_ipv6_address, )
}, },
connection_dict connection_dict
) )
# jio tests # jio tests
result = requests.get( result = requests.get(
'%sjio/test/tests.html' % (connection_dict['nginx'], ), allow_redirects=False) '%sjio/test/tests.html' % (connection_dict['nginx'], ), verify=False, allow_redirects=False)
self.assertEqual( self.assertEqual(
[requests.codes.ok, False], [requests.codes.ok, False],
[result.status_code, result.is_redirect] [result.status_code, result.is_redirect]
...@@ -67,7 +67,7 @@ class TestJSTestNode(InstanceTestCase): ...@@ -67,7 +67,7 @@ class TestJSTestNode(InstanceTestCase):
# rjs tests # rjs tests
result = requests.get( result = requests.get(
'%srenderjs/test/' % (connection_dict['nginx'], ), allow_redirects=False) '%srenderjs/test/' % (connection_dict['nginx'], ), verify=False, allow_redirects=False)
self.assertEqual( self.assertEqual(
[requests.codes.ok, False], [requests.codes.ok, False],
[result.status_code, result.is_redirect] [result.status_code, result.is_redirect]
...@@ -75,7 +75,7 @@ class TestJSTestNode(InstanceTestCase): ...@@ -75,7 +75,7 @@ class TestJSTestNode(InstanceTestCase):
# rsvp tests # rsvp tests
result = requests.get( result = requests.get(
'%srsvp/test/index.html' % (connection_dict['nginx'], ), allow_redirects=False) '%srsvp/test/index.html' % (connection_dict['nginx'], ), verify=False, allow_redirects=False)
self.assertEqual( self.assertEqual(
[requests.codes.ok, False], [requests.codes.ok, False],
[result.status_code, result.is_redirect] [result.status_code, result.is_redirect]
...@@ -83,7 +83,7 @@ class TestJSTestNode(InstanceTestCase): ...@@ -83,7 +83,7 @@ class TestJSTestNode(InstanceTestCase):
# Default access # Default access
result = requests.get( result = requests.get(
'http://[%s]:9443' % (self.computer_partition_ipv6_address, ), allow_redirects=False) 'https://[%s]:9443' % (self.computer_partition_ipv6_address, ), verify=False, allow_redirects=False)
self.assertEqual( self.assertEqual(
[requests.codes.forbidden, False], [requests.codes.forbidden, False],
[result.status_code, result.is_redirect] [result.status_code, result.is_redirect]
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment