mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-06-02 10:46:09 +02:00
Test suite refactoring
As much as possible, output to stdout on error condition only in order to reduce the need for expected-std-out.txt
This commit is contained in:
parent
f8a24a6dff
commit
92cf9ff147
|
@ -248,7 +248,7 @@ while true; do
|
|||
shift
|
||||
case "$flag" in
|
||||
## Next line was modified by jrcs/docker-letsencrypt-nginx-proxy-companion
|
||||
--dry-run|-d) dryRun=1 ;;
|
||||
--dry-run|-d) dryRun=1 && export DRY_RUN=1 ;;
|
||||
--help|-h|'-?') usage && exit 0 ;;
|
||||
--test|-t) argTests["$1"]=1 && shift ;;
|
||||
--config|-c) configs+=("$(readlink -f "$1")") && shift ;;
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
Started letsencrypt container for test acme_accounts
|
||||
Started test web server for le1.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Started letsencrypt container for test acme_accounts_default
|
||||
Started test web server for le2.wtf
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
Started test web server for le3.wtf
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
|
@ -16,7 +16,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
|||
function cleanup {
|
||||
# Remove any remaining Nginx container(s) silently.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker rm --force "$domain" > /dev/null 2>&1
|
||||
docker rm --force "$domain" &> /dev/null
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
|
@ -26,12 +26,7 @@ function cleanup {
|
|||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
|
||||
run_nginx_container "${domains[0]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
@ -48,8 +43,8 @@ elif [[ "$(docker exec "$le_container_name" jq .contact "$json_file")" != '[]' ]
|
|||
fi
|
||||
|
||||
# Stop the nginx and companion containers silently.
|
||||
docker stop "${domains[0]}" > /dev/null 2>&1
|
||||
docker stop "$le_container_name" > /dev/null 2>&1
|
||||
docker stop "${domains[0]}" &> /dev/null
|
||||
docker stop "$le_container_name" &> /dev/null
|
||||
|
||||
# Run the companion container with the DEFAULT_EMAIL env var set.
|
||||
default_email="contact@${domains[1]}"
|
||||
|
@ -57,12 +52,7 @@ le_container_name="${le_container_name}_default"
|
|||
run_le_container "${1:?}" "$le_container_name" "--env DEFAULT_EMAIL=${default_email}"
|
||||
|
||||
# Run an nginx container for ${domains[1]} without LETSENCRYPT_EMAIL set.
|
||||
docker run --rm -d \
|
||||
--name "${domains[1]}" \
|
||||
-e "VIRTUAL_HOST=${domains[1]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[1]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
|
||||
run_nginx_container "${domains[1]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[1]}.crt
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
|
@ -80,13 +70,18 @@ fi
|
|||
|
||||
# Run an nginx container for ${domains[2]} with LETSENCRYPT_EMAIL set.
|
||||
container_email="contact@${domains[2]}"
|
||||
docker run --rm -d \
|
||||
if ! docker run --rm -d \
|
||||
--name "${domains[2]}" \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_EMAIL=${container_email}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
|
||||
nginx:alpine > /dev/null ; \
|
||||
then
|
||||
echo "Failed to start test web server for ${domains[2]}"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for ${domains[2]}"
|
||||
fi
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[2]}.crt
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
|
@ -103,5 +98,5 @@ elif [[ "$(docker exec "$le_container_name" jq -r '.contact|.[0]' "$json_file")"
|
|||
fi
|
||||
|
||||
# Stop the nginx containers silently.
|
||||
docker stop "${domains[1]}" > /dev/null 2>&1
|
||||
docker stop "${domains[2]}" > /dev/null 2>&1
|
||||
docker stop "${domains[1]}" &> /dev/null
|
||||
docker stop "${domains[2]}" &> /dev/null
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
Started letsencrypt container for test certs_san
|
||||
Started test web server for le1.wtf,le2.wtf,le3.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
le2.wtf is on certificate.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
le3.wtf is on certificate.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
||||
Started test web server for le2.wtf, le3.wtf, le1.wtf
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
le2.wtf is on certificate.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
le3.wtf is on certificate.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
||||
Started test web server for le3.wtf, le1.wtf, le2.wtf,
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
le2.wtf is on certificate.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
le3.wtf is on certificate.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
||||
Started test web server for le1.wtf.,le3.wtf.,le2.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
