Docker-based test servers for network-related Qt autotests

The existing network test server has some limitations. Most notably, it
is not accessible by every Qt developer. Also, some services don't allow
simultaneous access, which causes flaky test results.

Instead of centralizing all the services to one physical machine, the
idea is to build up several dedicated servers inside separate Docker
containers.

1. Create testserver.pri and integrate it into the make check command of
   Qt Test.

2. Define QT_TEST_SERVER flag for changing test parameters at compile
   time.

Task-number: QTQAINFRA-1686
Change-Id: I0422ddb97eb8c11b4818771454851d19671253b1
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
Reviewed-by: Ryan Chu <ryan.chu@qt.io>

32 files changed, 1021 insertions, 0 deletions

diff --git a/tests/auto/network-settings.h b/tests/auto/network-settings.h
index 16966ced4e..85f93120b1 100644
--- a/tests/auto/network-settings.h
+++ b/tests/auto/network-settings.h
@@ -27,6 +27,7 @@
 ****************************************************************************/
 
 #include <QString>
+#include <QtTest/QtTest>
 #ifdef QT_NETWORK_LIB
 #include <QtNetwork/QHostInfo>
 #include <QtNetwork/QHostAddress>
@@ -50,7 +51,11 @@ public:
     }
     static QString serverDomainName()
     {
+#ifdef QT_TEST_SERVER_DOMAIN
+        return QString(QT_TEST_SERVER_DOMAIN); // Defined in testserver feature
+#else
         return QString("qt-test-net");
+#endif
     }
     static QString serverName()
     {
@@ -137,6 +142,20 @@ public:
         return true;
     }
 
+    static bool verifyConnection(QString serverName, quint16 port, quint32 retry = 10)
+    {
+        QTcpSocket socket;
+        for (quint32 i = 1; i < retry; i++) {
+            socket.connectToHost(serverName, port);
+            if (socket.waitForConnected(1000))
+                return true;
+            // Wait for service to start up
+            QTest::qWait(1000);
+        }
+        socket.connectToHost(serverName, port);
+        return socket.waitForConnected(1000);
+    }
+
     // Helper function for usage with QVERIFY2 on sockets.
     static QByteArray msgSocketError(const QAbstractSocket &s)
     {
diff --git a/tests/auto/testserver.pri b/tests/auto/testserver.pri
new file mode 100644
index 0000000000..6a2e6b9d91
--- /dev/null
+++ b/tests/auto/testserver.pri
@@ -0,0 +1,104 @@
+# Integrating docker-based test servers into Qt Test framework
+#
+# This file adds support for docker-based test servers built by testcase
+# projects that need them. To enable this feature, any automated test can
+# include testserver.pri in its project file. This instructs qmake to insert
+# additional targets into the generated Makefile. The 'check' target then brings
+# up test servers before running the testcase, and shuts them down afterwards.
+#
+# TESTSERVER_COMPOSE_FILE
+# - Contains the path of docker-compose file
+# This configuration file defines the services used for autotests. It tells the
+# docker engine how to build up the docker images and containers. In qtbase, a
+# shared docker-compose file is located in the tests folder.
+# Example: TESTSERVER_COMPOSE_FILE = \
+#              $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose.yml
+#
+# The user must run the provisioning scripts in advance before attempting to
+# build the test servers. The docker_testserver.sh script is used to build up
+# the docker images into the docker-cache. It handles the immutable parts of the
+# server installation that rarely need adjustment, such as downloading packages.
+# Example: qt5/coin/provisioning/.../testserver/docker_testserver.sh
+#
+# QT_TEST_SERVER_LIST
+# - A list of test servers to bring up for this testcase
+# These test servers should be defined in $$TESTSERVER_COMPOSE_FILE. Each
+# testcase can define the test servers it depends on.
+# Example: QT_TEST_SERVER_LIST = apache2 squid vsftpd ftp-proxy danted
+#
+# Pre-processor defines needed for the application:
+# QT_TEST_SERVER
+# - A preprocessor macro used for testcase to change testing parameters at
+#   compile time
+# This macro is predefined for docker-based test servers and is passed as a
+# compiler option (-DQT_TEST_SERVER). The testcase can then check whether
+# docker-based servers are in use and change the testing parameters, such as
+# host name or port number, at compile time. An example can be found in
+# network-settings.h.
+#
+# Example:
+# #if defined(QT_TEST_SERVER)
+#     Change the testing parameters at compile time
+# #endif
+#
+# QT_TEST_SERVER_DOMAIN
+# - A preprocessor macro that holds the server domain name
+# Provided for the helper functions in network-settings.h. Use function
+# serverDomainName() in your application instead.
+#
+# Additional make targets:
+# 1. check_network - A renamed target from the check target of testcase feature.
+# 2. testserver_clean - Clean up server containers/images and tidy away related
+#    files.
