wip

.gitignore

@@ -0,0 +1,2 @@
+.history/
+.venv/

spotty.yaml

@@ -0,0 +1,29 @@
+project:
+    name: getssl-test
+    syncFilters:
+        - exclude:
+            - .git/*
+            - '*/__pycache__/*'
+            - .venv/*
+            - .history/*
+
+container:
+    projectDir: /workspace
+    file: test/Dockerfile
+    volumeMounts:
+        - name: workspace
+          mountPath: /workspace
+    # commands: <init script to run here>
+
+instances:
+    - name: m1
+      provider: aws
+      parameters:
+        region: eu-west-1
+        instanceType: m1.medium
+        amiId: ami-047bb4163c506cd98
+        maxPrice: 0.01
+        volumes:
+            - name: workspace
+              parameters:
+                size: 10

test/Dockerfile

@@ -0,0 +1,39 @@
+FROM ubuntu:bionic
+# bionic = latest 18 version
+
+# Update and install required software
+# https://packages.ubuntu.com/cosmic-updates/
+RUN apt-get update
+RUN apt-get install -y git curl dnsutils wget linux-libc-dev make gcc binutils nginx-light
+RUN apt-get install -y vim  # for debugging
+# TODO test with drill, dig, host
+
+WORKDIR /root
+RUN mkdir /etc/nginx/pki
+RUN mkdir /etc/nginx/pki/private
+COPY test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default
+
+ARG noip_version=noip-2.1.9-1
+RUN wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz \
+ && tar -zvxf noip-duc-linux.tar.gz \
+ && cd ${noip_version} \
+ && make
+#COPY no-ip2.conf /root/${noip_version}/no-ip2.conf
+#RUN /root/${noip_version}/noip2 -c /root/${noip_version}/no-ip2.conf
+
+RUN git clone https://github.com/bats-core/bats-core.git
+RUN bats-core/install.sh /usr/local
+RUN git clone https://github.com/capitalone/bash_shell_mock.git
+# RUN bash_shell_mock/install.sh /usr/local
+# RUN git clone https://github.com/srvrco/getssl.git
+
+COPY ./getssl getssl
+COPY test/test-config/getssl-ubuntu.cfg getssl.cfg
+
+EXPOSE 80 443
+ENTRYPOINT /bin/bash
+
+# Testing
+# =======
+# docker build --rm -f "test/Dockerfile" -t 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest .
+# docker run --rm -it 294541140870.dkr.ecr.eu-west-1.amazonaws.com/getssl:latest

test/README.md

@@ -0,0 +1,13 @@
+# Testing
+
+Create virtualenv
+    virtualenv -p python3 .venv
+
+Use virtualenv
+    source .venv\Scripts\activate
+
+Install spotty
+    pip install spotty
+
+Run tests using Dockerfile on an Amazon AWS t2.micro spot instance
+    spotty start

test/test-config/getssl-ubuntu.cfg

@@ -0,0 +1,48 @@
+# Uncomment and modify any variables you need
+# see https://github.com/srvrco/getssl/wiki/Config-variables for details
+# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
+#
+# The staging server is best for testing
+#CA="https://acme-staging.api.letsencrypt.org"
+# This server issues full certificates, however has rate limits
+#CA="https://acme-v01.api.letsencrypt.org"
+
+#PRIVATE_KEY_ALG="rsa"
+
+# Additional domains - this could be multiple domains / subdomains in a comma separated list
+# Note: this is Additional domains - so should not include the primary domain.
+SANS=""
+
+# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
+# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
+# An ssh key will be needed to provide you with access to the remote server.
+# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign.
+# If left blank, the username on the local server will be used to authenticate against the remote server.
+# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location
+# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge"
+# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
+ACL=('/var/www/html/.well-known/acme-challenge')
+#     'ssh:server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge'
+#     'ssh:sshuserid@server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge'
+#     'ftp:ftpuserid:ftppassword:getssltest.hopto.org:/web/.well-known/acme-challenge')
+
+#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
+USE_SINGLE_ACL="false"
+
+# Location for all your certs, these can either be on the server (full path name)
+# or using ssh /sftp as for the ACL
+DOMAIN_CERT_LOCATION="/etc/nginx/pki/server.crt"
+DOMAIN_KEY_LOCATION="/etc/nginx/pki/private/server.key"
+CA_CERT_LOCATION="/etc/nginx/pki/chain.crt"
+DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
+DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
+
+# The command needed to reload apache / nginx or whatever you use
+RELOAD_CMD="service nginx restart"
+
+# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
+# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
+# will be checked for certificate expiry and also will be checked after
+# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
+#SERVER_TYPE="https"
+#CHECK_REMOTE="true"

test/test-config/nginx-ubuntu-sites-enabled-default

@@ -0,0 +1,88 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	listen 443 ssl default_server;
+	listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+    ssl_certificate /etc/nginx/pki/server.crt;
+    ssl_certificate_key /etc/nginx/pki/private/server.key;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php7.0-cgi alone:
+	#	fastcgi_pass 127.0.0.1:9000;
+	#	# With php7.0-fpm:
+	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#	listen 80;
+#	listen [::]:80;
+#
+#	server_name example.com;
+#
+#	root /var/www/example.com;
+#	index index.html;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}