Replies: 1 comment
-
Thanks for investigating this 👍🏻 I agree that there is no point testing something that's not really related to the template but rather a core nginx behavior. Those tests indeed seem no longer relevant, and we should remove them. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
@buchdag Just to discuss! Maybe I am wrong but I had another look at the test_restart_while_missing_cert.py stress test because of the xfails / xpasses. I like 100% green pass☺️ And I think we are trying to test things we cannot test.
After deleting the certificates and restarting the container, the Nginx process "emergs" and the container stops (status: "exited"). This is expected nginx behaviour. You cannot start nginx with a broken config.
Deleting the certificates, and trying to test or reload (nginx -T or nginx -s reload) just gives a warning about the missing certs, but the old (deleted) cert is still in memory and active. Effectively nginx prevents the user to load an invalid or missing file.
nginx: [emerg] cannot load certificate "/etc/nginx/certs/web.nginx-proxy.crt": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/nginx/certs/web.nginx-proxy.crt, r) error:10000080:BIO routines::no such file)
I tried to find out if this behaviour was different at the time this test was created (2017) and I think in version 1.15.0 this safety was introduced:
So I wanted to discuss what we should do. Remove this obsolete test completely?
Or keep it, but just check that after hard deleting the certs, the config is now invalidated (not sure why we should do that, as it's an nginx function not nginx-proxy)
Please let me know how you think about this.
Beta Was this translation helpful? Give feedback.
All reactions