+
+TESTSERVER_COMPOSE_FILE = $$dirname(_QMAKE_CONF_)/tests/testserver/docker-compose.yml
+TESTSERVER_VERSION = $$system(docker-compose --version)
+TESTSERVER_IMAGES = $$system(docker images -aq "qt-test-server-*")
+
+equals(QMAKE_HOST.os, Windows)|isEmpty(TESTSERVER_VERSION) {
+    # Make check with server "qt-test-server.qt-test-net" as a fallback
+    message("testserver: qt-test-server.qt-test-net")
+} else {
+    # Make check with test servers
+    message("testserver:" $$TESTSERVER_VERSION)
+
+    # Ensure that the docker-compose file is provided. It is a configuration
+    # file which is mandatory for all docker-compose commands. You can get more
+    # detail from the description of TESTSERVER_COMPOSE_FILE above. There is
+    # also an example showing how to configure it manually.
+    isEmpty(TESTSERVER_COMPOSE_FILE): error("Project variable 'TESTSERVER_COMPOSE_FILE' is not set")
+
+    # Before starting the test servers, it requires the user to run the setup
+    # script (coin/provisioning/.../testserver/docker_testserver.sh) in advance.
+    isEmpty(TESTSERVER_IMAGES): error("Docker image qt-test-server-* not found")
+
+    # The domain name is relevant to https keycert (qnetworkreply/crts/qt-test-net-cacert.pem).
+    DNSDOMAIN = test-net.qt
+    TEST_ENV += TESTSERVER_DOMAIN=$$DNSDOMAIN
+    DEFINES += QT_TEST_SERVER QT_TEST_SERVER_DOMAIN=$$shell_quote(\"$${DNSDOMAIN}\")
+
+    # There is no docker bridge on macOS. It is impossible to ping a container.
+    # Docker docs recommends using port mapping to connect to a container.
+    equals(QMAKE_HOST.os, Darwin): TEST_ENV += TESTSERVER_BIND_LOCAL=1
+
+    # Rename the check target of testcase feature
+    check.target = check_network
+    testserver_test.target = check
+
+    # Bring up test servers and make sure the services are ready.
+    testserver_test.commands = $$TEST_ENV docker-compose -f $$TESTSERVER_COMPOSE_FILE up -d \
+                               --force-recreate --timeout 1 $${QT_TEST_SERVER_LIST} &&
+
+    # Check test cases with docker-based test servers.
+    testserver_test.commands += $(MAKE) check_network;
+
+    # Stop and remove test servers after testing.
+    testserver_test.commands += $$TEST_ENV docker-compose -f $$TESTSERVER_COMPOSE_FILE down \
+                                --timeout 1
+
+    # Destroy test servers and tidy away related files.
+    testserver_clean.commands = $$TEST_ENV docker-compose -f $$TESTSERVER_COMPOSE_FILE down \
+                                --rmi all
+
+    QMAKE_EXTRA_TARGETS += testserver_test testserver_clean
+}
diff --git a/tests/testserver/apache2/apache2.sh b/tests/testserver/apache2/apache2.sh
new file mode 100755
index 0000000000..4b0c74e2c4
--- /dev/null
+++ b/tests/testserver/apache2/apache2.sh
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package apache2
+
+# add users
+useradd httptest; echo "httptest:httptest" | chpasswd
+
+# enable apache2 module
+/usr/sbin/a2enmod ssl dav_fs headers deflate auth_digest cgi
+
+# enable apache2 config
+cp $TESTDATA/{main,security,ssl,dav}.conf /etc/apache2/conf-available/
+/usr/sbin/a2enconf main security ssl dav
+
+# install configurations and test data
+cp $TESTDATA/deflate.conf /etc/apache2/mods-available/
+mkdir -p -m 1777 /home/writeables/dav # dav.conf
+a2dissite '*' # disable all of the default apache2 sites
+
+# Populate the web-site:
+su $USER -c "cp -r $TESTDATA/www ~/www"
+
+# tst_QNetworkReply::getFromHttp(success-internal)
+su $USER -c "cp rfc3252.txt ~/www/htdocs/"; rm rfc3252.txt
+
+# tst_QNetworkReply::synchronousRequest_data()
+su $USER -c "mkdir -p ~/www/htdocs/deflate/"
+su $USER -c "ln -s ~/www/htdocs/rfc3252.txt ~/www/htdocs/deflate/"
+
+# tst_QNetworkReply::headFromHttp(with-authentication)
+su $USER -c "ln -s ~/www/htdocs/rfc3252.txt ~/www/htdocs/rfcs-auth/"
+
+# Duplicate rfc3252.txt 20 times for bigfile tests:
+su $USER -c "seq 20 | xargs -i cat ~/www/htdocs/rfc3252.txt >> ~/www/htdocs/bigfile"
+
+# tst_QNetworkReply::postToHttp(empty)
+su $USER -c "ln -s ~/www/htdocs/protected/cgi-bin/md5sum.cgi ~/www/cgi-bin/"
+
+# tst_QNetworkReply::lastModifiedHeaderForHttp() expects this time-stamp:
+touch -d "2007-05-22 12:04:57 GMT" /home/$USER/www/htdocs/fluke.gif
+
+# Create 10MB file for use by tst_Q*::downloadBigFile and interruption tests:
+su $USER -c "/bin/dd if=/dev/zero of=~/www/htdocs/mediumfile bs=1 count=0 seek=10000000"
+
+# enable service with installed configurations
+service apache2 restart
diff --git a/tests/testserver/apache2/testdata/dav.conf b/tests/testserver/apache2/testdata/dav.conf
new file mode 100644
index 0000000000..c207c2734b
--- /dev/null
+++ b/tests/testserver/apache2/testdata/dav.conf
@@ -0,0 +1,7 @@
+Alias /dav /home/writeables/dav
+<Location /dav>
+    DAV On
+    order allow,deny
+    allow from all
+    Require all granted
+</Location>
diff --git a/tests/testserver/apache2/testdata/deflate.conf b/tests/testserver/apache2/testdata/deflate.conf
new file mode 100644
index 0000000000..6a15701d49
--- /dev/null
+++ b/tests/testserver/apache2/testdata/deflate.conf
@@ -0,0 +1,5 @@
+# The default configuration will turn on DEFLATE for files served up
+# from everywhere.
