diff --git a/docker-compose.yml b/docker-compose.yml index 97bb1e5..ebd5369 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,8 +7,6 @@ services: environment: # with Go 1.13.x which defaults TLS 1.3 to on GODEBUG: "tls13=1" - # Don't re-use authorisations (breaks force renew test scripts) - # PEBBLE_AUTHZREUSE: "0" ports: - 14000:14000 # HTTPS ACME API - 15000:15000 # HTTPS Management API @@ -77,6 +75,33 @@ services: - i.centos6.getssl.test - j.centos6.getssl.test - k.centos6.getssl.test + getssl-alpine: + build: + context: . + dockerfile: test/Dockerfile-alpine + container_name: getssl-alpine + volumes: + - .:/getssl + environment: + GETSSL_HOST: alpine.getssl.test + GETSSL_IP: 10.30.50.6 + NGINX_CONFIG: /etc/nginx/conf.d/default.conf + networks: + acmenet: + ipv4_address: 10.30.50.6 + aliases: + - alpine.getssl.test + - a.alpine.getssl.test + - b.alpine.getssl.test + - c.alpine.getssl.test + - d.alpine.getssl.test + - e.alpine.getssl.test + - f.alpine.getssl.test + - g.alpine.getssl.test + - h.alpine.getssl.test + - i.alpine.getssl.test + - j.alpine.getssl.test + - k.alpine.getssl.test getssl-ubuntu18-no-gawk: build: context: . @@ -86,12 +111,12 @@ services: - .:/getssl environment: GETSSL_HOST: ubuntu18-no-gawk.getssl.test - GETSSL_IP: 10.30.50.6 + GETSSL_IP: 10.30.50.7 NGINX_CONFIG: /etc/nginx/sites-enabled/default TEST_AWK: "yes" networks: acmenet: - ipv4_address: 10.30.50.6 + ipv4_address: 10.30.50.7 aliases: - ubuntu18-no-gawk.getssl.test diff --git a/test/Dockerfile-alpine b/test/Dockerfile-alpine new file mode 100644 index 0000000..e9ee6c3 --- /dev/null +++ b/test/Dockerfile-alpine @@ -0,0 +1,20 @@ +FROM alpine:latest + +RUN apk --no-cache add supervisor openssl git curl bind-tools wget gawk nginx bash +# RUN apk --no-cache add vim dos2unix # for debugging + +WORKDIR /root +RUN mkdir /run/nginx +RUN mkdir /etc/nginx/pki +RUN mkdir /etc/nginx/pki/private +COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default +COPY ./test/alpine-supervisord.conf /etc/supervisord.conf + +# BATS (Bash Automated Testings) +RUN git clone https://github.com/bats-core/bats-core.git /bats-core +RUN git clone https://github.com/jasonkarns/bats-support /bats-support +RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert +RUN /bats-core/install.sh /usr/local + +# Use supervisord to run nginx in the background +ENTRYPOINT /usr/bin/supervisord -c /etc/supervisord.conf diff --git a/test/Dockerfile-centos6 b/test/Dockerfile-centos6 index f370a0b..a82bf1f 100644 --- a/test/Dockerfile-centos6 +++ b/test/Dockerfile-centos6 @@ -19,4 +19,4 @@ RUN /bats-core/install.sh /usr/local EXPOSE 80 443 # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu18 b/test/Dockerfile-ubuntu18 index 1b3765c..31554cd 100644 --- a/test/Dockerfile-ubuntu18 +++ b/test/Dockerfile-ubuntu18 @@ -25,4 +25,4 @@ RUN /bats-core/install.sh /usr/local EXPOSE 80 443 # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/Dockerfile-ubuntu18-no-gawk b/test/Dockerfile-ubuntu18-no-gawk index 809708a..3eb9732 100644 --- a/test/Dockerfile-ubuntu18-no-gawk +++ b/test/Dockerfile-ubuntu18-no-gawk @@ -14,4 +14,4 @@ RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert RUN /bats-core/install.sh /usr/local # Run eternal loop - for testing -CMD ["/bin/bash", "-c", "while :; do sleep 10; done"] +CMD tail -f /dev/null diff --git a/test/alpine-supervisord.conf b/test/alpine-supervisord.conf new file mode 100644 index 0000000..8eec585 --- /dev/null +++ b/test/alpine-supervisord.conf @@ -0,0 +1,14 @@ +[supervisord] +nodaemon=true +logfile=/tmp/supervisord.log +childlogdir=/tmp +pidfile = /tmp/supervisord.pid + +[program:nginx] +command=nginx -g 'daemon off;' +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +autorestart=false +startretries=0 diff --git a/test/restart-nginx b/test/restart-nginx new file mode 100644 index 0000000..d35f60f --- /dev/null +++ b/test/restart-nginx @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +if [ "$GETSSL_HOST" = "alpine.getssl.test" ]; then + killall -HUP nginx >&3- + sleep 5 +else + service nginx restart >&3- +fi diff --git a/test/test-config/getssl-dns01.cfg b/test/test-config/getssl-dns01.cfg index 790dee2..98637b0 100644 --- a/test/test-config/getssl-dns01.cfg +++ b/test/test-config/getssl-dns01.cfg @@ -2,35 +2,17 @@ # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # -# The staging server is best for testing -#CA="https://acme-staging.api.letsencrypt.org" -# This server issues full certificates, however has rate limits -#CA="https://acme-v01.api.letsencrypt.org" CA="https://pebble:14000/dir" VALIDATE_VIA_DNS=true DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" -# AUTH_DNS_SERVER=10.30.50.3 - -#PRIVATE_KEY_ALG="rsa" # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="" # Acme Challenge Location. The first line for the domain, the following ones for each additional domain. -# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. -# An ssh key will be needed to provide you with access to