Accept HTTP1 in naive inbound

2022-08-23 13:22:03 +08:00
parent c9b7acd22c
commit 9edfe7d9d3
12 changed files with 356 additions and 118 deletions
--- a/test/clash_test.go
+++ b/test/clash_test.go
@@ -35,6 +35,7 @@ const (
 	ImageNaive                 = "pocat/naiveproxy:client"
 	ImageBoringTun             = "ghcr.io/ntkme/boringtun:edge"
 	ImageHysteria              = "tobyxdd/hysteria:latest"
+	ImageNginx                 = "nginx:stable"
 )

 var allImages = []string{
@@ -45,6 +46,7 @@ var allImages = []string{
 	ImageNaive,
 	ImageBoringTun,
 	ImageHysteria,
+	// ImageNginx,
 }

 var localIP = netip.MustParseAddr("127.0.0.1")
--- a/test/config/naive-nginx.conf
+++ b/test/config/naive-nginx.conf
@@ -0,0 +1,22 @@
+server {
+    listen 10000 ssl http2;
+    listen [::]:10000 ssl http2;
+
+    server_name example.org;
+    ssl_certificate /etc/nginx/cert.pem;
+    ssl_certificate_key /etc/nginx/key.pem;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+    ssl_session_tickets off;
+
+    # modern configuration
+    ssl_protocols TLSv1.3;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location / {
+        proxy_pass http://127.0.0.1:10003;
+    }
+}
--- a/test/hysteria_test.go
+++ b/test/hysteria_test.go
@@ -15,7 +15,7 @@ func TestHysteriaSelf(t *testing.T) {
 	_, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{
@@ -93,7 +93,7 @@ func TestHysteriaInbound(t *testing.T) {
 	caPem, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{
@@ -146,7 +146,7 @@ func TestHysteriaOutbound(t *testing.T) {
 	})
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{
--- a/test/naive_test.go
+++ b/test/naive_test.go
@@ -10,6 +10,55 @@ import (
 	"github.com/sagernet/sing/common/network"
 )

+// FIXME: nginx do not support CONNECT
+func _TestNaiveInboundWithNingx(t *testing.T) {
+	caPem, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
+	startInstance(t, option.Options{
+		Log: &option.LogOptions{
+			Level: "trace",
+		},
+		Inbounds: []option.Inbound{
+			{
+				Type: C.TypeNaive,
+				NaiveOptions: option.NaiveInboundOptions{
+					ListenOptions: option.ListenOptions{
+						Listen:     option.ListenAddress(netip.IPv4Unspecified()),
+						ListenPort: otherPort,
+					},
+					Users: []auth.User{
+						{
+							Username: "sekai",
+							Password: "password",
+						},
+					},
+					Network: network.NetworkTCP,
+				},
+			},
+		},
+	})
+	startDockerContainer(t, DockerOptions{
+		Image: ImageNginx,
+		Ports: []uint16{serverPort, otherPort},
+		Bind: map[string]string{
+			"naive-nginx.conf": "/etc/nginx/conf.d/naive.conf",
+			certPem:            "/etc/nginx/cert.pem",
+			keyPem:             "/etc/nginx/key.pem",
+		},
+	})
+	startDockerContainer(t, DockerOptions{
+		Image: ImageNaive,
+		Ports: []uint16{serverPort, clientPort},
+		Bind: map[string]string{
+			"naive.json": "/etc/naiveproxy/config.json",
+			caPem:        "/etc/naiveproxy/ca.pem",
+		},
+		Env: []string{
+			"SSL_CERT_FILE=/etc/naiveproxy/ca.pem",
+		},
+	})
+	testTCP(t, clientPort, testPort)
+}
+
 func TestNaiveInbound(t *testing.T) {
 	caPem, certPem, keyPem := createSelfSignedCertificate(t, "example.org")
 	startInstance(t, option.Options{
--- a/test/shadowsocks_test.go
+++ b/test/shadowsocks_test.go
@@ -18,6 +18,7 @@ const (
 	serverPort uint16 = 10000 + iota
 	clientPort
 	testPort
+	otherPort
 )

 func TestShadowsocks(t *testing.T) {
@@ -199,7 +200,7 @@ func TestShadowsocksUoT(t *testing.T) {
 	password := mkBase64(t, 16)
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{
--- a/test/v2ray_transport_test.go
+++ b/test/v2ray_transport_test.go
@@ -310,7 +310,7 @@ func testV2RayTransportNOTLSSelf(t *testing.T, transport *option.V2RayTransportO
 	require.NoError(t, err)
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{
--- a/test/wireguard_test.go
+++ b/test/wireguard_test.go
@@ -22,7 +22,7 @@ func TestWireGuard(t *testing.T) {
 	time.Sleep(5 * time.Second)
 	startInstance(t, option.Options{
 		Log: &option.LogOptions{
-			Level: "trace",
+			Level: "error",
 		},
 		Inbounds: []option.Inbound{
 			{