+#
+# For testing purposes, we want DEFLATE off by default, and on only for
+# specific paths (which is set elsewhere).
diff --git a/tests/testserver/apache2/testdata/main.conf b/tests/testserver/apache2/testdata/main.conf
new file mode 100644
index 0000000000..5cfa544623
--- /dev/null
+++ b/tests/testserver/apache2/testdata/main.conf
@@ -0,0 +1,56 @@
+ServerName apache2.test-net.qt:80
+
+NameVirtualHost *:443
+
+<VirtualHost *:80>
+</VirtualHost>
+
+<VirtualHost *:443>
+SSLEngine On
+CustomLog /var/log/apache2/ssl_access.log combined
+ErrorLog /var/log/apache2/ssl_error.log
+</VirtualHost>
+
+# default ubuntu config turns off SSLv2 because it is deprecated.
+# Turn it back on so we can test it.
+SSLProtocol all
+
+DocumentRoot /home/qt-test-server/www/htdocs
+ScriptAlias /qtest/cgi-bin/ "/home/qt-test-server/www/cgi-bin/"
+ScriptAlias /qtest/protected/cgi-bin/ "/home/qt-test-server/www/htdocs/protected/cgi-bin/"
+Alias /qtest "/home/qt-test-server/www/htdocs/"
+
+<Directory "/home/qt-test-server/www/htdocs">
+    Require all granted
+</Directory>
+
+<Directory "/home/qt-test-server/www/htdocs/rfcs-auth">
+    AuthType Basic
+    AuthName "Restricted Files"
+    AuthUserFile /home/qt-test-server/passwords
+    Require user httptest
+</Directory>
+
+<Directory "/home/qt-test-server/www/htdocs/auth-digest">
+    AuthType Digest
+    AuthName "Digest testing"
+    AuthDigestProvider file
+    AuthUserFile /home/qt-test-server/www/htdocs/digest-authfile
+    Require user httptest
+</Directory>
+
+<Directory "/home/qt-test-server/www/htdocs/deflate">
+    AddOutputFilterByType DEFLATE text/html text/plain text/xml
+    Header append Vary User-Agent env=!dont-vary
+</Directory>
+
+<Directory "/home/qt-test-server/www/cgi-bin">
+    Options +ExecCGI -Includes
+    AddHandler cgi-script .cgi .pl
+    Require all granted
+</Directory>
+
+
+<Directory "/home/qt-test-server/www/htdocs/protected/">
+    AllowOverride AuthConfig Options
+</Directory>
diff --git a/tests/testserver/apache2/testdata/security.conf b/tests/testserver/apache2/testdata/security.conf
new file mode 100644
index 0000000000..30a8ee3765
--- /dev/null
+++ b/tests/testserver/apache2/testdata/security.conf
@@ -0,0 +1,51 @@
+#
+# Disable access to the entire file system except for the directories that
+# are explicitly allowed later.
+#
+# This currently breaks the configurations that come with some web application
+# Debian packages. It will be made the default for the release after lenny.
+#
+#<Directory />
+#    AllowOverride None
+#    Order Deny,Allow
+#    Deny from all
+#</Directory>
+
+
+# Changing the following options will not really affect the security of the
+# server, but might make attacks slightly more difficult in some cases.
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+#ServerTokens Minimal
+ServerTokens OS
+#ServerTokens Full
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+#ServerSignature Off
+ServerSignature On
+
+#
+# Allow TRACE method
+#
+# Set to "extended" to also reflect the request body (only for testing and
+# diagnostic purposes).
