installer unit tests
This commit is contained in:
Maarten de Waard
parent
a540ee540f
commit
2e0b3ae55b
|
|
@ -123,7 +123,7 @@ class HAProxyInstaller(common.Plugin):
|
|||
" 'h2ppy h2cker fake CA' that is used by the local boulder."
|
||||
),
|
||||
type=unicode,
|
||||
default=u'h2ppy h2cker fake CA'
|
||||
default=u'Let\'s Encrypt Authority X3'
|
||||
)
|
||||
add(
|
||||
"no-fall-back-cert",
|
||||
|
|
@ -325,7 +325,7 @@ class HAProxyInstaller(common.Plugin):
|
|||
|
||||
if not key_path:
|
||||
raise errors.PluginError(
|
||||
"The haproxy plugin requires --key-path to"
|
||||
"The haproxy plugin requires a key path to"
|
||||
" install a cert.")
|
||||
|
||||
# Choose whether to make a new file or change an existing file
|
||||
|
|
@ -338,21 +338,29 @@ class HAProxyInstaller(common.Plugin):
|
|||
self.save_notes += " certificate for domain %s\n" % domain
|
||||
|
||||
if fullchain_path:
|
||||
if not os.path.isfile(fullchain_path):
|
||||
raise errors.PluginError("fullchain_path is not a file")
|
||||
with open(fullchain_path) as fullchain:
|
||||
self.save_notes += "\t- Used fullchain path %s\n" % \
|
||||
fullchain_path
|
||||
dic[crt_filename] = fullchain.read()
|
||||
elif cert_path:
|
||||
if not os.path.isfile(cert_path):
|
||||
raise errors.PluginError("cert_path is not a file")
|
||||
with open(cert_path) as cert:
|
||||
self.save_notes += "\t- Used cert path %s\n" % cert_path
|
||||
dic[crt_filename] = cert.read()
|
||||
if chain_path:
|
||||
if not os.path.isfile(chain_path):
|
||||
raise errors.PluginError("chain_path is not a file")
|
||||
with open(chain_path) as chain:
|
||||
dic[crt_filename] += chain.read()
|
||||
self.save_notes += "\t- Used chain path %s\n" % chain_path
|
||||
else:
|
||||
self.save_notes += "\t- No chain path provided\n"
|
||||
|
||||
if not os.path.isfile(key_path):
|
||||
raise errors.PluginError("key_path is not a file")
|
||||
with open(key_path) as key:
|
||||
self.save_notes += "\t- Used key path %s\n" % key_path
|
||||
dic[crt_filename] += key.read()
|
||||
|
|
@ -538,8 +546,7 @@ class HAProxyInstaller(common.Plugin):
|
|||
|
||||
"""
|
||||
test_cmd = constants.os_constant('conftest_cmd') + \
|
||||
[constants.os_constant('haproxy_config')]
|
||||
print "Running test command: ", str(test_cmd)
|
||||
[self.conf('haproxy_config')]
|
||||
try:
|
||||
util.run_script(test_cmd)
|
||||
except errors.SubprocessError as err:
|
||||
|
|
|
|||
|
|
@ -1 +1,16 @@
|
|||
"""Certbot HAProxy Tests"""
|
||||
import unittest
|
||||
|
||||
|
||||
def load_tests(loader, tests, pattern=None):
|
||||
"""Find all python files in the tests folder"""
|
||||
if pattern is None:
|
||||
pattern = 'test_*.py'
|
||||
print "loader: ", loader
|
||||
|
||||
suite = loader.discover('certbot_haproxy/tests', pattern=pattern)
|
||||
suite.addTests(tests)
|
||||
return suite
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
||||
|
|
|
|||
|
|
@ -1,48 +0,0 @@
|
|||
"""Test installer functions"""
|
||||
import unittest
|
||||
import mock
|
||||
import os
|
||||
|
||||
from certbot_haproxy.installer import HAProxyInstaller
|
||||
from certbot.plugins import common
|
||||
|
||||
|
||||
def _conf(self, var):
|
||||
"""Don't append names to attributes in the config."""
