1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
# This reg-test checks websocket support in regards with the server keyword
# 'ws'
varnishtest "h2 backend websocket management via server keyword"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && !ssllib_name_startswith(wolfSSL)'"
feature ignore_unknown_macro
# haproxy server
haproxy hapsrv -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe
bind "fd@${fe}"
bind "fd@${fessl}" ssl crt ${testdir}/common.pem alpn h2,http/1.1
capture request header sec-websocket-key len 128
http-request set-var(txn.ver) req.ver
use_backend be
backend be
# define websocket ACL
acl ws_handshake hdr(upgrade) -m str websocket
# handle non-ws streams
http-request return status 200 if !ws_handshake
# handle ws streams
#capture request header sec-websocket-key len 128
http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "%[capture.req.hdr(0),concat(258EAFA5-E914-47DA-95CA-C5AB0DC85B11,,),sha1,base64]" if ws_handshake
http-after-response set-status 101 if { status eq 200 } { res.hdr(upgrade) -m str websocket }
http-after-response set-header x-backend-protocol "%[var(txn.ver)]"
} -start
# haproxy LB
haproxy hap -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
defaults
mode http
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
# proto X ws h1 -> websocket on h1
listen li
bind "fd@${li}"
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2 ws h1
# proto X ws h2 -> websocket on h2
listen lih2
bind "fd@${lih2}"
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2 ws h2
# alpn h2,http/1.1 ws h2 -> websocket on h2
listen lisslh2
bind "fd@${lisslh2}"
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1 ws h2
http-response set-header x-alpn "%[ssl_bc_alpn]"
# ws auto -> websocket on h1
listen liauto
bind "fd@${liauto}"
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port}
# alpn h2,http/1.1 ws auto -> websocket on h1
listen lissl
bind "fd@${lissl}"
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1 ws auto
http-response set-header x-alpn "%[ssl_bc_alpn]"
# alpn h2,http/1.1 ws auto -> websocket on h1
listen lisslauto
bind "fd@${lisslauto}"
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1
http-response set-header x-alpn "%[ssl_bc_alpn]"
# proto h2 ws auto -> websocket on h2
listen liauto2
bind "fd@${liauto2}"
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2
# alpn h2 ws auto -> websocket on h2
listen lisslauto2
bind "fd@${lisslauto2}"
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2 ws auto
http-response set-header x-alpn "%[ssl_bc_alpn]"
} -start
client c1 -connect ${hap_li_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-backend-protocol == "1.1"
} -run
client c1.2 -connect ${hap_lih2_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-backend-protocol == "2.0"
} -run
client c1.3 -connect ${hap_liauto_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-backend-protocol == "1.1"
} -run
client c1.4 -connect ${hap_liauto2_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-backend-protocol == "2.0"
} -run
client c2 -connect ${hap_lisslauto_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-alpn == "http/1.1"
} -run
client c2.2 -connect ${hap_lisslauto2_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-alpn == "h2"
} -run
client c2.3 -connect ${hap_lisslh2_sock} {
txreq \
-req "GET" \
-url "/" \
-hdr "host: 127.0.0.1" \
-hdr "connection: upgrade" \
-hdr "upgrade: websocket" \
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
rxresp
expect resp.status == 101
expect resp.http.x-alpn == "h2"
} -run
|