le2.wtf is on certificate.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
le3.wtf is on certificate.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
|
@ -17,7 +17,7 @@ function cleanup {
|
|||
# Remove any remaining Nginx container(s) silently.
|
||||
i=1
|
||||
for hosts in "${letsencrypt_hosts[@]}"; do
|
||||
docker rm --force "test$i" > /dev/null 2>&1
|
||||
docker rm --force "test$i" &> /dev/null
|
||||
i=$(( i + 1 ))
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
|
@ -46,16 +46,11 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
container="test$i"
|
||||
|
||||
# Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
|
||||
docker run --rm -d \
|
||||
--name "$container" \
|
||||
-e "VIRTUAL_HOST=${TEST_DOMAINS}" \
|
||||
-e "LETSENCRYPT_HOST=${hosts}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for $hosts"
|
||||
run_nginx_container "$hosts" "$container"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/$base_domain.crt
|
||||
# then grab the certificate in text form ...
|
||||
wait_for_symlink "$base_domain" "$le_container_name"
|
||||
wait_for_symlink "$base_domain" "$le_container_name" "./${base_domain}/fullchain.pem"
|
||||
created_cert="$(docker exec "$le_container_name" \
|
||||
openssl x509 -in "/etc/nginx/certs/${base_domain}/cert.pem" -text -noout)"
|
||||
# ... as well as the certificate fingerprint.
|
||||
|
@ -66,10 +61,10 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
## For all the domains in the $domains array ...
|
||||
|
||||
# Check if the domain is on the certificate.
|
||||
if grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "$domain is on certificate."
|
||||
else
|
||||
if ! grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "$domain did not appear on certificate."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "$domain is on certificate."
|
||||
fi
|
||||
|
||||
# Wait for a connection to https://domain then grab the served certificate in text form.
|
||||
|
@ -88,12 +83,12 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
| openssl x509 -text -noout \
|
||||
| sed 's/ = /=/g' )"
|
||||
diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
|
||||
else
|
||||
echo "The correct certificate for $domain was served by Nginx."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "The correct certificate for $domain was served by Nginx."
|
||||
fi
|
||||
done
|
||||
|
||||
docker stop "$container" > /dev/null 2>&1
|
||||
docker stop "$container" &> /dev/null
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
i=$(( i + 1 ))
|
||||
|
||||
|
|
|
@ -1,19 +0,0 @@
|
|||
Started letsencrypt container for test certs_single
|
||||
Started test web server for le1.wtf
|
||||
Started test web server for le2.wtf
|
||||
Started test web server for le3.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Domain le1.wtf is on certificate.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
Domain le2.wtf is on certificate.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
Domain le3.wtf is on certificate.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
|
@ -16,7 +16,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
|||
function cleanup {
|
||||
# Remove any remaining Nginx container(s) silently.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker rm --force "$domain" > /dev/null 2>&1
|
||||
docker rm --force "$domain" &> /dev/null
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
|
@ -28,19 +28,14 @@ trap cleanup EXIT
|
|||
# Run a separate nginx container for each domain in the $domains array.
|
||||
# Start all the containers in a row so that docker-gen debounce timers fire only once.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker run --rm -d \
|
||||
--name "$domain" \
|
||||
-e "VIRTUAL_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_HOST=${domain}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for $domain"
|
||||
run_nginx_container "$domain"
|
||||
done
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/$domain.crt
|
||||
# then grab the certificate in text form from the file ...
|
||||
wait_for_symlink "$domain" "$le_container_name"
|
||||
wait_for_symlink "$domain" "$le_container_name" "./${domain}/fullchain.pem"
|
||||
created_cert="$(docker exec "$le_container_name" \
|
||||
openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -text -noout)"
|
||||
# ... as well as the certificate fingerprint.
|
||||
|
@ -48,10 +43,10 @@ for domain in "${domains[@]}"; do
|
|||
openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -fingerprint -noout)"
|
||||
|
||||
# Check if the domain is on the certificate.
|
||||
if grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "Domain $domain is on certificate."
|
||||
else
|
||||
if ! grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "Domain $domain isn't on certificate."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Domain $domain is on certificate."
|
||||
fi
|
||||
|
||||
# Wait for a connection to https://domain then grab the served certificate fingerprint.
|
||||
|
@ -69,7 +64,7 @@ for domain in "${domains[@]}"; do
|
|||
| openssl x509 -text -noout \
|
||||
| sed 's/ = /=/g' )"
|
||||
diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
|
||||
else
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "The correct certificate for $domain was served by Nginx."
