mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 07:53:19 +00:00
Merge pull request #245893 from h7x4/move-nginx-status-page-declaration
This commit is contained in:
commit
899b60de3f
@ -261,23 +261,6 @@ let
|
||||
|
||||
${proxyCachePathConfig}
|
||||
|
||||
${optionalString cfg.statusPage ''
|
||||
server {
|
||||
listen ${toString cfg.defaultHTTPListenPort};
|
||||
${optionalString enableIPv6 "listen [::]:${toString cfg.defaultHTTPListenPort};" }
|
||||
|
||||
server_name localhost;
|
||||
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
${optionalString enableIPv6 "allow ::1;"}
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
''}
|
||||
|
||||
${vhosts}
|
||||
|
||||
${cfg.appendHttpConfig}
|
||||
@ -1177,6 +1160,21 @@ in
|
||||
services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli
|
||||
++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd;
|
||||
|
||||
services.nginx.virtualHosts.localhost = mkIf cfg.statusPage {
|
||||
listenAddresses = lib.mkDefault ([
|
||||
"0.0.0.0"
|
||||
] ++ lib.optional enableIPv6 "[::]");
|
||||
locations."/nginx_status" = {
|
||||
extraConfig = ''
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
${optionalString enableIPv6 "allow ::1;"}
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.nginx = {
|
||||
description = "Nginx Web Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -535,11 +535,12 @@ in {
|
||||
nginx-http3 = handleTest ./nginx-http3.nix {};
|
||||
nginx-modsecurity = handleTest ./nginx-modsecurity.nix {};
|
||||
nginx-njs = handleTest ./nginx-njs.nix {};
|
||||
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
|
||||
nginx-pubhtml = handleTest ./nginx-pubhtml.nix {};
|
||||
nginx-sandbox = handleTestOn ["x86_64-linux"] ./nginx-sandbox.nix {};
|
||||
nginx-sso = handleTest ./nginx-sso.nix {};
|
||||
nginx-status-page = handleTest ./nginx-status-page.nix {};
|
||||
nginx-variants = handleTest ./nginx-variants.nix {};
|
||||
nginx-proxyprotocol = handleTest ./nginx-proxyprotocol {};
|
||||
nifi = handleTestOn ["x86_64-linux"] ./web-apps/nifi.nix {};
|
||||
nitter = handleTest ./nitter.nix {};
|
||||
nix-ld = handleTest ./nix-ld.nix {};
|
||||
|
72
nixos/tests/nginx-status-page.nix
Normal file
72
nixos/tests/nginx-status-page.nix
Normal file
@ -0,0 +1,72 @@
|
||||
import ./make-test-python.nix ({ pkgs, ... }: {
|
||||
name = "nginx-status-page";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ h7x4 ];
|
||||
};
|
||||
|
||||
nodes = {
|
||||
webserver = { ... }: {
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
systemd.network.networks."01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig.Address = "10.0.0.1/24";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
virtualHosts."localhost".locations."/index.html".return = "200 'hello world\n'";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ curl ];
|
||||
};
|
||||
|
||||
client = { ... }: {
|
||||
virtualisation.vlans = [ 1 ];
|
||||
|
||||
networking = {
|
||||
useNetworkd = true;
|
||||
useDHCP = false;
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
systemd.network.networks."01-eth1" = {
|
||||
name = "eth1";
|
||||
networkConfig.Address = "10.0.0.2/24";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ curl ];
|
||||
};
|
||||
};
|
||||
|
||||
testScript = { nodes, ... }: ''
|
||||
start_all()
|
||||
|
||||
webserver.wait_for_unit("nginx")
|
||||
webserver.wait_for_open_port(80)
|
||||
|
||||
def expect_http_code(node, code, url):
|
||||
http_code = node.succeed(f"curl -w '%{{http_code}}' '{url}'")
|
||||
assert http_code.split("\n")[-1].strip() == code, \
|
||||
f"expected {code} but got following response:\n{http_code}"
|
||||
|
||||
with subtest("localhost can access status page"):
|
||||
expect_http_code(webserver, "200", "http://localhost/nginx_status")
|
||||
|
||||
with subtest("localhost can access other page"):
|
||||
expect_http_code(webserver, "200", "http://localhost/index.html")
|
||||
|
||||
with subtest("client can not access status page"):
|
||||
expect_http_code(client, "403", "http://10.0.0.1/nginx_status")
|
||||
|
||||
with subtest("client can access other page"):
|
||||
expect_http_code(client, "200", "http://10.0.0.1/index.html")
|
||||
'';
|
||||
})
|
@ -178,7 +178,7 @@ stdenv.mkDerivation {
|
||||
passthru = {
|
||||
inherit modules;
|
||||
tests = {
|
||||
inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-pubhtml nginx-sandbox nginx-sso nginx-proxyprotocol;
|
||||
inherit (nixosTests) nginx nginx-auth nginx-etag nginx-globalredirect nginx-http3 nginx-proxyprotocol nginx-pubhtml nginx-sandbox nginx-sso nginx-status-page;
|
||||
variants = lib.recurseIntoAttrs nixosTests.nginx-variants;
|
||||
acme-integration = nixosTests.acme;
|
||||
} // passthru.tests;
|
||||
|
Loading…
Reference in New Issue
Block a user