|
||||
return getattr(self.config, var.replace("-", "_"))
|
||||
|
||||
|
||||
class TestInstaller(unittest.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
test_dir = "installer"
|
||||
temp_dir, config_dir, work_dir = common.dir_setup(
|
||||
test_dir=test_dir,
|
||||
pkg="certbot_haproxy.tests")
|
||||
backups = os.path.join(work_dir, "backups")
|
||||
mock_le_config = mock.MagicMock(
|
||||
temp_checkpoint_dir=os.path.join(
|
||||
work_dir, "temp_checkpoints"),
|
||||
in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
|
||||
work_dir=work_dir,
|
||||
config_dir=config_dir,
|
||||
temp_dir=temp_dir,
|
||||
haproxy_config="/etc/haproxy/config",
|
||||
haproxy_crt_dir=os.path.join(temp_dir, test_dir, "certs"),
|
||||
haproxy_ca_common_name=u'h2ppy h2cker fake CA'
|
||||
)
|
||||
|
||||
with mock.patch("certbot.reverter.Reverter"):
|
||||
self.installer = HAProxyInstaller(
|
||||
config=mock_le_config, name="installer")
|
||||
self.installer.prepare()
|
||||
|
||||
@mock.patch("certbot_haproxy.installer.HAProxyInstaller.conf",
|
||||
new=_conf)
|
||||
def test_get_all_certs_keys(self):
|
||||
"""Test if get_all_certs_keys returns all the LE certificates"""
|
||||
all_certs_keys = self.installer.get_all_certs_keys()
|
||||
self.assertEqual(len(all_certs_keys), 3)
|
||||
self.assertIsInstance(all_certs_keys, list)
|
||||
for item in all_certs_keys:
|
||||
self.assertIsInstance(item, tuple)
|
||||
|
|
@ -0,0 +1,147 @@
|
|||
"""Test installer functions"""
|
||||
import unittest
|
||||
import mock
|
||||
import os
|
||||
|
||||
from certbot import errors
|
||||
from certbot.plugins import common
|
||||
from certbot_haproxy.installer import HAProxyInstaller
|
||||
|
||||
|
||||
def _conf(self, var):
|
||||
"""Don't append names to attributes in the config."""
|
||||
return getattr(self.config, var.replace("-", "_"))
|
||||
|
||||
|
||||
@mock.patch("certbot_haproxy.installer.HAProxyInstaller.conf", new=_conf)
|
||||
class TestInstaller(unittest.TestCase):
|
||||
"""Test the relevant functions of the certbot_haproxy installer"""
|
||||
|
||||
def setUp(self):
|
||||
self.test_dir = "installer"
|
||||
self.temp_dir, config_dir, work_dir = common.dir_setup(
|
||||
test_dir=self.test_dir,
|
||||
pkg="certbot_haproxy.tests")
|
||||
backups = os.path.join(work_dir, "backups")
|
||||
mock_le_config = mock.MagicMock(
|
||||
temp_checkpoint_dir=os.path.join(
|
||||
work_dir, "temp_checkpoints"),
|
||||
in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
|
||||
work_dir=work_dir,
|
||||
config_dir=config_dir,
|
||||
temp_dir=self.temp_dir,
|
||||
backup_dir=backups,
|
||||
haproxy_config=os.path.join(
|
||||
self.temp_dir, self.test_dir, "haproxy.cfg"),
|
||||
haproxy_crt_dir=os.path.join(
|
||||
self.temp_dir, self.test_dir, "certs"),
|
||||
haproxy_ca_common_name=u'h2ppy h2cker fake CA',
|
||||
no_fall_back_cert=False,
|
||||
)
|
||||
|
||||
self.installer = HAProxyInstaller(
|
||||
config=mock_le_config, name="installer")
|
||||
self.installer.prepare()
|
||||
|
||||
def test_get_all_certs_keys(self):
|
||||
"""Test if get_all_certs_keys returns all the LE certificates"""
|
||||
all_certs_keys = self.installer.get_all_certs_keys()
|
||||
self.assertEqual(len(all_certs_keys), 3)
|
||||
self.assertIsInstance(all_certs_keys, list)