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,67 +0,0 @@
|
|||
Started letsencrypt container for test certs_single_domain
|
||||
Started test web server for le1.wtf,le2.wtf,le3.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
le2.wtf did not appear on certificate for le1.wtf.
|
||||
le3.wtf did not appear on certificate for le1.wtf.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
le2.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le2.wtf.
|
||||
le3.wtf did not appear on certificate for le2.wtf.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
le3.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le3.wtf.
|
||||
le2.wtf did not appear on certificate for le3.wtf.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
||||
Started test web server for le2.wtf, le3.wtf, le1.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
le2.wtf did not appear on certificate for le1.wtf.
|
||||
le3.wtf did not appear on certificate for le1.wtf.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
le2.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le2.wtf.
|
||||
le3.wtf did not appear on certificate for le2.wtf.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
le3.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le3.wtf.
|
||||
le2.wtf did not appear on certificate for le3.wtf.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
||||
Started test web server for le3.wtf, le1.wtf, le2.wtf,
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
le1.wtf is on certificate.
|
||||
le2.wtf did not appear on certificate for le1.wtf.
|
||||
le3.wtf did not appear on certificate for le1.wtf.
|
||||
Connection to le1.wtf using https was successful.
|
||||
The correct certificate for le1.wtf was served by Nginx.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
le2.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le2.wtf.
|
||||
le3.wtf did not appear on certificate for le2.wtf.
|
||||
Connection to le2.wtf using https was successful.
|
||||
The correct certificate for le2.wtf was served by Nginx.
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
le3.wtf is on certificate.
|
||||
le1.wtf did not appear on certificate for le3.wtf.
|
||||
le2.wtf did not appear on certificate for le3.wtf.
|
||||
Connection to le3.wtf using https was successful.
|
||||
The correct certificate for le3.wtf was served by Nginx.
|
|
@ -17,7 +17,7 @@ function cleanup {
|
|||
# Remove any remaining Nginx container(s) silently.
|
||||
i=1
|
||||
for hosts in "${letsencrypt_hosts[@]}"; do
|
||||
docker rm --force "test$i" > /dev/null 2>&1
|
||||
docker rm --force "test$i" &> /dev/null
|
||||
i=$(( i + 1 ))
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
|
@ -42,17 +42,22 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
container="test$i"
|
||||
|
||||
# Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
|
||||
docker run --rm -d \
|
||||
if ! docker run --rm -d \
|
||||
--name "$container" \
|
||||
-e "VIRTUAL_HOST=${TEST_DOMAINS}" \
|
||||
-e "LETSENCRYPT_HOST=${hosts}" \
|
||||
-e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for $hosts"
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for $hosts"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for $hosts"
|
||||
fi
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
## For all the domains in the $domains array ...
|
||||
wait_for_symlink "${domain}" "$le_container_name"
|
||||
wait_for_symlink "${domain}" "$le_container_name" "./${domain}/fullchain.pem"
|
||||
created_cert="$(docker exec "$le_container_name" \
|
||||
openssl x509 -in "/etc/nginx/certs/${domain}/cert.pem" -text -noout)"
|
||||
# ... as well as the certificate fingerprint.
|
||||
|
@ -61,12 +66,14 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
|
||||
# Check if the domain is on the certificate.
|
||||
if grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "$domain is on certificate."
|
||||
if [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "$domain is on certificate."
|
||||
fi
|
||||
for otherdomain in "${domains[@]}"; do
|
||||
if [ "$domain" != "$otherdomain" ]; then
|
||||
if grep -q "$otherdomain" <<< "$created_cert"; then
|
||||
echo "$otherdomain is on certificate for $domain, but it must not!"
|
||||
else
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "$otherdomain did not appear on certificate for $domain."