+#
+# Set to one of:  On | Off | extended
+#
+#TraceEnable Off
+TraceEnable On
+
diff --git a/tests/testserver/apache2/testdata/ssl.conf b/tests/testserver/apache2/testdata/ssl.conf
new file mode 100644
index 0000000000..d6bbaf0da0
--- /dev/null
+++ b/tests/testserver/apache2/testdata/ssl.conf
@@ -0,0 +1,2 @@
+SSLCertificateFile /home/qt-test-server/ssl-certs/qt-test-server-cert.pem
+SSLCertificateKeyFile /home/qt-test-server/ssl-certs/private/qt-test-server-key.pem
diff --git a/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi b/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi
new file mode 100755
index 0000000000..16315a3db6
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/cgi-bin/echo.cgi
@@ -0,0 +1,11 @@
+#!/usr/bin/perl
+
+if ($ENV{'REQUEST_METHOD'} eq "GET") {
+    $request = $ENV{'QUERY_STRING'};
+} elsif ($ENV{'REQUEST_METHOD'} eq "POST") {
+    read(STDIN, $request, $ENV{'CONTENT_LENGTH'}) || die "Could not get query\n";
+}
+
+print "Content-type: text/plain\n\n";
+print $request;
+
diff --git a/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html b/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html
new file mode 100644
index 0000000000..fa96496aa0
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/auth-digest/index.html
@@ -0,0 +1 @@
+digest authentication successful
diff --git a/tests/testserver/apache2/testdata/www/htdocs/digest-authfile b/tests/testserver/apache2/testdata/www/htdocs/digest-authfile
new file mode 100644
index 0000000000..99963901ce
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/digest-authfile
@@ -0,0 +1 @@
+httptest:Digest testing:5f68f4bc3cd2873a3d547558fe7d9782
diff --git a/tests/testserver/apache2/testdata/www/htdocs/fluke.gif b/tests/testserver/apache2/testdata/www/htdocs/fluke.gif
new file mode 100644
index 0000000000..6060cbd4d7
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/fluke.gif
diff --git a/tests/testserver/apache2/testdata/www/htdocs/index.html b/tests/testserver/apache2/testdata/www/htdocs/index.html
new file mode 100644
index 0000000000..abc1df188d
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/index.html
@@ -0,0 +1,3 @@
+<h1>Welcome to qt-test-server</h1>
+<img src="fluke.gif" alt="fluke">
+<p>This is a network test server. It serves as a caching ftp and http proxy, transparent http/socks5 proxy, imap, ftp and http server, and more.</p>
diff --git a/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi b/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi
new file mode 100755
index 0000000000..e580462b85
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/protected/cgi-bin/md5sum.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+echo "Content-type: text/plain";
+echo "Content-length: 33"
+echo
+md5sum | cut -f 1 -d " "
diff --git a/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html b/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html
new file mode 100644
index 0000000000..472e6ce55d
--- /dev/null
+++ b/tests/testserver/apache2/testdata/www/htdocs/rfcs-auth/index.html
@@ -0,0 +1 @@
+you found the secret
diff --git a/tests/testserver/common/ssl.sh b/tests/testserver/common/ssl.sh
new file mode 100755
index 0000000000..8a4728ad4d
--- /dev/null
+++ b/tests/testserver/common/ssl.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package ssl
+
+# install ssl_certs and test data
+su $USER -c "mkdir -p -m 700 ~/ssl-certs/private"
+su $USER -c "cp $CONFIG/ssl/qt-test-server-cert.pem ~/ssl-certs/"
+su $USER -c "cp $CONFIG/ssl/private/qt-test-server-key.pem ~/ssl-certs/private/"
diff --git a/tests/testserver/common/startup.sh b/tests/testserver/common/startup.sh
new file mode 100755
index 0000000000..10847d3524
--- /dev/null
+++ b/tests/testserver/common/startup.sh
@@ -0,0 +1,52 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# export variables
+export USER=qt-test-server
+export PASS=password
+export CONFIG=common/testdata
+export TESTDATA=service/testdata
+
+# add users
+useradd -m -s /bin/bash $USER; echo "$USER:$PASS" | chpasswd
+
+# install configurations and test data
+su $USER -c "cp $CONFIG/system/passwords ~/"
+
+# modules initialization (apache2.sh, ftp-proxy.sh ...)
