Changes to support centos6

docker-compose.yml

@@ -23,32 +23,61 @@ services:
     networks:
       acmenet:
         ipv4_address: 10.30.50.3
-  getssl-ubuntu16:
+  getssl-ubuntu18:
     build:
       context: .
-      dockerfile: test/Dockerfile-ubuntu
-    container_name: getssl-ubuntu16
+      dockerfile: test/Dockerfile-ubuntu18
+    container_name: getssl-ubuntu18
     volumes:
       - .:/getssl
     environment:
-      GETSSL_HOST: ubuntu16.getssl.test
+      GETSSL_HOST: ubuntu18.getssl.test
       GETSSL_IP: 10.30.50.4
+      NGINX_CONFIG: /etc/nginx/sites-enabled/default
     networks:
       acmenet:
         ipv4_address: 10.30.50.4
         aliases:
-          - ubuntu16.getssl.test
-          - a.ubuntu16.getssl.test
-          - b.ubuntu16.getssl.test
-          - c.ubuntu16.getssl.test
-          - d.ubuntu16.getssl.test
-          - e.ubuntu16.getssl.test
-          - f.ubuntu16.getssl.test
-          - g.ubuntu16.getssl.test
-          - h.ubuntu16.getssl.test
-          - i.ubuntu16.getssl.test
-          - j.ubuntu16.getssl.test
-          - k.ubuntu16.getssl.test
+          - ubuntu18.getssl.test
+          - a.ubuntu18.getssl.test
+          - b.ubuntu18.getssl.test
+          - c.ubuntu18.getssl.test
+          - d.ubuntu18.getssl.test
+          - e.ubuntu18.getssl.test
+          - f.ubuntu18.getssl.test
+          - g.ubuntu18.getssl.test
+          - h.ubuntu18.getssl.test
+          - i.ubuntu18.getssl.test
+          - j.ubuntu18.getssl.test
+          - k.ubuntu18.getssl.test
+  getssl-centos6:
+    build:
+      context: .
+      dockerfile: test/Dockerfile-centos6
+    container_name: getssl-centos6
+    volumes:
+      - .:/getssl
+    environment:
+      GETSSL_HOST: centos6.getssl.test
+      GETSSL_IP: 10.30.50.5
+      NGINX_CONFIG: /etc/nginx/conf.d/default.conf
+    networks:
+      acmenet:
+        ipv4_address: 10.30.50.5
+        aliases:
+          -   centos6.getssl.test
+          - a.centos6.getssl.test
+          - b.centos6.getssl.test
+          - c.centos6.getssl.test
+          - d.centos6.getssl.test
+          - e.centos6.getssl.test
+          - f.centos6.getssl.test
+          - g.centos6.getssl.test
+          - h.centos6.getssl.test
+          - i.centos6.getssl.test
+          - j.centos6.getssl.test
+          - k.centos6.getssl.test
+
 networks:
   acmenet:
     driver: bridge

test/Dockerfile-centos6

@@ -0,0 +1,22 @@
+FROM centos:centos6
+
+# Update and install required software
+RUN yum -y update
+RUN yum -y install epel-release
+RUN yum -y install git curl dnsutils wget nginx
+
+WORKDIR /root
+RUN mkdir /etc/nginx/pki
+RUN mkdir /etc/nginx/pki/private
+COPY ./test/test-config/nginx-ubuntu-no-ssl /etc/nginx/conf.d/default.conf
+
+# BATS (Bash Automated Testings)
+RUN git clone https://github.com/bats-core/bats-core.git /bats-core
+RUN git clone https://github.com/jasonkarns/bats-support /bats-support
+RUN git clone https://github.com/jasonkarns/bats-assert-1 /bats-assert
+RUN /bats-core/install.sh /usr/local
+
+EXPOSE 80 443
+
+# Run eternal loop - for testing
+CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]

test/Dockerfile-rhel6

@@ -1,22 +0,0 @@
-FROM roboxes/rhel6
-# FROM centos:centos6
-# bionic = latest 18 version
-
-# Update and install required software
-RUN yum -y update
-RUN yum -y install epel-release
-RUN yum -y install git curl dnsutils wget # nginx-light
-
-WORKDIR /root
-#RUN mkdir /etc/nginx/pki
-#RUN mkdir /etc/nginx/pki/private
-#COPY ./test/test-config/nginx-ubuntu-sites-enabled-default /etc/nginx/sites-enabled/default
-
-# BATS (Bash Automated Testings)
-# RUN git clone https://github.com/bats-core/bats-core.git
-# RUN bats-core/install.sh /usr/local
-
-EXPOSE 80 443
-
-# Run eternal loop - for testing
-CMD ["/bin/bash", "-c", "while :; do sleep 10; done"]

test/run-test.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 # This runs getssl outside of the BATS framework for debugging, etc, against pebble
-# Usage: /getssl/test/run-test.sh getssl-http-01.cfg
+# Usage: /getssl/test/run-test.sh getssl-http01.cfg
 