|
||||
fi
|
||||
fi
|
||||
|
@ -91,12 +98,12 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
|||
| openssl x509 -text -noout \
|
||||
| sed 's/ = /=/g' )"
|
||||
diff -u <(echo "${created_cert// = /=}") <(echo "$served_cert")
|
||||
else
|
||||
echo "The correct certificate for $domain was served by Nginx."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "The correct certificate for $domain was served by Nginx."
|
||||
fi
|
||||
done
|
||||
|
||||
docker stop "$container" > /dev/null 2>&1
|
||||
docker stop "$container" &> /dev/null
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
i=$(( i + 1 ))
|
||||
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
Started test web server for sub.le1.wtf
|
||||
Started letsencrypt container for test certs_standalone
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Domain le1.wtf is on certificate.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
Domain le2.wtf is on certificate.
|
||||
Domain le3.wtf is on certificate.
|
|
@ -15,7 +15,7 @@ subdomain="sub.${domains[0]}"
|
|||
# Cleanup function with EXIT trap
|
||||
function cleanup {
|
||||
# Remove the Nginx container silently.
|
||||
docker rm --force "$subdomain" > /dev/null 2>&1
|
||||
docker rm --force "$subdomain" &> /dev/null
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
# Stop the LE container
|
||||
|
@ -31,11 +31,16 @@ EOF
|
|||
|
||||
# Run an nginx container with a VIRTUAL_HOST set to a subdomain of ${domains[0]} in order to check for
|
||||
# this regression : https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion/issues/674
|
||||
docker run --rm -d \
|
||||
if ! docker run --rm -d \
|
||||
--name "$subdomain" \
|
||||
-e "VIRTUAL_HOST=$subdomain" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for $subdomain"
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for $subdomain"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for $subdomain"
|
||||
fi
|
||||
|
||||
run_le_container "${1:?}" "$le_container_name" \
|
||||
"--volume ${TRAVIS_BUILD_DIR}/test/tests/certs_standalone/letsencrypt_user_data:/app/letsencrypt_user_data"
|
||||
|
@ -50,10 +55,10 @@ created_cert="$(docker exec "$le_container_name" \
|
|||
openssl x509 -in "/etc/nginx/certs/${domains[0]}/cert.pem" -text -noout)"
|
||||
|
||||
# Check if the domain is on the certificate.
|
||||
if grep -q "${domains[0]}" <<< "$created_cert"; then
|
||||
echo "Domain ${domains[0]} is on certificate."
|
||||
else
|
||||
if ! grep -q "${domains[0]}" <<< "$created_cert"; then
|
||||
echo "Domain ${domains[0]} did not appear on certificate."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Domain ${domains[0]} is on certificate."
|
||||
fi
|
||||
|
||||
docker exec "$le_container_name" bash -c "[[ -f /etc/nginx/conf.d/standalone-cert-${domains[0]}.conf ]]" \
|
||||
|
@ -82,10 +87,10 @@ created_cert="$(docker exec "$le_container_name" \
|
|||
|
||||
for domain in "${domains[1]}" "${domains[2]}"; do
|
||||
# Check if the domain is on the certificate.
|
||||
if grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "Domain $domain is on certificate."
|
||||
else
|
||||
if ! grep -q "$domain" <<< "$created_cert"; then
|
||||
echo "Domain $domain did not appear on certificate."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Domain $domain is on certificate."
|
||||
fi
|
||||
done
|
||||
|
||||
|
|
|
@ -1,7 +1,3 @@
|
|||
Started letsencrypt container for test container_restart
|
||||
Started test web server for le1.wtf
|
||||
Started test web server for le2.wtf
|
||||
Started test web server for le3.wtf
|
||||
Container le1.wtf restarted
|
||||
Container le2.wtf restarted
|
||||
Container le3.wtf restarted
|
||||
|
|
|
@ -26,7 +26,7 @@ function cleanup {
|
|||
rm -f "${TRAVIS_BUILD_DIR}/test/tests/container_restart/docker_event_out.txt"
|
||||
# Remove any remaining Nginx container(s) silently.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker rm --force "$domain" > /dev/null 2>&1