+for RUN_CMD
+do $RUN_CMD
+done
+
+# keep-alive in docker detach mode
+sleep infinity
diff --git a/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem b/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem
new file mode 100644
index 0000000000..8b7ce5811a
--- /dev/null
+++ b/tests/testserver/common/testdata/ssl/private/qt-test-server-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDNqttv1jTJp/HAvuRBGBniAski5qfVugMunih69F8ad193qRE7
+j37wLsae6zrZEtfBDFHoJFI/I8NCDBHG8hyhQv60wmmDrfdwsRgVzCAoYjDwLBXm
+Mxmvw+scwJH3EWiUUPhJNwgy1z5136O8aQAV3s2HD1wCa4LIAX1q8B3ccwIDAQAB
+AoGAGiDou+6UykHB3uDhkruDHkmIUBzJmceF+/gv4F8Hbg9YW5VpEQ4L7Guk5C+y
+TD2ul2H/TeS/ZjIe7lcmMwYzSLcyeKfaiaV1EhPGjIdvB4ysTN79pfWXQtlpt/Z9
+I/EOoW9XosJ/EOFdpgV0MC9QMTQKMyS0qQLwhBsoAW4DcEECQQDmrWEPNprbEDIH
+Sm+KlMH6rdybIvzR3IPlYE6kMjQIWbUmGNxSUT7B/UDh2QeaTT54Rb1Ygnq7gVjC
+RHU3wnGxAkEA5D6jI/E/xtQSq0KKVpbOxN1dIo0MVPbO/hI7/pO2DdZIM0O4GL55
+ks83O5ZDTfrVy2Ys/9lqbbq+5FSs+NZ1YwJBANzAXRsO+YDcbdP2Uun+0+fOjEhW
+YjV/XyWaVYfil1LKboXn0qhgIbvJXVcEt7bdZwP4UWwracKY1NUMaFSVGvECQQC/
+L3iX8szpT1sT+XjHbytj28jX2C4sPVDFoaB/bltg280+o8rhbyuGvewWDZfzCdlr
+tvqalROBNpwPxp3dEkbhAkEAl7N7/7hWbw7Xv69ww7i0jcPduukbtbEY1DTmARhR
+rOF5AiztOAe+R94iLzkj63ZU0LcoSAixehp2tdkdtTI4CQ==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem b/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem
new file mode 100644
index 0000000000..dae5641a88
--- /dev/null
+++ b/tests/testserver/common/testdata/ssl/qt-test-server-cert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICiTCCAfICCQCqBnF3SPSY7jANBgkqhkiG9w0BAQQFADCBiDELMAkGA1UEChMC
+UXQxGTAXBgNVBAsTEENvcmUgQW5kIE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5v
+Ym9keS5xdC5pbzENMAsGA1UEBxMET3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UE
+BhMCTk8xFjAUBgNVBAMUDSoudGVzdC1uZXQucXQwHhcNMTgwMzEzMDkyNjQ0WhcN
+NDgwMzA1MDkyNjQ0WjCBiDELMAkGA1UEChMCUXQxGTAXBgNVBAsTEENvcmUgQW5k
+IE5ldHdvcmsxGzAZBgkqhkiG9w0BCQEWDG5vYm9keS5xdC5pbzENMAsGA1UEBxME
+T3NsbzENMAsGA1UECBMET3NsbzELMAkGA1UEBhMCTk8xFjAUBgNVBAMUDSoudGVz
+dC1uZXQucXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM2q22/WNMmn8cC+
+5EEYGeICySLmp9W6Ay6eKHr0Xxp3X3epETuPfvAuxp7rOtkS18EMUegkUj8jw0IM
+EcbyHKFC/rTCaYOt93CxGBXMIChiMPAsFeYzGa/D6xzAkfcRaJRQ+Ek3CDLXPnXf
+o7xpABXezYcPXAJrgsgBfWrwHdxzAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAwNhw
+aKznTaMj6JeHP/kEEwMppRkNjmh4ECdQfT9vYNs45UKSAvCa1dn6ZBZKIdhqKCLn
+U2qiIS2783IoisRjFtg8x70S13EsBw/yEL/av+Ca1gQHOIFrOuLqwYbslTHrRXRA
+RPzHOl3ZP9FD3mPZ8jyzxYs4x5EM0X26FkAR078=
+-----END CERTIFICATE-----
diff --git a/tests/testserver/common/testdata/system/passwords b/tests/testserver/common/testdata/system/passwords
new file mode 100644
index 0000000000..4e911b3f0e
--- /dev/null
+++ b/tests/testserver/common/testdata/system/passwords
@@ -0,0 +1,12 @@
+# user: foo; passwd: bar
+foo:bab.5ZXQdbvEo
+
+# user: qsockstest; passwd: qsockstest
+#qsockstest:S7oOqMpoG6aTk
+
+# user: qsockstest; passwd: password
+qsockstest:Cd3Lv2aD0aiBs
+
+#user httptest password httptest
+httptest:v2fwkDMgrRjRA
+# added by mgoetz for tst_qnetworkreply ioPostToHttpFromSocket
diff --git a/tests/testserver/danted/danted.sh b/tests/testserver/danted/danted.sh
new file mode 100755
index 0000000000..bf3d154f33
--- /dev/null
+++ b/tests/testserver/danted/danted.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package dante-server
+
+# add users
+useradd -d /dev/null -s /bin/false qsockstest; echo "qsockstest:$PASS" | chpasswd
+
+# install configurations and test data
+cp $TESTDATA/danted{,-authenticating}.conf /etc/
+
+# enable service with installed configurations
+service danted start
+service danted-authenticating start
diff --git a/tests/testserver/danted/testdata/danted-authenticating.conf b/tests/testserver/danted/testdata/danted-authenticating.conf
new file mode 100644
index 0000000000..ccb4acc801
--- /dev/null
+++ b/tests/testserver/danted/testdata/danted-authenticating.conf
@@ -0,0 +1,19 @@
+# A sample danted-authenticating.conf
+# See: https://www.inet.no/dante/doc/1.4.x/config/
+logoutput: /var/log/sockd-authenticating.log
+internal: eth0 port = 1081
+external: eth0
+method: username
+user.privileged: root
+user.notprivileged: nobody
+user.libwrap: nobody
+
+client pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: error connect disconnect
+}
+
+pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: error connect disconnect
+}
diff --git a/tests/testserver/danted/testdata/danted.conf b/tests/testserver/danted/testdata/danted.conf
new file mode 100644
index 0000000000..bd0e6a8343
--- /dev/null
+++ b/tests/testserver/danted/testdata/danted.conf
@@ -0,0 +1,19 @@
+# A sample danted.conf
+# See: https://www.inet.no/dante/doc/1.4.x/config/
+logoutput: /var/log/sockd.log
+internal: eth0 port = 1080
+external: eth0
+method: username none
+user.privileged: proxy
+user.notprivileged: nobody
+user.libwrap: nobody
+
+client pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: error connect disconnect
+}
+
+pass {
+    from: 0.0.0.0/0 to: 0.0.0.0/0
+    log: error connect disconnect
+}
diff --git a/tests/testserver/docker-compose.yml b/tests/testserver/docker-compose.yml
new file mode 100644
index 0000000000..334818bc9b
--- /dev/null
+++ b/tests/testserver/docker-compose.yml
@@ -0,0 +1,89 @@
+version: '3.4'
+
+x-domains:
+    &testdomain
+    ${TESTSERVER_DOMAIN:-test-net.qt}
+
+# The tag of images is used by docker compose file to launch the corresponding
+# docker containers. The value of tag comes from the provisioning script
+# (coin/provisioning/.../testserver/docker_testserver.sh). The script gets SHA-1
+# of each server context as the tag of docker images. If one of the server
+# contexts gets changes, please make sure to update this compose file as well.
