force add ssl certs and verify SSL stats

Author: dakshinai

.gitignore

@@ -1,6 +1,5 @@
 # NGINX Plus license files
-*.crt
-*.key
+
 
 # Visual Studio Code settings
 .vscode

compose.yaml

@@ -10,6 +10,12 @@ services:
       - type: bind
         source: ./docker/nginx.conf
         target: /etc/nginx/nginx.conf
+      - type: bind
+        source: ./docker/foo.crt
+        target: /etc/nginx/foo.crt
+      - type: bind
+        source: ./docker/foo.key
+        target: /etc/nginx/foo.key
     networks:
       default:
         aliases:

docker/foo.crt

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7kj3B7jmw+Tax
+Ph2BHrcr65q4Pv+6hTNQBpYwQzNe/rcH5iZqZAl0FvM3fLmtR26rBgjoeQEQ5LpN
+XJtGZJQ/6UQAS7YAqm1ug93VH/v0iOcvXVqi/vN8VyYxoJ5dOmWChcAr+tm1v6Kx
+DBOA5RfPPbhxajWndhyaLMeHadQuj2OeeGKLGxS1/7K0ukPlqbe3uTULLkkq6DEd
+vgjT9A44IDixJLIggnNVNJCU6uZH4PzsVDVvDuCidG3vuIxmK6VfZLRPyEetXYIR
+SkoMiQMftnm2mrvpsHFJrQQ1slzn6jwsqX/tJUdt3pMEdn35hU6p2VzoAARTWfIq
+q0IVTlEtAgMBAAECggEAQqPudRwiOxIPsGEVMm6rPVtzmMopKSdx15i/e14kvjdY
+5+GI/HuWMDyHJMuXXEzosLJwL8ft7QaWei3QrO3HDf3ePwynGQ1z27PV+IZoibSq
+DlXogch60U5VL4SVPyIkNn82i2mQN9ZiAuz7cOvzzZlsEj9d2KVJ/Cy0pxOeYvvK
+17PlnJQFECInamBZNvJiwQ7no3MSE1fy3HqCTUieUX9U/Mcxoz7sMF19A/CdBSEX
+XklH1RW1v93x94cnuEr9xiSOj97EtJevz4QvPPGsIc5kdijsRO2iAIVxYSoMqe2b
+b1l/LdWY23g/iXJh9taxWlOIuaulqmXSkC8RACaFMQKBgQDlKT/UWV5k0ZiYH1tl
+2vUI3R/sjIEZEKvQH49i/bK4jle5nVVj+dYeVY1zx25pfZQ+0fk2oI6QrtweL+6K
+IsPkUmKEfRffBb75ITDoEIRE7PnKYCvtNXRHqvLduHMconWwSFobBsTnQwjWCicy
+VJFXNfKG/WPIRicJxpcGUy8oNwKBgQDRigllVTW+DTk9MFqmX16Cks6qaNVS3POG
+okuv6QvF36OSKbWNGguNV9sJQqvuD2k8PZ6F+J2orudSMh8SaNhnoTDtrKIFfWU5
+6rvaj8blpx7zzm98APT5CzqMGGkCvs++R+lhNoqFiZjLbZnNR7X/nx99mA7k84Vb
+dgxkZzkXuwKBgBUTDQ6vRVIKQHlE8PfWAhDVnRj49upiMRrLvDkDUctNM94bDP5L
+vJg/j+mk3o+O//IjB0Mx0sqVeiLAj7RebBt0RCEhC+/zrFNm7QN6eV+JV5N38rI2
+50GsA/fF/bgVbLNQhBDWN4d5D7f3aRFk25TknjAx31pMsUxh2gO35K9TAoGAT23/
+D82UOL30g7BvvH+MaPzToJ9qtiWRnuiovj8eOl0DOWXcL2e/F05FdqYyXGS1JKPL
+Esfio83hXDQpuSXLWsUssfvt0xzsoV7M5RX5dJa8UflgI2aNdlZ+VBrwu5yvTVcf
+Lb2qFuLI69xZIArd/89G9aoNg1aYp8oA+pJyfv8CgYBNcpc+V4cX/tcuc3vyPhq2
+wO9kV74hEmaMpJCBavT/3+PFXotbXX0YpIwozdXDPnny/Eav/pLPCqNAqOn0xvie
+beO3A5O912XD7nVl+0C4wrVv0ik+KdKEi2LY1E7wIdsXsLBf5MGKg7Dvkh4OpdUz
+q1XwdydRW0TZXdRRITYpQQ==
+-----END PRIVATE KEY-----

docker/foo.key

@@ -31,6 +31,9 @@ http {
     keyval_zone zone=zone_one:32k;
     keyval $arg_text $text zone=zone_one;
 
+    ssl_certificate /etc/nginx/foo.crt;
+    ssl_certificate_key /etc/nginx/foo.key;
+
     include /etc/nginx/conf.d/*.conf;
 }
 

docker/nginx.conf

@@ -650,7 +650,20 @@ func TestStats(t *testing.T) {
 	if stats.HTTPRequests.Total < 1 {
 		t.Errorf("Bad HTTPRequests: %v", stats.HTTPRequests)
 	}
-	// SSL metrics blank in this example
+	// log SSL stats
+	t.Logf("SSL.Handshakes : %v\n", stats.SSL.Handshakes)
+	t.Logf("SSL.HandshakesFailed : %v\n", stats.SSL.HandshakesFailed)
+	t.Logf("SSL.SessionReuses : %v\n", stats.SSL.SessionReuses)
+	t.Logf("SSL.NoCommonProtocol : %v\n", stats.SSL.NoCommonProtocol)
+	t.Logf("SSL.NoCommonCipher : %v\n", stats.SSL.NoCommonCipher)
+	t.Logf("SSL.HandshakeTimeout : %v\n", stats.SSL.HandshakeTimeout)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.PeerRejectedCert)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.VerifyFailures.NoCert)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.VerifyFailures.ExpiredCert)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.VerifyFailures.RevokedCert)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.VerifyFailures.HostnameMismatch)
+	t.Logf("SSL.PeerRejectedCert : %v\n", stats.SSL.VerifyFailures.Other)
+
 	if len(stats.ServerZones) < 1 {
 		t.Errorf("No ServerZone metrics: %v", stats.ServerZones)
 	}