diff --git a/Dockerfile b/Dockerfile index b7ff565..5b431b2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,4 +11,4 @@ RUN openssl req -x509 -newkey rsa:4096 -nodes \ -keyout /etc/ssl/private/domain.abc.pem \ -out /etc/ssl/certs/domain.abc.pem \ -sha256 -days 365 -subj '/CN=domain.abc' \ - -addext "subjectAltName=DNS:domain.abc" + -addext "subjectAltName=DNS:domain.abc,DNS:git.domain.abc" diff --git a/Makefile b/Makefile index 9e6395b..ea19113 100644 --- a/Makefile +++ b/Makefile @@ -14,6 +14,7 @@ test: -v $(PWD):/opt/app \ --network no-internet \ --add-host=domain.abc=$(loopback) \ + --add-host=git.domain.abc=$(loopback) \ $(image)); \ docker exec -t $$ct busted; \ docker exec $$ct openresty -s stop diff --git a/conf/conf.d/default.conf b/conf/conf.d/default.conf index b5f5a68..ab546c6 100644 --- a/conf/conf.d/default.conf +++ b/conf/conf.d/default.conf @@ -63,3 +63,19 @@ server { # deny all; #} } + +server { + listen 443 ssl; + server_name git.domain.abc; + + location / { + client_max_body_size 1024M; + proxy_pass http://unix:/run/gitea/gitea.socket; + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/spec/nginx_spec.moon b/spec/nginx_spec.moon index 2334cc6..d2f49d3 100644 --- a/spec/nginx_spec.moon +++ b/spec/nginx_spec.moon @@ -19,8 +19,30 @@ describe "https://domain.abc", -> assert.same request\body!\match("%s+(.-)%s+"), "hello world!" describe "http://domain.abc", -> - it "redirects to https", -> + it "redirects to https permanently", -> request = req "http://domain.abc" assert.same request\statusCode!, 301 assert.same request\statusMessage!, "Moved Permanently" assert.same request\header!.Location, "https://domain.abc/" + +describe "https://git.domain.abc", -> + it "reverse-proxy's request to a gitea unix socket", -> + socket = fname: "unixstreamsrvr.moon", dir: "/run/gitea", owner: "nobody" + basepath = debug.getinfo(1).short_src\match"^(.*)/[^/]*$" or "." + seconds = 0.1 + + os.execute "install -o #{socket.owner} -d #{socket.dir}" + cmd = "su -s /bin/bash -c 'moon %s' %s" + server = io.popen cmd\format "#{basepath}/#{socket.fname}", socket.owner + os.execute "sleep #{seconds}" + f = io.popen "find #{socket.dir} -type s -ls", "r" + result = with f\read "*a" + f\close! + assert.truthy result\match "nobody%s+nogroup.+#{socket.dir}/gitea.socket" + + req "https://git.domain.abc" + + reqheader = with server\read "*a" + server\close! + + assert.truthy reqheader\match "Host: git.domain.abc" diff --git a/spec/unixstreamsrvr.moon b/spec/unixstreamsrvr.moon new file mode 100644 index 0000000..eff5eeb --- /dev/null +++ b/spec/unixstreamsrvr.moon @@ -0,0 +1,15 @@ +-- modified from +-- https://github.com/lunarmodules/luasocket/blob/4844a48fbf76b0400fd7b7e4d15d244484019df1/test/unixstreamsrvr.lua +socket = require "socket" +socket.unix = require "socket.unix" +u = assert socket.unix.stream! +assert u\bind "/run/gitea/gitea.socket" +assert u\listen! +assert u\settimeout 1 +c = assert u\accept! + +while true + m = assert c\receive! + break if m == "" + print m +