code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b047b680a31e7e3d0af83424b4ec344c6bb2ce3
ja4-platform/tests/integration/nginx-varnish/run-tests.sh
toto 3b047b680a fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros 
- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
  for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
  UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
  KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
  so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-11 23:21:11 +02:00

75 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# =============================================================================
# run-tests.sh — Tests d'intégration stack nginx + varnish + ja4ebpf
# =============================================================================
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
export STACK_NAME="nginx-varnish"
export COMPOSE_FILE="$SCRIPT_DIR/docker-compose.yml"
for arg in "$@"; do
case "$arg" in
--no-down) export KEEP_UP=true ;;
--build-only) export BUILD_ONLY=true ;;
esac
done
source "$SCRIPT_DIR/../lib/run-stack-tests.sh"
# ── Vérifications spécifiques nginx+varnish ───────────────────────────────────
stack_verify_extra() {
# Vérifie la présence du header Via Varnish dans les réponses HTTPS
local via_hdr
via_hdr=$(docker compose -f "$COMPOSE_FILE" exec -T platform \
curl -skI https://localhost/ 2>/dev/null | grep -i "^Via:" | tr -d '\r' || echo "")
if echo "$via_hdr" | grep -qi "varnish"; then
pass "Header Via: varnish présent — traffic bien routé nginx→Varnish"
else
warn "Header Via varnish absent (via='$via_hdr') — Varnish peut-être bypassé"
fi
# Vérifie X-Cache (HIT/MISS de Varnish)
local xcache1 xcache2
xcache1=$(docker compose -f "$COMPOSE_FILE" exec -T platform \
curl -sk https://localhost/api/cached -o /dev/null -w "%{http_code}" 2>/dev/null || echo "")
# Deuxième requête sur le même chemin → doit être un HIT Varnish
xcache2=$(docker compose -f "$COMPOSE_FILE" exec -T platform \
curl -skI https://localhost/api/cached 2>/dev/null | grep -i "^X-Cache:" | tr -d '\r' || echo "")
if echo "$xcache2" | grep -qi "HIT"; then
pass "Cache Varnish actif : X-Cache: HIT sur requête répétée"
else
warn "Cache Varnish non confirmé (X-Cache='$xcache2') — TTL cache peut-être expiré"
fi
# Vérifie que HTTP/2 est terminé côté nginx (pas propagé vers Varnish)
local http_ver
http_ver=$(docker compose -f "$COMPOSE_FILE" exec -T platform \
curl -sk --http2 -w "%{http_version}" -o /dev/null https://localhost/ 2>/dev/null || echo "")
if [ "$http_ver" = "2" ]; then
pass "HTTP/2 terminé par nginx (client↔nginx h2, nginx↔varnish HTTP/1.1)"
else
warn "HTTP/2 non négocié côté client (version: '$http_ver')"
fi
# Vérifie que ja4ebpf tourne
local ja4_pid
ja4_pid=$(docker compose -f "$COMPOSE_FILE" exec -T platform \
pgrep -x ja4ebpf 2>/dev/null | head -1 || echo "")
[ -n "$ja4_pid" ] && pass "ja4ebpf actif (PID $ja4_pid)" \
|| fail "ja4ebpf introuvable"
# Dans cette stack, les requêtes L7 passent via Varnish :
# on vérifie que header_order_signature est capturé malgré le proxy.
local sig_count
sig_count=$(ch_query "SELECT count() FROM ja4_logs.http_logs_raw WHERE header_order_signature != ''")
if [ "${sig_count:-0}" -gt 0 ] 2>/dev/null; then
pass "Signature ordre en-têtes capturée : $sig_count enregistrements"
else
warn "Signature ordre en-têtes absente (uprobe SSL_read peut-être inactif)"
fi
}
run_all_phases
Reference in New Issue View Git Blame Copy Permalink