|
||||
docker rm --force "$domain" &> /dev/null
|
||||
done
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
|
@ -38,13 +38,18 @@ trap cleanup EXIT
|
|||
# Run a separate nginx container for each domain in the $domains array.
|
||||
# Start all the containers in a row so that docker-gen debounce timers fire only once.
|
||||
for domain in "${domains[@]}"; do
|
||||
docker run --rm -d \
|
||||
if docker run --rm -d \
|
||||
--name "$domain" \
|
||||
-e "VIRTUAL_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_RESTART_CONTAINER=true" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for $domain"
|
||||
nginx:alpine > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"
|
||||
else
|
||||
echo "Could not start test web server for $domain"
|
||||
fi
|
||||
done
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
Started letsencrypt container for test default_cert
|
||||
Connection to le1.wtf using https was successful.
|
||||
Connection to le2.wtf using https was successful.
|
||||
Connection to le3.wtf using https was successful.
|
||||
Connection to le1.wtf using https was successful.
|
||||
Connection to le2.wtf using https was successful.
|
||||
Connection to le3.wtf using https was successful.
|
|
@ -77,7 +77,7 @@ docker exec "$le_container_name" openssl req -x509 \
|
|||
-newkey rsa:4096 -sha256 -nodes -days 60 \
|
||||
-subj "/CN=letsencrypt-nginx-proxy-companion" \
|
||||
-keyout /etc/nginx/certs/default.key \
|
||||
-out /etc/nginx/certs/default.crt > /dev/null 2>&1
|
||||
-out /etc/nginx/certs/default.crt &> /dev/null
|
||||
old_default_cert_fingerprint="$(default_cert_fingerprint)"
|
||||
docker restart "$le_container_name" > /dev/null && sleep 5
|
||||
timeout="$(date +%s)"
|
||||
|
@ -96,7 +96,7 @@ docker exec "$le_container_name" openssl req -x509 \
|
|||
-newkey rsa:4096 -sha256 -nodes -days 60 \
|
||||
-subj "/CN=$user_cn" \
|
||||
-keyout /etc/nginx/certs/default.key \
|
||||
-out /etc/nginx/certs/default.crt > /dev/null 2>&1
|
||||
-out /etc/nginx/certs/default.crt &> /dev/null
|
||||
docker restart "$le_container_name" > /dev/null
|
||||
|
||||
# Connection test to unconfigured domains
|
||||
|
|
|
@ -20,7 +20,7 @@ case $SETUP in
|
|||
"$nginx_vol" \
|
||||
"$nginx_env" \
|
||||
"$nginx_lbl" \
|
||||
> /dev/null 2>&1
|
||||
&> /dev/null
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
|
@ -100,7 +100,7 @@ EOF
|
|||
"$nginx_lbl" \
|
||||
"$docker_gen" \
|
||||
"$docker_gen_lbl" \
|
||||
> /dev/null 2>&1
|
||||
&> /dev/null
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
Started letsencrypt container for test force_renew
|
||||
Started test web server for le1.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Certificate for le1.wtf was correctly renewed.
|
|
@ -15,7 +15,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
|||
# Cleanup function with EXIT trap
|
||||
function cleanup {
|
||||
# Remove the Nginx container silently.
|
||||
docker rm --force "${domains[0]}" > /dev/null 2>&1
|
||||
docker rm --force "${domains[0]}" &> /dev/null
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
# Stop the LE container
|
||||
|
@ -24,12 +24,7 @@ function cleanup {
|
|||
trap cleanup EXIT
|
||||
|
||||
# Run a nginx container for ${domains[0]}.
|
||||
docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
|
||||
run_nginx_container "${domains[0]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
|
||||
# Grab the expiration time of the certificate
|
||||
|
@ -41,13 +36,13 @@ sleep 5
|
|||
|
||||
# Issue a forced renewal
|
||||
# Grab the expiration time of the renewed certificate
|
||||
docker exec "$le_container_name" /app/force_renew > /dev/null 2>&1
|
||||
docker exec "$le_container_name" /app/force_renew &> /dev/null
|
||||
second_cert_expire="$(get_cert_expiration_epoch "${domains[0]}" "$le_container_name")"
|
||||
|
||||
if [[ $second_cert_expire -gt $first_cert_expire ]]; then
|
||||
echo "Certificate for ${domains[0]} was correctly renewed."
|
||||
else
|
||||
if ! [[ $second_cert_expire -gt $first_cert_expire ]]; then
|
||||
echo "Certificate for ${domains[0]} was not correctly renewed."
|
||||
echo "First certificate expiration epoch : $first_cert_expire."
|
||||
echo "Second certificate expiration epoch : $second_cert_expire."
