From 02e4c45b78a6942b76b2b9b32fbbe4a73307642b Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 30 Dec 2019 15:45:50 +0000 Subject: [PATCH] Simple test using docker and pebble --- docker-compose.yml | 41 +++++++++++++++++++ test/Dockerfile | 37 +++++++---------- test/run-test.sh | 9 ++++ test/test-config/getssl-ubuntu.cfg | 3 +- .../nginx-ubuntu-sites-enabled-default | 12 +++--- 5 files changed, 72 insertions(+), 30 deletions(-) create mode 100644 docker-compose.yml create mode 100644 test/run-test.sh diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..0cb8a31 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,41 @@ +version: '3' +services: + pebble: + image: letsencrypt/pebble:latest + # TODO enable -strict + command: pebble -config /test/config/pebble-config.json # -dnsserver 10.30.50.3:8053 + environment: + # with Go 1.13.x which defaults TLS 1.3 to on + GODEBUG: "tls13=1" + ports: + - 14000:14000 # HTTPS ACME API + - 15000:15000 # HTTPS Management API + networks: + acmenet: + ipv4_address: 10.30.50.2 + challtestsrv: + image: letsencrypt/pebble-challtestsrv:latest + command: pebble-challtestsrv -defaultIPv6 "" -defaultIPv4 10.30.50.3 + ports: + - 8055:8055 # HTTP Management API + networks: + acmenet: + ipv4_address: 10.30.50.3 + getssl: + build: + context: . + dockerfile: test/Dockerfile + container_name: getssl + volumes: + - .:/getssl + networks: + acmenet: + ipv4_address: 10.30.50.4 + +networks: + acmenet: + driver: bridge + ipam: + driver: default + config: + - subnet: 10.30.50.0/24 diff --git a/test/Dockerfile b/test/Dockerfile index b208800..419d4d0 100644 --- a/test/Dockerfile +++ b/test/Dockerfile @@ -2,38 +2,29 @@ FROM ubuntu:bionic # bionic = latest 18 version # Update and install required software -# https://packages.ubuntu.com/cosmic-updates/ RUN apt-get update -RUN apt-get install -y git curl dnsutils wget linux-libc-dev make gcc binutils nginx-light -RUN apt-get install -y vim # for debugging +# TODO work out why default version of awk fails +RUN apt-get install -y git curl dnsutils wget linux-libc-dev make gcc binutils nginx-light gawk +RUN apt-get install -y vim dos2unix # for debugging # TODO test with drill, dig, host WORKDIR /root RUN mkdir /etc/nginx/pki RUN mkdir /etc/nginx/pki/private -COPY test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default +COPY ./test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default -ARG noip_version=noip-2.1.9-1 -RUN wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz \ - && tar -zvxf noip-duc-linux.tar.gz \ - && cd ${noip_version} \ - && make -#COPY no-ip2.conf /root/${noip_version}/no-ip2.conf -#RUN /root/${noip_version}/noip2 -c /root/${noip_version}/no-ip2.conf +# BATS (Bash Automated Testings) +# RUN git clone https://github.com/bats-core/bats-core.git +# RUN bats-core/install.sh /usr/local -RUN git clone https://github.com/bats-core/bats-core.git -RUN bats-core/install.sh /usr/local -RUN git clone https://github.com/capitalone/bash_shell_mock.git -# RUN bash_shell_mock/install.sh /usr/local -# RUN git clone https://github.com/srvrco/getssl.git - -COPY ./getssl getssl COPY test/test-config/getssl-ubuntu.cfg getssl.cfg EXPOSE 80 443 -ENTRYPOINT /bin/bash -# Testing -# ======= -# docker build --rm -f "test/Dockerfile" -t 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest . -# docker run --rm -it 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest +# Run eternal loop - for testing +CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] + +# with Pebble +# docker-compose -f "test\docker-compose.yml" up -d --build +# docker exec -it test_getssl /bin/bash +# /getssl/test/run-test.sh diff --git a/test/run-test.sh b/test/run-test.sh new file mode 100644 index 0000000..5e0ba8d --- /dev/null +++ b/test/run-test.sh @@ -0,0 +1,9 @@ +#! /bin/sh + +wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem +export CURL_CA_BUNDLE=/root/pebble.minica.pem + +service nginx start +/getssl/getssl -c getssl +cp getssl.cfg /root/.getssl/getssl +/getssl/getssl getssl diff --git a/test/test-config/getssl-ubuntu.cfg b/test/test-config/getssl-ubuntu.cfg index 8d7e5ad..a4db20f 100644 --- a/test/test-config/getssl-ubuntu.cfg +++ b/test/test-config/getssl-ubuntu.cfg @@ -6,7 +6,8 @@ #CA="https://acme-staging.api.letsencrypt.org" # This server issues full certificates, however has rate limits #CA="https://acme-v01.api.letsencrypt.org" - +CA="https://pebble:14000/dir" +SERVER_TYPE="5002" #PRIVATE_KEY_ALG="rsa" # Additional domains - this could be multiple domains / subdomains in a comma separated list diff --git a/test/test-config/nginx-ubuntu-sites-enabled-default b/test/test-config/nginx-ubuntu-sites-enabled-default index 380ba46..fe02c8d 100644 --- a/test/test-config/nginx-ubuntu-sites-enabled-default +++ b/test/test-config/nginx-ubuntu-sites-enabled-default @@ -14,13 +14,13 @@ # Default server configuration # server { - listen 80 default_server; - listen [::]:80 default_server; + listen 5002 default_server; + listen [::]:5002 default_server; # SSL configuration # - listen 443 ssl default_server; - listen [::]:443 ssl default_server; + listen 5001 ssl default_server; + listen [::]:5001 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 @@ -39,8 +39,8 @@ server { index index.html index.htm index.nginx-debian.html; server_name _; - ssl_certificate /etc/nginx/pki/server.crt; - ssl_certificate_key /etc/nginx/pki/private/server.key; + # ssl_certificate /etc/nginx/pki/server.crt; + # ssl_certificate_key /etc/nginx/pki/private/server.key; location / { # First attempt to serve request as file, then