|
||||
for item in all_certs_keys:
|
||||
self.assertIsInstance(item, tuple)
|
||||
|
||||
@mock.patch("certbot_haproxy.installer.logger")
|
||||
@mock.patch("certbot.util.logger")
|
||||
def test_add_parser_arguments(self, util_logger, certbot_logger):
|
||||
"""Weak test taken from apache plugin tests"""
|
||||
self.installer.add_parser_arguments(mock.MagicMock())
|
||||
self.assertEqual(certbot_logger.error.call_count, 0)
|
||||
self.assertEqual(util_logger.error.call_count, 0)
|
||||
|
||||
def test_get_all_names(self):
|
||||
"""Tests if get_all_Names reads le1.wtf and le2.wtf from the test
|
||||
haproxy config file
|
||||
"""
|
||||
names = self.installer.get_all_names()
|
||||
self.assertEqual(names, set(['le1.wtf', 'le2.wtf']))
|
||||
|
||||
def test_fall_back_cert(self, *mocks):
|
||||
"""Test if a certificate is generated and added to new_crt_files"""
|
||||
# Should maybe use another library than OpenSSL, if that's possible
|
||||
from OpenSSL import crypto
|
||||
self.installer.new_crt_files = {}
|
||||
self.installer._fall_back_cert()
|
||||
key = self.installer.new_crt_files.keys()[0]
|
||||
cert = self.installer.new_crt_files[key]
|
||||
self.assertIsInstance(key, str)
|
||||
self.assertIsInstance(cert, str)
|
||||
privkey = crypto.load_privatekey(crypto.FILETYPE_PEM, cert)
|
||||
certificate = crypto.load_certificate(crypto.FILETYPE_PEM, cert)
|
||||
self.assertTrue(privkey.check())
|
||||
|
||||
def test_deploy_cert_save(self):
|
||||
"""Deploy and save a certificate and rollback after that"""
|
||||
# Variables for test:
|
||||
domain = 'le.wtf'
|
||||
crt_dir = os.path.join(self.temp_dir, self.test_dir, "deploy_test")
|
||||
base = os.path.join(self.temp_dir, self.test_dir, "deploy_cert")
|
||||
key_path = os.path.join(base, "privkey.pem")
|
||||
cert_path = os.path.join(base, "cert.pem")
|
||||
chain_path = os.path.join(base, "chain.pem")
|
||||
fullchain_path = os.path.join(base, "fullchain.pem")
|
||||
|
||||
# Prepare installer
|
||||
self.installer.config.no_fall_back_cert = True
|
||||
self.installer.config.haproxy_crt_dir = crt_dir
|
||||
|
||||
# Try with files that don't exist, should raise PluginError:
|
||||
self.assertRaises(
|
||||
errors.PluginError,
|
||||
self.installer.deploy_cert,
|
||||
domain, 'no-cert', 'no-key')
|
||||
|
||||
# Arguments for several tests
|
||||
all_args = [
|
||||
(domain, cert_path, key_path),
|
||||
(domain, cert_path, key_path, chain_path),
|
||||
(domain, None, key_path, None, fullchain_path),
|
||||
]
|
||||
|
||||
# Run deploy and save with all types of args
|
||||
for args in all_args:
|
||||
# Deploy with only key and cert
|
||||
self.installer.deploy_cert(*args)
|
||||
self.installer.save()
|
||||
# Check if le.wtf.pem is created
|
||||
pem = os.path.join(crt_dir, domain) + self.installer.crt_postfix
|
||||
self.assertTrue(os.path.isfile(pem))
|
||||
# Roll back pem creation
|
||||
self.installer.rollback_checkpoints()
|
||||
# Check if file was removed again
|
||||
self.assertFalse(os.path.isfile(pem))
|
||||
|
||||
@mock.patch("certbot_haproxy.installer.logger")
|
||||
@mock.patch("certbot.util.logger")
|
||||
def test_config_test(self, util_logger, certbot_logger):
|
||||
"""Test config_test function with a faulty and a valid cfg file"""
|
