Add subdomain proxy on unix socket and test

Dockerfile

@@ -11,4 +11,4 @@ RUN openssl req -x509 -newkey rsa:4096 -nodes \
       -keyout /etc/ssl/private/domain.abc.pem \
       -out /etc/ssl/certs/domain.abc.pem \
       -sha256 -days 365 -subj '/CN=domain.abc' \
-      -addext "subjectAltName=DNS:domain.abc"
+      -addext "subjectAltName=DNS:domain.abc,DNS:git.domain.abc"

Makefile

@@ -14,6 +14,7 @@ test:
 	   -v $(PWD):/opt/app \
 	   --network no-internet \
 	   --add-host=domain.abc=$(loopback) \
+	   --add-host=git.domain.abc=$(loopback) \
 	   $(image)); \
 	docker exec -t $$ct busted; \
 	docker exec $$ct openresty -s stop

conf/conf.d/default.conf

@@ -63,3 +63,19 @@ server {
     #    deny  all;
     #}
 }
+
+server {
+    listen 443 ssl;
+    server_name git.domain.abc;
+
+    location / {
+        client_max_body_size 1024M;
+        proxy_pass http://unix:/run/gitea/gitea.socket;
+        proxy_set_header Connection $http_connection;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

spec/nginx_spec.moon

@@ -19,8 +19,30 @@ describe "https://domain.abc", ->
     assert.same request\body!\match("<body>%s+(.-)%s+</body>"), "hello world!"
 
 describe "http://domain.abc", ->
-  it "redirects to https", ->
+  it "redirects to https permanently", ->
     request = req "http://domain.abc"
     assert.same request\statusCode!, 301
     assert.same request\statusMessage!, "Moved Permanently"
     assert.same request\header!.Location, "https://domain.abc/"
+
+describe "https://git.domain.abc", ->
+  it "reverse-proxy's request to a gitea unix socket", ->
+    socket = fname: "unixstreamsrvr.moon", dir: "/run/gitea", owner: "nobody"
+    basepath = debug.getinfo(1).short_src\match"^(.*)/[^/]*$" or "."
+    seconds = 0.1
+
+    os.execute "install -o #{socket.owner} -d #{socket.dir}"
+    cmd = "su -s /bin/bash -c 'moon %s' %s"
+    server = io.popen cmd\format "#{basepath}/#{socket.fname}", socket.owner
+    os.execute "sleep #{seconds}"
+    f = io.popen "find #{socket.dir} -type s -ls", "r"
+    result = with f\read "*a"
+      f\close!
+    assert.truthy result\match "nobody%s+nogroup.+#{socket.dir}/gitea.socket"
+
+    req "https://git.domain.abc"
+
+    reqheader = with server\read "*a"
+      server\close!
+
+    assert.truthy reqheader\match "Host: git.domain.abc"

spec/unixstreamsrvr.moon

@@ -0,0 +1,15 @@
+-- modified from
+-- https://github.com/lunarmodules/luasocket/blob/4844a48fbf76b0400fd7b7e4d15d244484019df1/test/unixstreamsrvr.lua
+socket = require "socket"
+socket.unix = require "socket.unix"
+u = assert socket.unix.stream!
+assert u\bind "/run/gitea/gitea.socket"
+assert u\listen!
+assert u\settimeout 1
+c = assert u\accept!
+
+while true
+  m = assert c\receive!
+  break if m == ""
+  print m
+