Simple test using docker and pebble

docker-compose.yml

@@ -0,0 +1,41 @@
+version: '3'
+services:
+  pebble:
+    image: letsencrypt/pebble:latest
+    # TODO enable -strict
+    command: pebble -config /test/config/pebble-config.json # -dnsserver 10.30.50.3:8053
+    environment:
+      # with Go 1.13.x which defaults TLS 1.3 to on
+      GODEBUG: "tls13=1"
+    ports:
+      - 14000:14000  # HTTPS ACME API
+      - 15000:15000  # HTTPS Management API
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.2
+  challtestsrv:
+    image: letsencrypt/pebble-challtestsrv:latest
+    command: pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 10.30.50.3
+    ports:
+      - 8055:8055  # HTTP Management API
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.3
+  getssl:
+    build:
+      context: .
+      dockerfile: test/Dockerfile
+    container_name: getssl
+    volumes:
+      - .:/getssl
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.4
+
+networks:
+  acmenet:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: 10.30.50.0/24

test/Dockerfile

@@ -2,38 +2,29 @@ FROM ubuntu:bionic
 # bionic = latest 18 version
 
 # Update and install required software
-# https://packages.ubuntu.com/cosmic-updates/
 RUN apt-get update
-RUN apt-get install -y git curl dnsutils wget linux-libc-dev make gcc binutils nginx-light
-RUN apt-get install -y vim  # for debugging
+# TODO work out why default version of awk fails
+RUN apt-get install -y git curl dnsutils wget linux-libc-dev make gcc binutils nginx-light gawk
+RUN apt-get install -y vim dos2unix # for debugging
 # TODO test with drill, dig, host
 
 WORKDIR /root
 RUN mkdir /etc/nginx/pki
 RUN mkdir /etc/nginx/pki/private
-COPY test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default
+COPY ./test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default
 
-ARG noip_version=noip-2.1.9-1
-RUN wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz \
- && tar -zvxf noip-duc-linux.tar.gz \
- && cd ${noip_version} \
- && make
-#COPY no-ip2.conf /root/${noip_version}/no-ip2.conf
-#RUN /root/${noip_version}/noip2 -c /root/${noip_version}/no-ip2.conf
+# BATS (Bash Automated Testings)
+# RUN git clone https://github.com/bats-core/bats-core.git
+# RUN bats-core/install.sh /usr/local
 
-RUN git clone https://github.com/bats-core/bats-core.git
-RUN bats-core/install.sh /usr/local
-RUN git clone https://github.com/capitalone/bash_shell_mock.git
-# RUN bash_shell_mock/install.sh /usr/local
-# RUN git clone https://github.com/srvrco/getssl.git
-
-COPY ./getssl getssl
 COPY test/test-config/getssl-ubuntu.cfg getssl.cfg
 
 EXPOSE 80 443
-ENTRYPOINT /bin/bash
 
-# Testing
-# =======
-# docker build --rm -f "test/Dockerfile" -t 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest .
-# docker run --rm -it 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest
+# Run eternal loop - for testing
+CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]
+
+# with Pebble
+# docker-compose -f "test\docker-compose.yml" up -d --build
+# docker exec -it test_getssl /bin/bash
+# /getssl/test/run-test.sh

test/run-test.sh

@@ -0,0 +1,9 @@
+#! /bin/sh
+
+wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
+export CURL_CA_BUNDLE=/root/pebble.minica.pem
+
+service nginx start
+/getssl/getssl -c getssl
+cp getssl.cfg /root/.getssl/getssl
+/getssl/getssl getssl

test/test-config/getssl-ubuntu.cfg

@@ -6,7 +6,8 @@
 #CA="https://acme-staging.api.letsencrypt.org"
 # This server issues full certificates, however has rate limits
 #CA="https://acme-v01.api.letsencrypt.org"
-
+CA="https://pebble:14000/dir"
+SERVER_TYPE="5002"
 #PRIVATE_KEY_ALG="rsa"
 
 # Additional domains - this could be multiple domains / subdomains in a comma separated list

test/test-config/nginx-ubuntu-sites-enabled-default

@@ -14,13 +14,13 @@
 # Default server configuration
 #
 server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
+	listen 5002 default_server;
+	listen [::]:5002 default_server;
 
 	# SSL configuration
 	#
-	listen 443 ssl default_server;
-	listen [::]:443 ssl default_server;
+	listen 5001 ssl default_server;
+	listen [::]:5001 ssl default_server;
 	#
 	# Note: You should disable gzip for SSL traffic.
 	# See: https://bugs.debian.org/773332
@@ -39,8 +39,8 @@ server {
 	index index.html index.htm index.nginx-debian.html;
 
 	server_name _;
-    ssl_certificate /etc/nginx/pki/server.crt;
-    ssl_certificate_key /etc/nginx/pki/private/server.key;
+    # ssl_certificate /etc/nginx/pki/server.crt;
+    # ssl_certificate_key /etc/nginx/pki/private/server.key;
 
 	location / {
 		# First attempt to serve request as file, then