Add RHEL6 tests, test dns and http

6 years ago · 5a3d9af911
--- a/dns_scripts/dns_add_challtestsrv
+++ b/dns_scripts/dns_add_challtestsrv
@ -0,0 +1,7 @@
 #!/usr/bin/env bash
 # Simple script to update the challtestserv mock DNS server when testing DNS responses

 fulldomain="${1}"
 token="${2}"

 curl -X POST -d "{\"host\":\"_acme-challenge.${fulldomain}.\", \"value\": \"${token}\"}" http://10.30.50.3:8055/set-txt
--- a/dns_scripts/dns_del_challtestsrv
+++ b/dns_scripts/dns_del_challtestsrv
@ -0,0 +1,6 @@
 #!/usr/bin/env bash
 # Simple script to update the challtestserv mock DNS server when testing DNS responses

 fulldomain="${1}"

 curl -X POST -d "{\"host\":\"_acme-challenge.${fulldomain}.\"}" http://10.30.50.3:8055/clear-txt
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,7 +3,7 @@ services:
  pebble:
    image: letsencrypt/pebble:latest
    # TODO enable -strict
    command: pebble -config /test/config/pebble-config.json # -dnsserver 10.30.50.3:8053
    command: pebble -config /test/config/pebble-config.json -dnsserver 10.30.50.3:8053
    environment:
      # with Go 1.13.x which defaults TLS 1.3 to on
      GODEBUG: "tls13=1"
@ -24,7 +24,7 @@ services:
  getssl:
    build:
      context: .
      dockerfile: test/Dockerfile
      dockerfile: test/Dockerfile-ubuntu
    container_name: getssl
    volumes:
      - .:/getssl
--- a/+ 3
+++ b/+ 3
@ -1415,7 +1415,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
    loop_limit=5
    while [[ "$code" -eq 500 ]]; do
      if [[ "$outfile" ]] ; then
        $CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > $outfile
        $CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
        response=$(cat "$outfile")
      elif [[ "$needbase64" ]] ; then
        response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" | urlbase64)
@ -1438,7 +1438,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
        response_status=$(json_get "$response" status \
                        | head -1| awk -F'"' '{print $2}')
      else # APIv2
        if [[ "$output" && "$response" ]]; then
        if [[ "$outfile" && "$response" ]]; then
          debug "response written to $outfile"
        elif [[ ${response##*()} == "{"* ]]; then
          response_status=$(json_get "$response" status)
@ -2131,7 +2131,7 @@ if [[ $API -eq 2 ]]; then
  for d in $alldomains; do
    dstring="${dstring}{\"type\":\"dns\",\"value\":\"$d\"},"
  done
  dstring="${dstring: : -1}]"
  dstring="${dstring::${#dstring}-1}]"
  # request NewOrder currently seems to ignore the dates ....
  #  dstring="${dstring},\"notBefore\": \"$(date -d "-1 hour" --utc +%FT%TZ)\""
  #  dstring="${dstring},\"notAfter\": \"$(date -d "2 days" --utc +%FT%TZ)\""
--- a/test/Dockerfile-rhel6
+++ b/test/Dockerfile-rhel6
@ -0,0 +1,28 @@
 # FROM ubuntu:xenial
 FROM roboxes/rhel6
 # FROM centos:centos6
 # bionic = latest 18 version

 # Update and install required software
 RUN yum -y update
 RUN yum -y install epel-release
 RUN yum -y install git curl dnsutils wget # nginx-light

 WORKDIR /root
 #RUN mkdir /etc/nginx/pki
 #RUN mkdir /etc/nginx/pki/private
 #COPY ./test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default

 # BATS (Bash Automated Testings)
 # RUN git clone https://github.com/bats-core/bats-core.git
 # RUN bats-core/install.sh /usr/local

