fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros

- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue - Update loader.go to hold tcObjs/sslObjs separately with correct field names: UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit, KprobeAccept4Entry, KretprobeAccept4Exit - Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10) so that %{_unitdir} macro resolves correctly - RPMs now build successfully for el8, el9, el10 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-11 23:21:11 +02:00
parent a1e4c1dad5
commit 3b047b680a
155 changed files with 197011 additions and 599 deletions
--- a/tests/integration/nginx-varnish/platform/nginx.conf
+++ b/tests/integration/nginx-varnish/platform/nginx.conf
@ -0,0 +1,74 @@
+# nginx.conf — Stack nginx + varnish
+# nginx : TLS frontend (port 443) + proxy vers Varnish (port 6081)
+# Port 80 : redirige vers HTTPS
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /run/nginx/nginx.pid;
+
+events {
+    worker_connections 1024;
+    use epoll;
+}
+
+http {
+    include      /etc/nginx/mime.types;
+    default_type application/octet-stream;
+    sendfile on;
+    keepalive_timeout 65;
+    keepalive_requests 200;
+
+    log_format main '$remote_addr [$time_local] "$request" $status '
+                    'ssl=$ssl_protocol via_varnish=$upstream_http_x_varnish';
+    access_log /var/log/nginx/access.log main;
+
+    # Backend Varnish (HTTP cleartext, pas de TLS)
+    upstream varnish_backend {
+        server 127.0.0.1:6081;
+        keepalive 32;
+    }
+
+    # ── Port 80 ─────────────────────────────────────────────────────────────
+    server {
+        listen 80;
+        server_name _;
+        location /health {
+            return 200 '{"status":"ok","stack":"nginx-varnish"}';
+            add_header Content-Type application/json;
+        }
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+
+    # ── Port 443 (TLS frontend → proxy Varnish) ──────────────────────────────
+    server {
+        listen 443 ssl;
+        http2 on;
+        server_name _;
+
+        ssl_certificate     /etc/pki/tls/certs/nginx.crt;
+        ssl_certificate_key /etc/pki/tls/private/nginx.key;
+        ssl_protocols       TLSv1.2 TLSv1.3;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        ssl_session_cache   shared:SSL:10m;
+
+        # Transmission de l'IP réelle du client vers Varnish
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host            $http_host;
+
+        location /health {
+            return 200 '{"status":"ok","stack":"nginx-varnish","tls":true}';
+            add_header Content-Type application/json;
+        }
+
+        location / {
+            proxy_pass         http://varnish_backend;
+            proxy_http_version 1.1;
+            # HTTP/2 terminé côté nginx ; nginx→Varnish est HTTP/1.1 cleartext
+            proxy_set_header   Connection "";
+        }
+    }
+}