+# You can run command 'docker images' to list all the tag of test server images.
+# For example:
+# REPOSITORY              TAG                                       IMAGE ID
+# qt-test-server-apache2  e2a70c8b169c204e762b375885bd3a26cc40ba48  2ad5c8720317
+
+services:
+    apache2:
+        image: qt-test-server-apache2:e2a70c8b169c204e762b375885bd3a26cc40ba48
+        container_name: qt-test-server-apache2
+        domainname: *testdomain
+        hostname: apache2
+        volumes:
+            - ./common:/common:ro
+            - ./apache2:/service:ro
+        entrypoint: common/startup.sh
+        command: [common/ssl.sh, service/apache2.sh]
+
+    squid:
+        image: qt-test-server-squid:276768104d3bbf097f4f3d9f3dc472a067852094
+        container_name: qt-test-server-squid
+        domainname: *testdomain
+        hostname: squid
+        depends_on:
+            - apache2
+        external_links:
+            - apache2:apache2.test-net.qt
+        volumes:
+            - ./common:/common:ro
+            - ./squid:/service:ro
+        entrypoint: common/startup.sh
+        command: service/squid.sh
+
+    vsftpd:
+        image: qt-test-server-vsftpd:ab7ecdbbace1bce7642a92ce04e9051c7630376c
+        container_name: qt-test-server-vsftpd
+        domainname: *testdomain
+        hostname: vsftpd
+        depends_on:
+            - squid
+        volumes:
+            - ./common:/common:ro
+            - ./vsftpd:/service:ro
+        entrypoint: common/startup.sh
+        command: service/vsftpd.sh
+
+    ftp-proxy:
+        image: qt-test-server-ftp-proxy:4c5734fe60eb450cbf8a96165f67cba19851ec12
+        container_name: qt-test-server-ftp-proxy
+        domainname: *testdomain
+        hostname: ftp-proxy
+        depends_on:
+            - vsftpd
+        external_links:
+            - vsftpd:vsftpd.test-net.qt
+        volumes:
+            - ./common:/common:ro
+            - ./ftp-proxy:/service:ro
+        entrypoint: common/startup.sh
+        command: service/ftp-proxy.sh
+
+    danted:
+        image: qt-test-server-danted:8404549745b5601ec3d22dc019258b70438864de
+        container_name: qt-test-server-danted
+        domainname: *testdomain
+        hostname: danted
+        depends_on:
+            - apache2
+            - vsftpd
+            - ftp-proxy
+        external_links:
+            - apache2:apache2.test-net.qt
+            - vsftpd:vsftpd.test-net.qt
+            - ftp-proxy:ftp-proxy.test-net.qt
+        volumes:
+            - ./common:/common:ro
+            - ./danted:/service:ro
+        entrypoint: common/startup.sh
+        command: service/danted.sh
diff --git a/tests/testserver/ftp-proxy/ftp-proxy.sh b/tests/testserver/ftp-proxy/ftp-proxy.sh
new file mode 100755
index 0000000000..087a7b7bcc
--- /dev/null
+++ b/tests/testserver/ftp-proxy/ftp-proxy.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package ftp-proxy
+
+# install configurations and test data
+sed -i 's/# AllowMagicUser\tno/AllowMagicUser\tyes/' /etc/proxy-suite/ftp-proxy.conf
+
+# enable service with installed configurations
+ftp-proxy -d
diff --git a/tests/testserver/squid/squid.sh b/tests/testserver/squid/squid.sh
new file mode 100755
index 0000000000..8e413f2f14
--- /dev/null
+++ b/tests/testserver/squid/squid.sh
@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package squid
+
+# install configurations and test data
+cp $TESTDATA/squid{,-authenticating-ntlm}.conf /etc/squid/
+sed -e 's,NAME=squid,NAME=squid-authenticating-ntlm,' \
+    -e 's,CONFIG=/etc/squid/squid.conf,CONFIG=/etc/squid/squid-authenticating-ntlm.conf,' \
+    -e 's,SQUID_ARGS="-YC -f $CONFIG",SQUID_ARGS="-D -YC -f $CONFIG",' \
+    /etc/init.d/squid >/etc/init.d/squid-authenticating-ntlm
+chmod +x /etc/init.d/squid-authenticating-ntlm
+
+# enable service with installed configurations
+service squid start
+service squid-authenticating-ntlm start
diff --git a/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf b/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf
new file mode 100644
index 0000000000..55a74498e9
--- /dev/null
+++ b/tests/testserver/squid/testdata/squid-authenticating-ntlm.conf
@@ -0,0 +1,41 @@
+pid_filename /var/run/squid-authenticating-ntlm.pid
+access_log /var/log/squid/access-authenticating-ntlm.log
+cache_log /var/log/squid/cache-authenticating-ntlm.log
+cache_store_log /var/log/squid/store-authenticating-ntlm.log
+http_port 3130
+hierarchy_stoplist cgi-bin ?
