Skip to content

Commit

Permalink
Add basic docker integration test
Browse files Browse the repository at this point in the history
  • Loading branch information
Javex committed May 23, 2024
1 parent cfbf826 commit 4ac2b55
Show file tree
Hide file tree
Showing 5 changed files with 87 additions and 1 deletion.
19 changes: 19 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
FROM caddy:2.7-builder AS builder

COPY ./fail2ban.go /src/caddy-fail2ban/
COPY ./go.sum /src/caddy-fail2ban/
COPY ./go.mod /src/caddy-fail2ban/
RUN xcaddy build \
--with github.com/Javex/caddy-fail2ban=/src/caddy-fail2ban

FROM caddy:2.7

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

RUN apk update && apk add fail2ban curl bash
RUN rm /etc/fail2ban/jail.d/alpine-ssh.conf
COPY ./fail2ban/caddy-banfile.conf /etc/fail2ban/action.d/caddy-banfile.conf
COPY ./test/caddy-test.local /etc/fail2ban/jail.d/caddy-test.local
COPY ./test/caddy-fail2ban-test.sh /usr/local/bin/
RUN chmod u+x /usr/local/bin/caddy-fail2ban-test.sh

18 changes: 17 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,20 @@ Now in any of your jails if you want to block requests at the HTTP layer, you ca
action = caddy-banfile[banfile_path="/etc/caddy/banned-ips"]
```

The above path is the default so you can omit the `banfile_path` parameter if you like.
The above path is the default so you can omit the `banfile_path` parameter if you like.

## Running tests

First run the go unit tests, then spin up a docker container to test the
integration with fail2ban

```
go build -v ./...
go test -v ./...
sudo docker build . -t caddy-fail2ban
sudo docker run --rm --name caddy-fail2ban --detach -v $PWD/test/Caddyfile:/etc/caddy/Caddyfile caddy-fail2ban
sudo docker exec -it caddy-fail2ban /usr/local/bin/caddy-fail2ban-test.sh
sudo docker logs caddy-fail2ban
sudo docker stop caddy-fail2ban
```
15 changes: 15 additions & 0 deletions test/Caddyfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{
log {
level DEBUG
}
}

127.0.0.1:80 {
@banned {
fail2ban /srv/banned-ips
}
handle @banned {
abort
}
respond "ok"
}
26 changes: 26 additions & 0 deletions test/caddy-fail2ban-test.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
#!/bin/bash

set -euo pipefail

fail2ban-server
sleep 1

output=$(curl http://127.0.0.1)
if [ "$output" != "ok" ]; then
echo "Expected 'ok' output, got '${output}'"
exit 1
fi

fail2ban-client set caddy_test banip 127.0.0.1

set +e
curl http://127.0.0.1
curl_exit_code=$?
set -e
if [ $curl_exit_code -eq 0 ]; then
echo "Expected curl to exit with non-zero exit code, but it was successful";
exit 1
fi

echo "Success!"
exit 0
10 changes: 10 additions & 0 deletions test/caddy-test.local
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[caddy_test]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = bitwarden
maxretry = 3
bantime = 86400
findtime = 43200
action = caddy-banfile[banfile_path="/srv/banned-ips"]

0 comments on commit 4ac2b55

Please sign in to comment.