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Certificate for ${domains[0]} was correctly renewed."
|
||||
fi
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
Started letsencrypt container for test location_config
|
||||
*.bar.baz.example.com
|
||||
*.baz.example.com
|
||||
*.example.com
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
Started letsencrypt container for test permissions_custom
|
||||
Started test web server for le1.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
|
@ -21,7 +21,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
|||
# Cleanup function with EXIT trap
|
||||
function cleanup {
|
||||
# Remove the ${domains[0]} Nginx container silently.
|
||||
docker rm --force "${domains[0]}" > /dev/null 2>&1
|
||||
docker rm --force "${domains[0]}" &> /dev/null
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
# Stop the LE container
|
||||
|
@ -30,11 +30,7 @@ function cleanup {
|
|||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
|
||||
run_nginx_container "${domains[0]}"
|
||||
|
||||
# Wait for the cert symlink.
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
Started letsencrypt container for test permissions_default
|
||||
Started test web server for le1.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
|
@ -15,7 +15,7 @@ IFS=',' read -r -a domains <<< "$TEST_DOMAINS"
|
|||
# Cleanup function with EXIT trap
|
||||
function cleanup {
|
||||
# Remove the ${domains[0]} Nginx container silently.
|
||||
docker rm --force "${domains[0]}" > /dev/null 2>&1
|
||||
docker rm --force "${domains[0]}" &> /dev/null
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
# Stop the LE container
|
||||
|
@ -24,11 +24,7 @@ function cleanup {
|
|||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]}"
|
||||
run_nginx_container "${domains[0]}"
|
||||
|
||||
# Wait for the cert symlink.
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
|
|
@ -1,29 +1 @@
|
|||
Started letsencrypt container for test symlinks
|
||||
Started test web server for le1.wtf,le2.wtf
|
||||
Started test web server for le3.wtf
|
||||
Symlink to le1.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
Symlink to le1.wtf certificate has been removed.
|
||||
Symlink to le2.wtf certificate has been removed.
|
||||
Symlink to le3.wtf certificate has been removed.
|
||||
Restarted test web server for le3.wtf
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le3.wtf/fullchain.pem
|
||||
Symlink to le3.wtf certificate has been removed.
|
||||
Started test web server for le1.wtf,le2.wtf,le3.wtf
|
||||
Symlink to le3.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le1.wtf/fullchain.pem
|
||||
Symlink to le1.wtf certificate has been removed.
|
||||
Symlink to le2.wtf certificate has been removed.
|
||||
Symlink to le3.wtf certificate has been removed.
|
||||
Started test web server for le2.wtf
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
Started test web server for lim.it,le2.wtf
|
||||
Symlink for lim.it certificate was not generated under one minute, timing out.
|
||||
Symlink to le2.wtf certificate has been generated.