 EXPOSE 80 443

 # Run eternal loop - for testing
 CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]

 # with Pebble
 # docker-compose -f "docker-compose.yml" up -d --build
 # docker exec -it getssl /bin/bash
 # /getssl/test/run-test.sh
--- a/test/Dockerfile-ubuntu
+++ b/test/Dockerfile-ubuntu
--- a/test/run-test.sh
+++ b/test/run-test.sh
@ -1,9 +1,17 @@
 #! /bin/sh

 wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
 export CURL_CA_BUNDLE=/root/pebble.minica.pem
 cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
 export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt

 curl -X POST -d '{"host":"getssl", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a

 # Test certificate creation
 cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
 service nginx start
 /getssl/getssl -c getssl
 cp getssl.cfg /root/.getssl/getssl
 cp /getssl/test/test-config/getssl-ubuntu.cfg /root/.getssl/getssl/getssl.cfg
 /getssl/getssl getssl

 # Test forced renewal
 /getssl/getssl getssl -f
--- a/test/test-config/getssl-ubuntu.cfg
+++ b/test/test-config/getssl-ubuntu.cfg
@ -8,6 +8,11 @@
 #CA="https://acme-v01.api.letsencrypt.org"
 CA="https://pebble:14000/dir"
 SERVER_TYPE="5002"

 #VALIDATE_VIA_DNS=true
 #DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
 #DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"

 #PRIVATE_KEY_ALG="rsa"

 # Additional domains - this could be multiple domains / subdomains in a comma separated list
@ -39,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert

 # The command needed to reload apache / nginx or whatever you use
 RELOAD_CMD="service nginx restart"
 RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"

 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
--- a/test/test-config/nginx-ubuntu-sites-enabled-default
+++ b/test/test-config/nginx-ubuntu-sites-enabled-default
--- a/test/test-config/nginx-ubuntu-ssl
+++ b/test/test-config/nginx-ubuntu-ssl
@ -0,0 +1,88 @@
 ##
 # You should look at the following URL's in order to grasp a solid understanding
 # of Nginx configuration files in order to fully unleash the power of Nginx.
 # http://wiki.nginx.org/Pitfalls
 # http://wiki.nginx.org/QuickStart
 # http://wiki.nginx.org/Configuration
 #
 # Generally, you will want to move this file somewhere, and start with a clean
 # file but keep this around for reference. Or just disable in sites-enabled.
 #
 # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
 ##

 # Default server configuration
 #
 server {
 	listen 5002 default_server;
 	listen [::]:5002 default_server;

 	# SSL configuration
 	#
 	listen 5001 ssl default_server;
 	listen [::]:5001 ssl default_server;
 	#
 	# Note: You should disable gzip for SSL traffic.
 	# See: https://bugs.debian.org/773332
 	#
 	# Read up on ssl_ciphers to ensure a secure configuration.
 	# See: https://bugs.debian.org/765782
 	#
 	# Self signed certs generated by the ssl-cert package
 	# Don't use them in a production server!
 	#
 	# include snippets/snakeoil.conf;

 	root /var/www/html;

 	# Add index.php to the list if you are using PHP
 	index index.html index.htm index.nginx-debian.html;

 	server_name _;
    ssl_certificate /etc/nginx/pki/server.crt;
    ssl_certificate_key /etc/nginx/pki/private/server.key;

 	location / {
 		# First attempt to serve request as file, then
 		# as directory, then fall back to displaying a 404.
 		try_files $uri $uri/ =404;
 	}

 	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
 	#
 	#location ~ \.php$ {
 	#	include snippets/fastcgi-php.conf;
 	#
 	#	# With php7.0-cgi alone:
 	#	fastcgi_pass 127.0.0.1:9000;
 	#	# With php7.0-fpm:
 	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 	#}

 	# deny access to .htaccess files, if Apache's document root
 	# concurs with nginx's one
 	#
 	#location ~ /\.ht {
 	#	deny all;
 	#}
 }


 # Virtual Host configuration for example.com
 #
 # You can move that to a different file under sites-available/ and symlink that
 # to sites-enabled/ to enable it.
 #
 #server {
 #	listen 80;
 #	listen [::]:80;
 #
 #	server_name example.com;
 #
 #	root /var/www/example.com;
 #	index index.html;
 #
 #	location / {
 #		try_files $uri $uri/ =404;
 #	}
 #}