the remote server. -# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. -# If left blank, the username on the local server will be used to authenticate against the remote server. -# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location -# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" -# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. ACL=('/var/www/html/.well-known/acme-challenge') -# 'ssh:server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ssh:sshuserid@server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ftp:ftpuserid:ftppassword:getssltest.hopto.org:/web/.well-known/acme-challenge') #Set USE_SINGLE_ACL="true" to use a single ACL for all checks USE_SINGLE_ACL="false" @@ -44,11 +26,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, -# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which -# will be checked for certificate expiry and also will be checked after -# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true -#SERVER_TYPE="https" -#CHECK_REMOTE="true" +# Define the server type and confirm correct certificate is installed +SERVER_TYPE="https" +CHECK_REMOTE="true" diff --git a/test/test-config/getssl-http01-10-hosts.cfg b/test/test-config/getssl-http01-10-hosts.cfg index f521d52..d5c364e 100644 --- a/test/test-config/getssl-http01-10-hosts.cfg +++ b/test/test-config/getssl-http01-10-hosts.cfg @@ -5,7 +5,6 @@ CA="https://pebble:14000/dir" # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="a.${GETSSL_HOST},b.${GETSSL_HOST},c.${GETSSL_HOST},d.${GETSSL_HOST},e.${GETSSL_HOST},f.${GETSSL_HOST},g.${GETSSL_HOST},h.${GETSSL_HOST},i.${GETSSL_HOST},j.${GETSSL_HOST},k.${GETSSL_HOST}" # Acme Challenge Location. @@ -22,7 +21,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -#SERVER_TYPE="https" -#CHECK_REMOTE="true" +# Define the server type and confirm correct certificate is installed +SERVER_TYPE="https" +CHECK_REMOTE="true" diff --git a/test/test-config/getssl-http01.cfg b/test/test-config/getssl-http01.cfg index 305dd49..f7d75ea 100644 --- a/test/test-config/getssl-http01.cfg +++ b/test/test-config/getssl-http01.cfg @@ -2,34 +2,13 @@ # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # -# The staging server is best for testing -#CA="https://acme-staging.api.letsencrypt.org" -# This server issues full certificates, however has rate limits -#CA="https://acme-v01.api.letsencrypt.org" CA="https://pebble:14000/dir" -#VALIDATE_VIA_DNS=true -#DNS_ADD_COMMAND="/getssl/dns_scripts/dns_add_challtestsrv" -#DNS_DEL_COMMAND="/getssl/dns_scripts/dns_del_challtestsrv" - -#PRIVATE_KEY_ALG="rsa" - # Additional domains - this could be multiple domains / subdomains in a comma separated list -# Note: this is Additional domains - so should not include the primary domain. SANS="" -# Acme Challenge Location. The first line for the domain, the following ones for each additional domain. -# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. -# An ssh key will be needed to provide you with access to the remote server. -# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. -# If left blank, the username on the local server will be used to authenticate against the remote server. -# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location -# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" -# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. +# Acme Challenge Location. ACL=('/var/www/html/.well-known/acme-challenge') -# 'ssh:server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ssh:sshuserid@server5:/var/www/getssltest.hopto.org/web/.well-known/acme-challenge' -# 'ftp:ftpuserid:ftppassword:getssltest.hopto.org:/web/.well-known/acme-challenge') #Set USE_SINGLE_ACL="true" to use a single ACL for all checks USE_SINGLE_ACL="false" @@ -43,11 +22,8 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert # The command needed to reload apache / nginx or whatever you use -RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-" +RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && /getssl/test/restart-nginx" -# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, -# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which -# will be checked for certificate expiry and also will be checked after -# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true +# Define the server type and confirm correct certificate is installed SERVER_TYPE="https" CHECK_REMOTE="true" diff --git a/test/test_helper.bash b/test/test_helper.bash index 6f506fd..0ac9a43 100644 --- a/test/test_helper.bash +++ b/test/test_helper.bash @@ -19,7 +19,7 @@ setup_environment() { curl -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl ${NGINX_CONFIG} - service nginx restart >&3- + /getssl/test/restart-nginx } @@ -40,5 +40,4 @@ create_certificate() { # Create certificate cp "${CODE_DIR}/test/test-config/${CONFIG_FILE}" "${INSTALL_DIR}/.getssl/${GETSSL_HOST}/getssl.cfg" run ${CODE_DIR}/getssl "$GETSSL_HOST" - #!FIXME test certificate has been placed in the expected location }