||||
# Check with current config file
|
||||
self.installer.config_test()
|
||||
self.assertEqual(certbot_logger.error.call_count, 0)
|
||||
self.assertEqual(util_logger.error.call_count, 0)
|
||||
|
||||
# Check with bad config file
|
||||
self.installer.config.haproxy_config = os.path.join(
|
||||
self.temp_dir, self.test_dir, "haproxy_bad.cfg")
|
||||
self.assertRaises(
|
||||
errors.MisconfigurationError,
|
||||
self.installer.config_test
|
||||
)
|
||||
|
||||
# Check with empty config file
|
||||
self.installer.config.haproxy_config = os.path.join(
|
||||
self.temp_dir, self.test_dir, "haproxy_empty.cfg")
|
||||
self.assertRaises(
|
||||
errors.MisconfigurationError,
|
||||
self.installer.config_test
|
||||
)
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEjjCCA3agAwIBAgITAP8dU9EqObz3KDuVJ5zsgvHaPzANBgkqhkiG9w0BAQsF
|
||||
ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTYwODI1
|
||||
MDBaFw0xNjExMTQwODI1MDBaMEUxFDASBgNVBAMTC3Rlc3RzaXRlLm5sMS0wKwYD
|
||||
VQQFEyRmZjFkNTNkMTJhMzliY2Y3MjgzYjk1Mjc5Y2VjODJmMWRhM2YwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD69azKc6hhqley1TDosC1yybb4Re3o
|
||||
QAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPGdjiAeQg3wYS/4D9a
|
||||
9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1OYuSh5Auuo/zOpBq
|
||||
1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q/KPtp29X4/9Njsi+
|
||||
Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4RtOcZbSdtkqSCcvyn
|
||||
lDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnONM22bocmxAgMBAAGj
|
||||
ggGbMIIBlzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
||||
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMy9atItsN+uYHZrFstFAuRT
|
||||
07LSMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGYGCCsGAQUFBwEB
|
||||
BFowWDAiBggrBgEFBQcwAYYWaHR0cDovLzEyNy4wLjAuMTo0MDAyLzAyBggrBgEF
|
||||
BQcwAoYmaHR0cDovLzEyNy4wLjAuMTo0MDAwL2FjbWUvaXNzdWVyLWNlcnQwJAYD
|
||||
VR0RBB0wG4ILdGVzdHNpdGUubmyCDHRlc3RzaXRlMi5ubDAnBgNVHR8EIDAeMByg
|
||||
GqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIB
|
||||
MEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8G
|
||||
CCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQAveccT5zxeDkkDfdfp2pap1/EkHRcYQR5wb/XheYEmBWbKDEqO7IZBl5BSAjei
|
||||
D6BeTE3f9VuDGkUV5WaowVJFjpjWIhzRO/ghnGKgXF1O2CeqbF5cdWaHfMDxNy+b
|
||||
fHNbyWV0YFZtAC0Ema/ceYidx7dpRc+p1/FzuSIV8MHcVExGIRllUAJwIT9wN62T
|
||||
XvBVHkJMm+iwRtEpzPnEEvS5x/Tdw4eFoOlKlu+lDgLl+n5YNR0dgEP6PvzTrdJG
|
||||
FhMXOXFpLYOaI+AC5oup8Sh43Eqh/ZgBr9vv0WonFI//mekinzrBQn6gxWCsPWNF
|
||||
H+kn9B1TfT1J+5b/xlNRAvVe
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj
|
||||
a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN
|
||||
MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC
|
||||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5
|
||||
Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU
|
||||
zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U
|
||||
joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK
|
||||
FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7
|
||||
XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC
|
||||
AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC
|
||||
BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw
|
||||
AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB
|
||||
BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh
|
||||
eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN
|
||||
MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6
|
||||
Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
|
||||
aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV
|
||||
HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y
|
||||
AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4
|
||||
idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+
|
||||
U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv
|
||||
ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt
|
||||
j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC
|
||||
XE9ijPIcvW6y1aa3bGw=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIEjjCCA3agAwIBAgITAP8dU9EqObz3KDuVJ5zsgvHaPzANBgkqhkiG9w0BAQsF
|
||||
ADAfMR0wGwYDVQQDDBRoMnBweSBoMmNrZXIgZmFrZSBDQTAeFw0xNjA4MTYwODI1
|
||||
MDBaFw0xNjExMTQwODI1MDBaMEUxFDASBgNVBAMTC3Rlc3RzaXRlLm5sMS0wKwYD
|
||||
VQQFEyRmZjFkNTNkMTJhMzliY2Y3MjgzYjk1Mjc5Y2VjODJmMWRhM2YwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD69azKc6hhqley1TDosC1yybb4Re3o
|
||||
QAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPGdjiAeQg3wYS/4D9a
|
||||
9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1OYuSh5Auuo/zOpBq
|
||||
1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q/KPtp29X4/9Njsi+
|
||||
Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4RtOcZbSdtkqSCcvyn
|
||||
lDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnONM22bocmxAgMBAAGj
|
||||
ggGbMIIBlzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
|
||||
AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMy9atItsN+uYHZrFstFAuRT
|
||||
07LSMB8GA1UdIwQYMBaAFPt4TxL5YBWDLJ8XfzQZsy426kGJMGYGCCsGAQUFBwEB
|
||||
BFowWDAiBggrBgEFBQcwAYYWaHR0cDovLzEyNy4wLjAuMTo0MDAyLzAyBggrBgEF
|
||||
BQcwAoYmaHR0cDovLzEyNy4wLjAuMTo0MDAwL2FjbWUvaXNzdWVyLWNlcnQwJAYD
|
||||
VR0RBB0wG4ILdGVzdHNpdGUubmyCDHRlc3RzaXRlMi5ubDAnBgNVHR8EIDAeMByg
|
||||
GqAYhhZodHRwOi8vZXhhbXBsZS5jb20vY3JsMGEGA1UdIARaMFgwCAYGZ4EMAQIB
|
||||
MEwGAyoDBDBFMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMB8G
|
||||
CCsGAQUFBwICMBMMEURvIFdoYXQgVGhvdSBXaWx0MA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQAveccT5zxeDkkDfdfp2pap1/EkHRcYQR5wb/XheYEmBWbKDEqO7IZBl5BSAjei
|
||||
D6BeTE3f9VuDGkUV5WaowVJFjpjWIhzRO/ghnGKgXF1O2CeqbF5cdWaHfMDxNy+b
|
||||
fHNbyWV0YFZtAC0Ema/ceYidx7dpRc+p1/FzuSIV8MHcVExGIRllUAJwIT9wN62T
|
||||
XvBVHkJMm+iwRtEpzPnEEvS5x/Tdw4eFoOlKlu+lDgLl+n5YNR0dgEP6PvzTrdJG
|
||||
FhMXOXFpLYOaI+AC5oup8Sh43Eqh/ZgBr9vv0WonFI//mekinzrBQn6gxWCsPWNF
|
||||
H+kn9B1TfT1J+5b/xlNRAvVe
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEijCCA3KgAwIBAgICEk0wDQYJKoZIhvcNAQELBQAwKzEpMCcGA1UEAwwgY2Fj
|
||||
a2xpbmcgY3J5cHRvZ3JhcGhlciBmYWtlIFJPT1QwHhcNMTUxMDIxMjAxMTUyWhcN
|
||||
MjAxMDE5MjAxMTUyWjAfMR0wGwYDVQQDExRoYXBweSBoYWNrZXIgZmFrZSBDQTCC
|
||||
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIKR3maBcUSsncXYzQT13D5
|
||||
Nr+Z3mLxMMh3TUdt6sACmqbJ0btRlgXfMtNLM2OU1I6a3Ju+tIZSdn2v21JBwvxU
|
||||
zpZQ4zy2cimIiMQDZCQHJwzC9GZn8HaW091iz9H0Go3A7WDXwYNmsdLNRi00o14U
|
||||
joaVqaPsYrZWvRKaIRqaU0hHmS0AWwQSvN/93iMIXuyiwywmkwKbWnnxCQ/gsctK
|
||||
FUtcNrwEx9Wgj6KlhwDTyI1QWSBbxVYNyUgPFzKxrSmwMO0yNff7ho+QT9x5+Y/7
|
||||
