RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Add RHEL6 tests, test dns and http

pull/740/head
Tim Kimber 6 years ago
parent
02e4c45b78
commit
5a3d9af911
10 changed files with 155 additions and 15 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +7
    -0
      dns_scripts/dns_add_challtestsrv
  2. +6
    -0
      dns_scripts/dns_del_challtestsrv
  3. +2
    -2
      docker-compose.yml
  4. +3
    -3
      getssl
  5. +28
    -0
      test/Dockerfile-rhel6
  6. +5
    -7
      test/Dockerfile-ubuntu
  7. +10
    -2
      test/run-test.sh
  8. +6
    -1
      test/test-config/getssl-ubuntu.cfg
  9. +0
    -0
      test/test-config/nginx-ubuntu-no-ssl
  10. +88
    -0
      test/test-config/nginx-ubuntu-ssl

+ 7
- 0
dns_scripts/dns_add_challtestsrv View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
# Simple script to update the challtestserv mock DNS server when testing DNS responses
fulldomain="${1}"
token="${2}"
curl -X POST -d "{\"host\":\"_acme-challenge.${fulldomain}.\", \"value\": \"${token}\"}" http://10.30.50.3:8055/set-txt

+ 6
- 0
dns_scripts/dns_del_challtestsrv View File

@ -0,0 +1,6 @@
#!/usr/bin/env bash
# Simple script to update the challtestserv mock DNS server when testing DNS responses
fulldomain="${1}"
curl -X POST -d "{\"host\":\"_acme-challenge.${fulldomain}.\"}" http://10.30.50.3:8055/clear-txt

+ 2
- 2
docker-compose.yml View File

@ -3,7 +3,7 @@ services:
pebble: pebble:
image: letsencrypt/pebble:latest image: letsencrypt/pebble:latest
# TODO enable -strict # TODO enable -strict
command: pebble -config /test/config/pebble-config.json # -dnsserver 10.30.50.3:8053
command: pebble -config /test/config/pebble-config.json -dnsserver 10.30.50.3:8053
environment: environment:
# with Go 1.13.x which defaults TLS 1.3 to on # with Go 1.13.x which defaults TLS 1.3 to on
GODEBUG: "tls13=1" GODEBUG: "tls13=1"
@ -24,7 +24,7 @@ services:
getssl: getssl:
build: build:
context: . context: .
dockerfile: test/Dockerfile
dockerfile: test/Dockerfile-ubuntu
container_name: getssl container_name: getssl
volumes: volumes:
- .:/getssl - .:/getssl


+ 3
- 3
getssl View File

@ -1415,7 +1415,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
loop_limit=5 loop_limit=5
while [[ "$code" -eq 500 ]]; do while [[ "$code" -eq 500 ]]; do
if [[ "$outfile" ]] ; then if [[ "$outfile" ]] ; then
$CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > $outfile
$CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" > "$outfile"
response=$(cat "$outfile") response=$(cat "$outfile")
elif [[ "$needbase64" ]] ; then elif [[ "$needbase64" ]] ; then
response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" | urlbase64) response=$($CURL -X POST -H "Content-Type: application/jose+json" --data "$body" "$url" | urlbase64)
@ -1438,7 +1438,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
response_status=$(json_get "$response" status \ response_status=$(json_get "$response" status \
| head -1| awk -F'"' '{print $2}') | head -1| awk -F'"' '{print $2}')
else # APIv2 else # APIv2
if [[ "$output" && "$response" ]]; then
if [[ "$outfile" && "$response" ]]; then
debug "response written to $outfile" debug "response written to $outfile"
elif [[ ${response##*()} == "{"* ]]; then elif [[ ${response##*()} == "{"* ]]; then
response_status=$(json_get "$response" status) response_status=$(json_get "$response" status)
@ -2131,7 +2131,7 @@ if [[ $API -eq 2 ]]; then
for d in $alldomains; do for d in $alldomains; do
dstring="${dstring}{\"type\":\"dns\",\"value\":\"$d\"}," dstring="${dstring}{\"type\":\"dns\",\"value\":\"$d\"},"
done done
dstring="${dstring: : -1}]"
dstring="${dstring::${#dstring}-1}]"
# request NewOrder currently seems to ignore the dates .... # request NewOrder currently seems to ignore the dates ....
# dstring="${dstring},\"notBefore\": \"$(date -d "-1 hour" --utc +%FT%TZ)\"" # dstring="${dstring},\"notBefore\": \"$(date -d "-1 hour" --utc +%FT%TZ)\""
# dstring="${dstring},\"notAfter\": \"$(date -d "2 days" --utc +%FT%TZ)\"" # dstring="${dstring},\"notAfter\": \"$(date -d "2 days" --utc +%FT%TZ)\""


+ 28
- 0
test/Dockerfile-rhel6 View File

@ -0,0 +1,28 @@
# FROM ubuntu:xenial
FROM roboxes/rhel6
# FROM centos:centos6
# bionic = latest 18 version
# Update and install required software
RUN yum -y update
RUN yum -y install epel-release
RUN yum -y install git curl dnsutils wget # nginx-light
WORKDIR /root
#RUN mkdir /etc/nginx/pki
#RUN mkdir /etc/nginx/pki/private
#COPY ./test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default
# BATS (Bash Automated Testings)
# RUN git clone https://github.com/bats-core/bats-core.git
# RUN bats-core/install.sh /usr/local
EXPOSE 80 443
# Run eternal loop - for testing
CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]
# with Pebble
# docker-compose -f "docker-compose.yml" up -d --build
# docker exec -it getssl /bin/bash
# /getssl/test/run-test.sh

test/Dockerfile → test/Dockerfile-ubuntu View File


+ 10
- 2
test/run-test.sh View File

@ -1,9 +1,17 @@
#! /bin/sh #! /bin/sh
wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem
export CURL_CA_BUNDLE=/root/pebble.minica.pem
cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt
export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
curl -X POST -d '{"host":"getssl", "addresses":["10.30.50.4"]}' http://10.30.50.3:8055/add-a
# Test certificate creation
cp /getssl/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
service nginx start service nginx start
/getssl/getssl -c getssl /getssl/getssl -c getssl
cp getssl.cfg /root/.getssl/getssl
cp /getssl/test/test-config/getssl-ubuntu.cfg /root/.getssl/getssl/getssl.cfg
/getssl/getssl getssl /getssl/getssl getssl
# Test forced renewal
/getssl/getssl getssl -f

+ 6
- 1
test/test-config/getssl-ubuntu.cfg View File

@ -8,6 +8,11 @@
#CA="https://acme-v01.api.letsencrypt.org" #CA="https://acme-v01.api.letsencrypt.org"
CA="https://pebble:14000/dir" CA="https://pebble:14000/dir"
SERVER_TYPE="5002" SERVER_TYPE="5002"
#VALIDATE_VIA_DNS=true
#DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv"
#DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv"
#PRIVATE_KEY_ALG="rsa" #PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list # Additional domains - this could be multiple domains / subdomains in a comma separated list
@ -39,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use # The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="service nginx restart"
RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which


test/test-config/nginx-ubuntu-sites-enabled-default → test/test-config/nginx-ubuntu-no-ssl View File


+ 88
- 0
test/test-config/nginx-ubuntu-ssl View File

@ -0,0 +1,88 @@
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 5002 default_server;
listen [::]:5002 default_server;
# SSL configuration
#
listen 5001 ssl default_server;
listen [::]:5001 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
ssl_certificate /etc/nginx/pki/server.crt;
ssl_certificate_key /etc/nginx/pki/private/server.key;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

Write Preview
Loading…
Cancel
Save