added Docker support for Header Testing Server

Author: L3thal14

.dockerignore

@@ -0,0 +1,80 @@
+# Git
+.git
+.gitignore
+.gitattributes
+
+# Documentation
+README.md
+README_original.md
+DOCKER_README.md
+CODE_OF_CONDUCT.md
+CONTRIBUTING.md
+CODEOWNERS
+
+# Docker
+Dockerfile
+docker-compose.yml
+.dockerignore
+
+# Python
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.Python
+env
+pip-log.txt
+pip-delete-this-directory.txt
+.tox
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.log
+.git
+.mypy_cache
+.pytest_cache
+.hypothesis
+
+# Poetry
+poetry.lock
+
+# Jupyter
+.ipynb_checkpoints
+
+# IDE
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Temporary files
+*.tmp
+*.temp
+*.bak
+*.backup
+
+# Logs
+*.log
+logs/
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+
+# Test results
+test-results/
+results/

Dockerfile

@@ -0,0 +1,34 @@
+FROM ubuntu:22.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV PYTHONUNBUFFERED=1
+
+# Set working directory
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    curl git postgresql-client tzdata sudo \
+    build-essential libssl-dev zlib1g-dev libcap2-bin \
+    libbz2-dev libreadline-dev libsqlite3-dev \
+    libncursesw5-dev xz-utils tk-dev libxml2-dev \
+    libxmlsec1-dev libffi-dev liblzma-dev \
+    libatk-bridge2.0-0 libdbus-glib-1-2 \
+    libnss3-dev libgdk-pixbuf2.0-dev libgtk-3-dev libxss-dev \
+    libasound2 unzip x11vnc xvfb fluxbox \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY . /app
+WORKDIR /app/_hp
+RUN chmod +x setup.bash
+RUN bash ./setup.bash
+ENV PATH="/root/.local/bin:${PATH}"
+WORKDIR /app
+# Add entrypoint script
+COPY entrypoint.sh /app/entrypoint.sh
+RUN chmod +x /app/entrypoint.sh
+
+# Expose ports
+EXPOSE 80 443 8443 9000
+
+# WORKDIR /app

README.md

@@ -20,6 +20,7 @@ Our modified version of the wptserve HTTP server implementation can be found in
 - Manually check if the server and the tests are working: Visit http://sub.headers.websec.saarland:80/_hp/tests/framing.sub.html and confirm that tests are loaded and executed.
 - Optional: Run tests to check that everything is working correctly: `poetry run -C _hp pytest _hp`
 - Optional: Change the used domains in [_hp/wpt-config.json](_hp/wpt-config.json) and [_hp/host-config.txt](_hp/host-config.txt)
+- To run it inside a Docker container: `docker compose up --build`. This should spin up the server.
 
 
 ## Reproduce or Enhance our Results

docker-compose.yml

@@ -0,0 +1,52 @@
+services:
+  postgres:
+    image: postgres:15
+    environment:
+      POSTGRES_DB: http_header_demo
+      POSTGRES_USER: header_user
+      POSTGRES_PASSWORD: header_password
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    ports:
+      - "5432:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U header_user -d http_header_demo"]
+      interval: 10s
+      timeout: 10s
+      retries: 10
+
+  header-testing-server:
+    build: .
+    extra_hosts:
+      - "headers.websec.saarland:0.0.0.0"
+      - "sub.headers.websec.saarland:0.0.0.0"
+      - "sub.sub.headers.websec.saarland:0.0.0.0"
+      - "headers.webappsec.eu:0.0.0.0"
+      - "sub.headers.webappsec.eu:0.0.0.0"
+      - "sub.sub.headers.webappsec.eu:0.0.0.0"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    environment:
+      DB_HOST: postgres
+      DB_PORT: 5432
+      DB_USER: header_user
+      DB_PASSWORD: header_password
+      DB_NAME: http_header_demo
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8443:8443"
+      - "9000:9000"
+    volumes:
+      - .:/app
+      - ./_hp/hp/tools/certs:/app/_hp/hp/tools/certs
+    cap_add:
+      - NET_BIND_SERVICE
+    restart: unless-stopped
+    command: [
+      "poetry", "run", "-C", "/app/_hp", "python", "/app/wpt", "serve", "--config", "/app/_hp/wpt-config.json"
+    ]
+
+volumes:
+  postgres_data:

entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -e
+
+# Wait for Postgres to be ready
+echo "Waiting for Postgres..."
+until pg_isready -h $DB_HOST -U $DB_USER -d $DB_NAME; do
+  sleep 2
+done
+
+# Run DB migrations / model setup
+echo "Initializing database schema..."
+poetry run python _hp/hp/tools/models.py
+cd _hp/hp/tools && poetry run python create_responses.py
+# Start server
+exec "$@"

tools/serve/serve.py

@@ -804,7 +804,8 @@ def start_http_server(logger, host, port, paths, routes, bind_address, config, *
                                      key_file=None,
                                      certificate=None,
                                      latency=kwargs.get("latency"))
-    except Exception:
+    except Exception as error:
+        logger.critical(f"start_http_server: Caught exception from wptserve.WebTestHttpd: {error}")
         startup_failed(logger)
 
 
@@ -822,7 +823,8 @@ def start_https_server(logger, host, port, paths, routes, bind_address, config,
                                      certificate=config.ssl_config["cert_path"],
                                      encrypt_after_connect=config.ssl_config["encrypt_after_connect"],
                                      latency=kwargs.get("latency"))
-    except Exception:
+    except Exception as error:
+        logger.critical(f"start_https_server: Caught exception from wptserve.WebTestHttpd: {error}")
         startup_failed(logger)
 
 
@@ -843,7 +845,8 @@ def start_http2_server(logger, host, port, paths, routes, bind_address, config,
                                      encrypt_after_connect=config.ssl_config["encrypt_after_connect"],
                                      latency=kwargs.get("latency"),
                                      http2=True)
-    except Exception:
+    except Exception as error:
+        logger.critical(f"start_http2_server: Caught exception from wptserve.WebTestHttpd: {error}")
         startup_failed(logger)
 
 
@@ -910,7 +913,8 @@ def start_ws_server(logger, host, port, paths, routes, bind_address, config, **k
                                config.paths["ws_doc_root"],
                                bind_address,
                                ssl_config=None)
-    except Exception:
+    except Exception as error:
+        logger.critical(f"start_ws_server: Caught exception from WebSocketDaemon: {error}")
         startup_failed(logger)
 
 
@@ -922,7 +926,8 @@ def start_wss_server(logger, host, port, paths, routes, bind_address, config, **
                                config.paths["ws_doc_root"],
                                bind_address,
                                config.ssl_config)
-    except Exception:
+    except Exception as error:
+        logger.critical(f"start_wss_server: Caught exception from WebSocketDaemon: {error}")
         startup_failed(logger)