+acl QUERY urlpath_regex cgi-bin \?
+no_cache deny QUERY
+refresh_pattern ^ftp:        1440    20%    10080
+refresh_pattern ^gopher:    1440    0%    1440
+refresh_pattern .        0    20%    4320
+acl port3130 myport 3130
+acl manager proto cache_object
+acl localhost src 127.0.0.1/255.255.255.255
+acl to_localhost dst 127.0.0.0/8
+acl SSL_ports port 443 563
+acl Safe_ports port 80         # http
+acl Safe_ports port 21         # ftp
+acl Safe_ports port 443 563    # https, snews
+acl Safe_ports port 70         # gopher
+acl Safe_ports port 210        # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280        # http-mgmt
+acl Safe_ports port 488        # gss-http
+acl Safe_ports port 591        # filemaker
+acl Safe_ports port 777        # multiling http
+acl CONNECT method CONNECT
+http_access allow manager localhost
+http_access deny manager
+http_access allow localhost
+
+
+# port 3130: ntlm auth
+auth_param ntlm program /usr/lib/squid/ntlm_smb_lm_auth --debuglevel=5 --logfile=/var/log/ntlm --log-basename=/var/log/ntlm --helper-protocol=squid-2.5-ntlmssp
+auth_param ntlm children 2
+acl ntlm_users proxy_auth REQUIRED
+http_access allow port3130 ntlm_users
+http_reply_access allow port3130 ntlm_users
+
+icp_access allow all
+coredump_dir /var/cache/squid
diff --git a/tests/testserver/squid/testdata/squid.conf b/tests/testserver/squid/testdata/squid.conf
new file mode 100644
index 0000000000..da1b13af8c
--- /dev/null
+++ b/tests/testserver/squid/testdata/squid.conf
@@ -0,0 +1,46 @@
+http_port 3128
+http_port 3129
+hierarchy_stoplist cgi-bin ?
+acl QUERY urlpath_regex cgi-bin \?
+no_cache deny QUERY
+refresh_pattern ^ftp:        1440    20%    10080
+refresh_pattern ^gopher:    1440    0%    1440
+refresh_pattern .        0    20%    4320
+acl port3128 myport 3128
+acl port3129 myport 3129
+acl manager proto cache_object
+acl localhost src 127.0.0.1/255.255.255.255
+acl to_localhost dst 127.0.0.0/8
+acl SSL_ports port 443 563
+acl Safe_ports port 80         # http
+acl Safe_ports port 21         # ftp
+acl Safe_ports port 443 563    # https, snews
+acl Safe_ports port 70         # gopher
+acl Safe_ports port 210        # wais
+acl Safe_ports port 1025-65535 # unregistered ports
+acl Safe_ports port 280        # http-mgmt
+acl Safe_ports port 488        # gss-http
+acl Safe_ports port 591        # filemaker
+acl Safe_ports port 777        # multiling http
+acl CONNECT method CONNECT
+http_access allow manager localhost
+http_access deny manager
+http_access allow localhost
+
+
+# port 3128: no auth required
+http_access allow port3128
+http_reply_access allow port3128
+
+# port 3129: basic auth
+auth_param basic program /usr/lib/squid/basic_ncsa_auth /home/qt-test-server/passwords
+auth_param basic children 5
+auth_param basic realm Squid proxy-caching web server
+auth_param basic credentialsttl 2 hours
+auth_param basic casesensitive off
+acl ncsa_users proxy_auth REQUIRED
+http_access allow port3129 ncsa_users
+http_reply_access allow port3129 ncsa_users
+
+icp_access allow all
+coredump_dir /var/cache/squid
diff --git a/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt b/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt
new file mode 100644
index 0000000000..235fa4d28b
--- /dev/null
+++ b/tests/testserver/vsftpd/testdata/ftp/pub/file-not-readable.txt
@@ -0,0 +1 @@
+If you can read this, you are too close.
diff --git a/tests/testserver/vsftpd/testdata/vsftpd.conf b/tests/testserver/vsftpd/testdata/vsftpd.conf
new file mode 100644
index 0000000000..6bdb186c9f
--- /dev/null
+++ b/tests/testserver/vsftpd/testdata/vsftpd.conf
@@ -0,0 +1,112 @@
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=YES
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+anon_upload_enable=YES
+anon_umask=022
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+anon_mkdir_write_enable=YES
+anon_other_write_enable=YES
+anon_world_readable_only=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=ftp
+#chown_groupname=ftp
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftpsecure
+#
+# Enable this and the server will recognize asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that on some FTP servers, ASCII support allows a denial of service
+# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
+# predicted this attack and has always been safe, reporting the size of the
+# raw file.