|
||||
The link is pointing to the file ./le2.wtf/fullchain.pem
|
||||
|
|
|
@ -21,7 +21,7 @@ function cleanup {
|
|||
symlink-le2 \
|
||||
symlink-le3 \
|
||||
symlink-lim-le2 \
|
||||
> /dev/null 2>&1
|
||||
&> /dev/null
|
||||
# Cleanup the files created by this run of the test to avoid foiling following test(s).
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/le?.wtf* && rm -rf /etc/acme.sh/default/le?.wtf*'
|
||||
docker exec "$le_container_name" bash -c 'rm -rf /etc/nginx/certs/lim.it* && rm -rf /etc/acme.sh/default/lim.it*'
|
||||
|
@ -31,25 +31,15 @@ function cleanup {
|
|||
trap cleanup EXIT
|
||||
|
||||
# Run a nginx container for the firs two domain in the $domains array ...
|
||||
docker run --rm -d \
|
||||
--name "symlink-le1-le2" \
|
||||
-e "VIRTUAL_HOST=${domains[0]},${domains[1]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]},${domains[1]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]},${domains[1]}"
|
||||
run_nginx_container "${domains[0]},${domains[1]}" "symlink-le1-le2"
|
||||
|
||||
# ... plus another nginx container for the third domain.
|
||||
docker run --rm -d \
|
||||
--name "symlink-le3" \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[2]}"
|
||||
run_nginx_container "${domains[2]}" "symlink-le3"
|
||||
|
||||
# Wait for a file at /etc/nginx/certs/$domain/cert.pem
|
||||
for domain in "${domains[@]}"; do
|
||||
wait_for_symlink "$domain" "$le_container_name"
|
||||
done
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"
|
||||
|
||||
# Create a fake le4.wtf custom certificate and key
|
||||
docker exec "$le_container_name" mkdir -p /etc/nginx/certs/le4.wtf
|
||||
|
@ -76,28 +66,18 @@ wait_for_symlink_rm "${domains[2]}" "$le_container_name"
|
|||
|
||||
# Start the nginx containers for ${domains[2]} again,
|
||||
# and check if the corresponding symlink is re-created.
|
||||
docker run --rm -d \
|
||||
--name "symlink-le3" \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Restarted test web server for ${domains[2]}"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
run_nginx_container "${domains[2]}" "symlink-le3"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"
|
||||
|
||||
# Stop the nginx containers for ${domains[2]} silently and wait for symlink removal.
|
||||
docker stop "symlink-le3" > /dev/null
|
||||
wait_for_symlink_rm "${domains[2]}" "$le_container_name"
|
||||
|
||||
# Move ${domains[2]} to a san certificate with ${domains[0]} and ${domains[1]}
|
||||
docker run --rm -d \
|
||||
--name "symlink-le1-le2-le3" \
|
||||
-e "VIRTUAL_HOST=${domains[0]},${domains[1]},${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]},${domains[1]},${domains[2]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[0]},${domains[1]},${domains[2]}"
|
||||
run_nginx_container "${domains[0]},${domains[1]},${domains[2]}" "symlink-le1-le2-le3"
|
||||
|
||||
# Check where the symlink points (should be ./le1.wtf/fullchain.pem)
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
|
||||
|
||||
# Stop the nginx container silently.
|
||||
docker stop "symlink-le1-le2-le3" > /dev/null
|
||||
|
@ -108,12 +88,7 @@ for domain in "${domains[@]}"; do
|
|||
done
|
||||
|
||||
# Move ${domains[1]} to a new single domain certificate
|
||||
docker run --rm -d \
|
||||
--name "symlink-le2" \
|
||||
-e "VIRTUAL_HOST=${domains[1]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[1]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for ${domains[1]}"
|
||||
run_nginx_container "${domains[1]}" "symlink-le2"
|
||||
|
||||
# Check where the symlink points (should be ./le2.wtf/fullchain.pem)
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
|
@ -121,17 +96,12 @@ wait_for_symlink "${domains[1]}" "$le_container_name"
|
|||
# Stop the nginx container silently and try to put ${domains[1]} on a
|
||||
# san certificate whose authorization will fail.
|
||||
docker stop "symlink-le2" > /dev/null
|
||||
docker run --rm -d \
|
||||
--name "symlink-lim-le2" \
|
||||
-e "VIRTUAL_HOST=lim.it,${domains[1]}" \
|
||||
-e "LETSENCRYPT_HOST=lim.it,${domains[1]}" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null && echo "Started test web server for lim.it,${domains[1]}"
|
||||
run_nginx_container "lim.it,${domains[1]}" "symlink-lim-le2"
|
||||
|
||||
# The symlink creation for lim.it should time out, and the ${domains[1]}
|
||||
# symlink should still point to ./le2.wtf/fullchain.pem
|
||||
wait_for_symlink "lim.it" "$le_container_name"
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain.pem"