XE59S4Mc4ZXxcXKew/gSlN9U5mvT+D2BhDtkCupdfsZNCQWp27A+b/DmrFI9NqsC
|
||||
AwEAAaOCAcIwggG+MBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0eBDwwOqE4MAaC
|
||||
BC5taWwwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
|
||||
AAAAAAAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAyBggrBgEFBQcw
|
||||
AYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20wOwYIKwYB
|
||||
BQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNh
|
||||
eDMucDdjMB8GA1UdIwQYMBaAFOmkP+6epeby1dd5YDyTpi4kjpeqMFQGA1UdIARN
|
||||
MEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6
|
||||
Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
|
||||
aHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JMLmNybDAdBgNV
|
||||
HQ4EFgQU+3hPEvlgFYMsnxd/NBmzLjbqQYkwDQYJKoZIhvcNAQELBQADggEBAA0Y
|
||||
AeLXOklx4hhCikUUl+BdnFfn1g0W5AiQLVNIOL6PnqXu0wjnhNyhqdwnfhYMnoy4
|
||||
idRh4lB6pz8Gf9pnlLd/DnWSV3gS+/I/mAl1dCkKby6H2V790e6IHmIK2KYm3jm+
|
||||
U++FIdGpBdsQTSdmiX/rAyuxMDM0adMkNBwTfQmZQCz6nGHw1QcSPZMvZpsC8Skv
|
||||
ekzxsjF1otOrMUPNPQvtTWrVx8GlR2qfx/4xbQa1v2frNvFBCmO59goz+jnWvfTt
|
||||
j2NjwDZ7vlMBsPm16dbKYC840uvRoZjxqsdc3ChCZjqimFqlNG/xoPA8+dTicZzC
|
||||
XE9ijPIcvW6y1aa3bGw=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD69azKc6hhqley
|
||||
1TDosC1yybb4Re3oQAP33I0wdAyl1/xzPj0WxnPM/1BVAQypRTNJsuPqn/S1vsPG
|
||||
djiAeQg3wYS/4D9a9TZJyDiA9M4mTf7tbx91ggB4Da3X6+SGIPTCKIF/I8RZKQC1
|
||||
OYuSh5Auuo/zOpBq1zx8L7EZi2q8ccbdtU80LZY3CztOvW4bBeiUQfr4OpPKMr2Q
|
||||
/KPtp29X4/9Njsi+Qfsg4lC7yc42wDLbmUz+uxu5WDI2KoMgeJL8V1LGT2Pxyl4R
|
||||
tOcZbSdtkqSCcvynlDyrHaPhs3qL8W1tmt24s5/9IHSUTPzrYetoQRWqr7r1tnON
|
||||
M22bocmxAgMBAAECggEAHTauF58hEcVvkgzJNb0UfVFH8FzLlgalr5vH/8Tyl/et
|
||||
loi/OcB+SHXMFykZHTdGAiVF7NET/ngneBnY9/Oe5karul5TYbY7zJj3IuPcf48C
|
||||
xwbxhY9NmKwW+ZSnNInvlA59DJzQRYTFZVM+kR8gxJ/JFApUN2u4ycgPeKbHFQp6
|
||||
lSkkK3hhIWjYdmGAnvBO2WvP15/K/aax2ohbAf+nkLTiisCcQOL1c7j/lIPGFRS8
|
||||
7lZgivfyPdfYi9pJ2eonNmER+F7ruhnCgCsEhvj7Hv57YQ8V3YsJ+0m/MfE2mDX7
|
||||
mwACytDEExWuiPmjlrcFy42vHf8X8fuYVg5YVmxH1QKBgQD/4Kis75wsJtxTPBFA
|
||||
LHX3AtnIVLyiQWeZBnZhk8kRiLiUa6B84D5Ca3ED1dGXW8Gw021BAukMPREx3oyA
|
||||
atUi942DJPVywVn0xf7XqmdMtaANSYOKT0JZ+j6g3vdEcEa6WPPrJJQpCGH7nGY0
|
||||
i9TePAisfdeo3UL1EWVM/+0LpwKBgQD7FGnoroUc0vGruzn0RICD0JrKqsCZVXaQ
|
||||
czq9WyeziHw2YRqF77EHG03SRFFRxbnAPhYjfrTtO09G0gCKmu11TX6785nlnJMF
|
||||
ZsYLEltz+GweXlW6eDwoNVOR1g7ox8ph+dqHxnA88UMql7lC+cEuPWKRhTlRg5yF
|
||||
xuoiMXJK5wKBgQD+o9C46Wt99N5mZuyz9Isg2tFosAtZXcV/YBMHYE9FB87IxaLd
|
||||
IzxSVSIPMwZ1nnbPRlj/zamm6E7oVhV05txdBAbscCdjoE+pbDEE5ywOBuHU10f0
|
||||
qJPbf1I8PifND/8TC9sSM0DO5Oy9vRNpT47z6sKnBkVMY4Vy5XDug/KfGQKBgQDT
|
||||
kcgMwcJ5H2d1hja3lmGUsVs+G9RfYJyf6/k7RmyV5BSG3hwzcF6D1oYlAFxlw29a
|
||||
hvawwjxDCw8qZhr+sL4Xck2wovyzdtSMYKXQ/o8BkfvJO0SR9G78krLw2KeHj5MC
|
||||
LD/w2U4KjGJEqcT6ouodxKwiY1iBT529PHheh7v/UQKBgF32brFvPS1HUHQTSxmf
|
||||
v2I56PygoO+5JwTWzDGKTF9myrKZV1hAfCD5PC1bDa31FtaBafe4Tna0n6fi927d
|
||||
7ZIETyMNal9RRyrizs4ofXC73Z6lDtN+Tx9KkatSv53vg5XhGO/YvG/XoVrIsg+y
|
||||
KDCtDY6AERC2OGNgGa4d4H5+
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
global
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
ssl-default-bind-ciphers AES128+AESGCM+EECDH:AES128+EECDH:AES128+AESGCM+DHE:AES128+EDH:AES256+AESGCM+EECDH:AES256+EECDH:AES256+AESGCM+EDH:AES256+EDH:!SHA:!MD5:!RC4:!DES:!DSS