+# ASCII mangling is a horrible feature of the protocol.
+ascii_upload_enable=YES
+ascii_download_enable=YES
+#
+# You may fully customize the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd/banned_emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd/chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+ls_recurse_enable=YES
+
+pam_service_name=vsftpd
+userlist_enable=YES
+#enable for standalone mode
+listen=YES
+tcp_wrappers=YES
+
+# Enabling SFTP
+#ssl_enable=YES
+#allow_anon_ssl=YES
+#force_local_data_ssl=NO
+#force_local_logins_ssl=NO
+#ssl_tlsv1=YES
+#ssl_sslv2=NO
+#ssl_sslv3=NO
+#rsa_cert_file=/etc/vsftpd/vsftpd.pem
diff --git a/tests/testserver/vsftpd/testdata/vsftpd.user_list b/tests/testserver/vsftpd/testdata/vsftpd.user_list
new file mode 100644
index 0000000000..d283e3d260
--- /dev/null
+++ b/tests/testserver/vsftpd/testdata/vsftpd.user_list
@@ -0,0 +1,20 @@
+# vsftpd userlist
+# If userlist_deny=NO, only allow users in this file
+# If userlist_deny=YES (default), never allow users in this file, and
+# do not even prompt for a password.
+# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
+# for users that are denied.
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody
diff --git a/tests/testserver/vsftpd/vsftpd.sh b/tests/testserver/vsftpd/vsftpd.sh
new file mode 100755
index 0000000000..1ba1a8c347
--- /dev/null
+++ b/tests/testserver/vsftpd/vsftpd.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+#############################################################################
+##
+## Copyright (C) 2018 The Qt Company Ltd.
+## Contact: https://www.qt.io/licensing/
+##
+## This file is part of the test suite of the Qt Toolkit.
+##
+## $QT_BEGIN_LICENSE:GPL$
+## Commercial License Usage
+## Licensees holding valid commercial Qt licenses may use this file in
+## accordance with the commercial license agreement provided with the
+## Software or, alternatively, in accordance with the terms contained in
+## a written agreement between you and The Qt Company. For licensing terms
+## and conditions see https://www.qt.io/terms-conditions. For further
+## information use the contact form at https://www.qt.io/contact-us.
+##
+## GNU General Public License Usage
+## Alternatively, this file may be used under the terms of the GNU
+## General Public License version 3 or (at your option) any later version
+## approved by the KDE Free Qt Foundation. The licenses are as published by
+## the Free Software Foundation and appearing in the file LICENSE.GPL3
+## included in the packaging of this file. Please review the following
+## information to ensure the GNU General Public License requirements will
+## be met: https://www.gnu.org/licenses/gpl-3.0.html.
+##
+## $QT_END_LICENSE$
+##
+#############################################################################
+
+set -ex
+
+# package vsftpd
+
+# add users
+usermod -d "/home/$USER/ftp/" ftp #existing user
+useradd -d "/home/$USER/ftp" -s /bin/bash ftptest; echo "ftptest:$PASS" | chpasswd
+
+# install configurations and test data
+cp $TESTDATA/vsftpd.{conf,user_list} /etc/
+
+# Resolve error message "vsftpd failed - probably invalid config" during boot
+command='start-stop-daemon --start --background -m --oknodo --pidfile /var/run/vsftpd/vsftpd.pid'
+command+=' --exec ${DAEMON}'
+sed -i "s,$command.*$,$command; sleep 1," /etc/init.d/vsftpd
+
+# Populate the FTP sites:
+su $USER -c "cp -r $TESTDATA/ftp ~/ftp"
+ln -s /home/$USER/ftp /var/ftp
+
+# tst_QNetworkReply::getFromFtp_data()
+su $USER -c "mkdir -p ~/ftp/qtest/"
+su $USER -c "cp rfc3252.txt ~/ftp/qtest/"; rm rfc3252.txt
+
+# Duplicate rfc3252.txt 20 times for bigfile tests:
+su $USER -c "seq 20 | xargs -i cat ~/ftp/qtest/rfc3252.txt >> ~/ftp/qtest/bigfile"
+
+# tst_QNetworkReply::getErrors_data(), testdata with special permissions
+su $USER -c "chmod 0600 ~/ftp/pub/file-not-readable.txt"
+
+# Shared FTP folder (sticky bit)
+su $USER -c "mkdir -p -m 1777 ~/ftp/qtest/upload" # FTP incoming dir
+
+# enable service with installed configurations
+service vsftpd restart