|
||||
|
||||
# Aaaaaand stop the container.
|
||||
docker stop "symlink-lim-le2" > /dev/null
|
||||
|
|
|
@ -17,7 +17,7 @@ function run_le_container {
|
|||
if [[ "$SETUP" == '3containers' ]]; then
|
||||
cli_args+=" --env NGINX_DOCKER_GEN_CONTAINER=$DOCKER_GEN_CONTAINER_NAME"
|
||||
fi
|
||||
docker run -d \
|
||||
if docker run -d \
|
||||
--name "$name" \
|
||||
--volumes-from "$NGINX_CONTAINER_NAME" \
|
||||
--volume /var/run/docker.sock:/var/run/docker.sock:ro \
|
||||
|
@ -27,10 +27,39 @@ function run_le_container {
|
|||
--env "ACME_CA_URI=http://boulder:4001/directory" \
|
||||
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.test_suite \
|
||||
--network boulder_bluenet \
|
||||
"$image" > /dev/null && echo "Started letsencrypt container for test ${name%%_2*}"
|
||||
"$image" > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started letsencrypt container for test ${name%%_2*}"
|
||||
else
|
||||
echo "Could not start letsencrypt container for test ${name%%_2*}"
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
export -f run_le_container
|
||||
|
||||
# Run an nginx container
|
||||
function run_nginx_container {
|
||||
local le_host="${1:?}"
|
||||
local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
|
||||
local container_name="${2:-$virtual_host}"
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
|
||||
if docker run --rm -d \
|
||||
--name "$container_name" \
|
||||
-e "VIRTUAL_HOST=$virtual_host" \
|
||||
-e "LETSENCRYPT_HOST=$le_host" \
|
||||
--network boulder_bluenet \
|
||||
nginx:alpine > /dev/null ; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."
|
||||
else
|
||||
echo "Failed to start test web server for $le_host"
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
export -f run_nginx_container
|
||||
|
||||
|
||||
# Wait for the /etc/nginx/conf.d/standalone-cert-$1.conf file to exist inside container $2
|
||||
function wait_for_standalone_conf {
|
||||
|
@ -55,6 +84,7 @@ export -f wait_for_standalone_conf
|
|||
function wait_for_symlink {
|
||||
local domain="${1:?}"
|
||||
local name="${2:?}"
|
||||
local expected_target="${3:-}"
|
||||
local timeout
|
||||
timeout="$(date +%s)"
|
||||
timeout="$((timeout + 60))"
|
||||
|
@ -66,9 +96,17 @@ function wait_for_symlink {
|
|||
fi
|
||||
sleep 0.1
|
||||
done
|
||||
target="$(docker exec "$name" readlink "/etc/nginx/certs/$domain.crt")"
|
||||
echo "Symlink to $domain certificate has been generated."
|
||||
echo "The link is pointing to the file $target"
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Symlink to $domain certificate has been generated."
|
||||
if [[ -n "$expected_target" ]]; then
|
||||
target="$(docker exec "$name" readlink "/etc/nginx/certs/$domain.crt")"
|
||||
if [[ "$target" != "$expected_target" ]]; then
|
||||
echo "The symlink to the $domain certificate is expected to point to $expected_target but point to $target instead."
|
||||
return 1
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "The symlink is pointing to the file $target"
|
||||
fi
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
export -f wait_for_symlink
|
||||
|
||||
|
@ -87,7 +125,8 @@ function wait_for_symlink_rm {
|
|||
fi
|
||||
sleep 0.1
|
||||
done
|
||||
echo "Symlink to $domain certificate has been removed."
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Symlink to $domain certificate has been removed."
|
||||
return 0
|
||||
}
|
||||
export -f wait_for_symlink_rm
|
||||
|
||||
|
@ -129,7 +168,7 @@ function check_cert_subj {
|
|||
esac
|
||||
done
|
||||
|
||||
if curl -k https://"$domain" > /dev/null 2>&1; then
|
||||
if curl -k https://"$domain" &> /dev/null; then
|
||||
local cert_subject
|
||||
cert_subject="$(echo \
|
||||
| openssl s_client -showcerts -servername "$domain" -connect "$domain:443" 2>/dev/null \
|
||||
|
@ -197,7 +236,8 @@ function wait_for_conn {
|
|||
fi
|
||||
sleep 0.1
|
||||
done
|
||||
echo "Connection to $domain using https was successful."
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Connection to $domain using https was successful."
|
||||
return 0
|
||||
}
|
||||
export -f wait_for_conn
|
||||
|
||||
|
|
Loading…
Reference in New Issue