nixpkgs/nixos/tests/nginx-auth.nix

import ./make-test-python.nix ({ pkgs, ... }: {
  name = "nginx-auth";

  nodes = {
    webserver = { pkgs, lib, ... }: {
      services.nginx = let
        root = pkgs.runCommand "testdir" {} ''
          mkdir "$out"
          echo hello world > "$out/index.html"
        '';
      in {
        enable = true;

        virtualHosts.lockedroot = {
          inherit root;
          basicAuth.alice = "jane";
        };

        virtualHosts.lockedsubdir = {
          inherit root;
          locations."/sublocation/" = {
            alias = "${root}/";
            basicAuth.bob = "john";
          };
        };
      };
    };
  };

  testScript = ''
    webserver.wait_for_unit("nginx")
    webserver.wait_for_open_port(80)

    webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot")
    webserver.succeed(
        "curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot"
    )

    webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir")
    webserver.fail(
        "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html"
    )
    webserver.succeed(
        "curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html"
    )
  '';
})
nginx: test basic auth 2020-10-20 16:05:41 +00:00			`import ./make-test-python.nix ({ pkgs, ... }: {`
			`name = "nginx-auth";`

			`nodes = {`
			`webserver = { pkgs, lib, ... }: {`
			`services.nginx = let`
			`root = pkgs.runCommand "testdir" {} ''`
			`mkdir "$out"`
			`echo hello world > "$out/index.html"`
			`'';`
			`in {`
			`enable = true;`

			`virtualHosts.lockedroot = {`
			`inherit root;`
			`basicAuth.alice = "jane";`
			`};`

			`virtualHosts.lockedsubdir = {`
			`inherit root;`
			`locations."/sublocation/" = {`
			`alias = "${root}/";`
			`basicAuth.bob = "john";`
			`};`
			`};`
			`};`
			`};`
			`};`

			`testScript = ''`
			`webserver.wait_for_unit("nginx")`
			`webserver.wait_for_open_port(80)`

			`webserver.fail("curl --fail --resolve lockedroot:80:127.0.0.1 http://lockedroot")`
			`webserver.succeed(`
			`"curl --fail --resolve lockedroot:80:127.0.0.1 http://alice:jane@lockedroot"`
			`)`

			`webserver.succeed("curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir")`
			`webserver.fail(`
			`"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://lockedsubdir/sublocation/index.html"`
			`)`
			`webserver.succeed(`
			`"curl --fail --resolve lockedsubdir:80:127.0.0.1 http://bob:john@lockedsubdir/sublocation/index.html"`
			`)`
			`'';`
			`})`