 CONFIG_FILE=$1
 source /getssl/test/test_helper.bash

test/test-config/getssl-dns01-dual-rsa-ecdsa.cfg

@@ -47,7 +47,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-dns01.cfg

@@ -44,7 +44,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-http01-10-hosts.cfg

@@ -22,7 +22,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG}  && service nginx restart >&3-"
 
 #SERVER_TYPE="https"
 #CHECK_REMOTE="true"

test/test-config/getssl-http01-dual-rsa-ecdsa.cfg

@@ -45,7 +45,7 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which

test/test-config/getssl-http01.cfg

@@ -43,11 +43,11 @@ DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
 DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
 
 # The command needed to reload apache / nginx or whatever you use
-RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl /etc/nginx/sites-enabled/default && service nginx restart >&3-"
+RELOAD_CMD="cp /getssl/test/test-config/nginx-ubuntu-ssl ${NGINX_CONFIG} && service nginx restart >&3-"
 
 # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
 # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
 # will be checked for certificate expiry and also will be checked after
 # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
-#SERVER_TYPE="https"
-#CHECK_REMOTE="true"
+SERVER_TYPE="https"
+CHECK_REMOTE="true"

test/test-config/nginx-ubuntu-no-ssl

@@ -1,16 +1,3 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# http://wiki.nginx.org/Pitfalls
-# http://wiki.nginx.org/QuickStart
-# http://wiki.nginx.org/Configuration
-#
-# Generally, you will want to move this file somewhere, and start with a clean
-# file but keep this around for reference. Or just disable in sites-enabled.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
 # Default server configuration
 #
 server {
@@ -26,18 +13,6 @@ server {
 	listen 5001 default_server;
 	listen [::]:5001 default_server;
 
-	#
-	# Note: You should disable gzip for SSL traffic.
-	# See: https://bugs.debian.org/773332
-	#
-	# Read up on ssl_ciphers to ensure a secure configuration.
-	# See: https://bugs.debian.org/765782
-	#
-	# Self signed certs generated by the ssl-cert package
-	# Don't use them in a production server!
-	#
-	# include snippets/snakeoil.conf;
-
 	root /var/www/html;
 
 	# Add index.php to the list if you are using PHP
@@ -52,42 +27,4 @@ server {
 		# as directory, then fall back to displaying a 404.
 		try_files $uri $uri/ =404;
 	}
-
-	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-	#
-	#location ~ \.php$ {
-	#	include snippets/fastcgi-php.conf;
-	#
-	#	# With php7.0-cgi alone:
-	#	fastcgi_pass 127.0.0.1:9000;
-	#	# With php7.0-fpm:
-	#	fastcgi_pass unix:/run/php/php7.0-fpm.sock;
-	#}
-
-	# deny access to .htaccess files, if Apache's document root
-	# concurs with nginx's one
-	#
-	#location ~ /\.ht {
-	#	deny all;
-	#}
 }
-
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-#	listen 80;
-#	listen [::]:80;
-#
-#	server_name example.com;
-#
-#	root /var/www/example.com;
-#	index index.html;
-#
-#	location / {
-#		try_files $uri $uri/ =404;
-#	}
-#}

test/test_helper.bash

@@ -9,13 +9,16 @@ setup_environment() {
     fi
 
     if [ ! -f ${INSTALL_DIR}/pebble.minica.pem ]; then
-        wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1 # | sed 's/^/# /' >&3
-        # cat /etc/pki/tls/certs/ca-bundle.crt /root/pebble.minica.pem > /root/pebble-ca-bundle.crt  # RHEL6?
-        cat /etc/ssl/certs/ca-certificates.crt ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
+        wget --no-clobber https://raw.githubusercontent.com/letsencrypt/pebble/master/test/certs/pebble.minica.pem 2>&1
+        CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+        if [ ! -f $CERT_FILE ]; then
+            CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
+        fi
+        cat $CERT_FILE ${INSTALL_DIR}/pebble.minica.pem > ${INSTALL_DIR}/pebble-ca-bundle.crt
     fi
 
     curl -X POST -d '{"host":"'"$GETSSL_HOST"'", "addresses":["'"$GETSSL_IP"'"]}' http://10.30.50.3:8055/add-a
-    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl /etc/nginx/sites-enabled/default
+    cp ${CODE_DIR}/test/test-config/nginx-ubuntu-no-ssl ${NGINX_CONFIG}
     service nginx restart >&3-
 }