|
||||
ssl-default-bind-options no-sslv3
|
||||
tune.ssl.default-dh-param 2048
|
||||
|
||||
frontend http-in
|
||||
bind *:80
|
||||
mode http
|
||||
# LE HAProxy installer should combine certs and place them here..
|
||||
# Uncomment when ready.. Needs ACL to work per site.
|
||||
bind *:443 ssl crt /etc/ssl/crt/
|
||||
|
||||
acl is_letsencrypt path_beg -i /.well-known/acme-challenge
|
||||
use_backend letsencrypt if is_letsencrypt
|
||||
acl le1-wtf hdr(host) -i le1.wtf
|
||||
acl other-site hdr(host) -i le2.wtf
|
||||
|
||||
# IF redirect is to be used, uncomment the next line
|
||||
# redirect scheme https if !{ ssl_fc } and testsite.nl
|
||||
default_backend nodes
|
||||
|
||||
backend letsencrypt
|
||||
log global
|
||||
mode http
|
||||
server letsencrypt 127.0.0.1:8000
|
||||
|
||||
backend nodes
|
||||
log global
|
||||
mode http
|
||||
option tcplog
|
||||
balance roundrobin
|
||||
option forwardfor
|
||||
option http-server-close
|
||||
option httpclose
|
||||
http-request set-header X-Forwarded-Port %[dst_port]
|
||||
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
||||
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
|
||||
server node1 127.0.0.1:8080 check
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
this is bad
|
||||
|
||||
frontend http-in
|
||||
bind *:80
|
||||
mode http
|
||||
# LE HAProxy installer should combine certs and place them here..
|
||||
# Uncomment when ready.. Needs ACL to work per site.
|
||||
bind *:443 ssl crt /etc/ssl/crt/
|
||||
|
||||
acl is_letsencrypt path_beg -i /.well-known/acme-challenge
|
||||
use_backend letsencrypt if is_letsencrypt
|
||||
acl le1-wtf hdr(host) -i le1.wtf
|
||||
acl other-site hdr(host) -i le2.wtf
|
||||
|
||||
# IF redirect is to be used, uncomment the next line
|
||||
# redirect scheme https if !{ ssl_fc } and testsite.nl
|
||||
default_backend nodes
|
||||
|
||||
backend nodes
|
||||
log global
|
||||
mode http
|
||||
option tcplog
|
||||
balance roundrobin
|
||||
option forwardfor
|
||||
option http-server-close
|
||||
option httpclose
|
||||
http-request set-header X-Forwarded-Port %[dst_port]
|
||||
http-request add-header X-Forwarded-Proto https if { ssl_fc }
|
||||
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
|
||||
server node1 127.0.0.1:8080 check
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
# Empty file to check the test_config function of the installer
|
||||
|
|
@ -26,13 +26,13 @@ common_no_force_renew() {
|
|||
certbot_test_no_force_renew \
|
||||
--authenticator certbot-haproxy:haproxy-authenticator\
|
||||
--installer certbot-haproxy:haproxy-installer\
|
||||
--certbot-haproxy:haproxy-installer-haproxy-ca-common-name \
|
||||
"h2ppy\ h2cker\ fake\ CA" \
|
||||
"$@"
|
||||
}
|
||||
|
||||
common() {
|
||||
common_no_force_renew \
|
||||
--authenticator certbot-haproxy:haproxy-authenticator\
|
||||
--installer certbot-haproxy:haproxy-installer\
|
||||
--renew-by-default \
|
||||
"$@"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ certbot_test () {
|
|||
|
||||
certbot_test_no_force_renew () {
|
||||
certbot \
|
||||
--server "${SERVER:-http://localhost:4000/directory}" \
|
||||
--server "${SERVER:-http://boulder.local:4000/directory}" \
|
||||
--no-verify-ssl \
|
||||
--tls-sni-01-port 5001 \
|
||||
--http-01-port 8000 \
|
||||
|
|
|
|||
Reference in New Issue