From 7fa4a7a5b955002dce3ff3b29997855de8270dce Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Thu, 11 Jan 2018 13:07:46 -0800 Subject: [PATCH 1/3] lint --- certbot-nginx/certbot_nginx/http_01.py | 9 --------- certbot-nginx/certbot_nginx/tests/http_01_test.py | 11 +++-------- 2 files changed, 3 insertions(+), 17 deletions(-) diff --git a/certbot-nginx/certbot_nginx/http_01.py b/certbot-nginx/certbot_nginx/http_01.py index 82acdfbe8..7cbd239cc 100644 --- a/certbot-nginx/certbot_nginx/http_01.py +++ b/certbot-nginx/certbot_nginx/http_01.py @@ -3,16 +3,10 @@ import logging import os -import six - from acme import challenges -from certbot import errors from certbot.plugins import common -from certbot_nginx import obj -from certbot_nginx import nginxparser - logger = logging.getLogger(__name__) @@ -37,9 +31,6 @@ class NginxHttp01(common.ChallengePerformer): """ - def __init__(self, configurator): - super(NginxHttp01, self).__init__(configurator) - def perform(self): """Perform a challenge on Nginx. diff --git a/certbot-nginx/certbot_nginx/tests/http_01_test.py b/certbot-nginx/certbot_nginx/tests/http_01_test.py index e8a94188f..9da57d896 100644 --- a/certbot-nginx/certbot_nginx/tests/http_01_test.py +++ b/certbot-nginx/certbot_nginx/tests/http_01_test.py @@ -8,12 +8,10 @@ import six from acme import challenges from certbot import achallenges -from certbot import errors from certbot.plugins import common_test from certbot.tests import acme_util -from certbot_nginx import obj from certbot_nginx.tests import util @@ -96,13 +94,10 @@ class HttpPerformTest(util.NginxTest): self.http01.configurator.parser.load() - http = self.http01.configurator.parser.parsed[ - self.http01.configurator.parser.config_root][-1] + # vhosts = self.http01.configurator.parser.get_vhosts() - vhosts = self.http01.configurator.parser.get_vhosts() - - for vhost in vhosts: - pass + # for vhost in vhosts: + # pass # if the name matches # check that the location block is in there and is correct From 5210588a29f2fd0c6a787e3b7b03a4a0a51693d4 Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Thu, 11 Jan 2018 13:20:14 -0800 Subject: [PATCH 2/3] fix configurator test --- certbot-nginx/certbot_nginx/tests/configurator_test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot-nginx/certbot_nginx/tests/configurator_test.py b/certbot-nginx/certbot_nginx/tests/configurator_test.py index 6af6aad82..7475df40c 100644 --- a/certbot-nginx/certbot_nginx/tests/configurator_test.py +++ b/certbot-nginx/certbot_nginx/tests/configurator_test.py @@ -290,8 +290,8 @@ class NginxConfiguratorTest(util.NginxTest): ]], parsed_migration_conf[0]) - @mock.patch("certbot_nginx.configurator.nginx_challenges.NginxTlsSni01.perform") - @mock.patch("certbot_nginx.configurator.nginx_challenges.NginxHttp01.perform") + @mock.patch("certbot_nginx.configurator.tls_sni_01.NginxTlsSni01.perform") + @mock.patch("certbot_nginx.configurator.http_01.NginxHttp01.perform") @mock.patch("certbot_nginx.configurator.NginxConfigurator.restart") @mock.patch("certbot_nginx.configurator.NginxConfigurator.revert_challenge_config") def test_perform_and_cleanup(self, mock_revert, mock_restart, mock_http_perform, From 874a4c6773c6b21b986835340f4de2e3d94be1f8 Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Thu, 11 Jan 2018 13:35:16 -0800 Subject: [PATCH 3/3] select an http block instead of https --- certbot-nginx/certbot_nginx/configurator.py | 20 ++++++++++++++++++-- certbot-nginx/certbot_nginx/http_01.py | 3 ++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/certbot-nginx/certbot_nginx/configurator.py b/certbot-nginx/certbot_nginx/configurator.py index a6157132e..f5b231ba3 100644 --- a/certbot-nginx/certbot_nginx/configurator.py +++ b/certbot-nginx/certbot_nginx/configurator.py @@ -368,7 +368,7 @@ class NginxConfigurator(common.Installer): return sorted(matches, key=lambda x: x['rank']) - def choose_redirect_vhost(self, target_name, port): + def choose_redirect_vhost(self, target_name, port, create_if_no_match=False): """Chooses a single virtual host for redirect enhancement. Chooses the vhost most closely matching target_name that is @@ -382,12 +382,28 @@ class NginxConfigurator(common.Installer): :param str target_name: domain name :param str port: port number + :param bool create_if_no_match: If we should create a new vhost from default + when there is no match found. If we can't choose a default, raise a + MisconfigurationError. + :returns: vhost associated with name :rtype: :class:`~certbot_nginx.obj.VirtualHost` """ matches = self._get_redirect_ranked_matches(target_name, port) - return self._select_best_name_match(matches) + vhost = self._select_best_name_match(matches) + if not vhost: + if create_if_no_match: + vhost = self._vhost_from_duplicated_default(target_name) + else: + # No matches. Raise a misconfiguration error. + raise errors.MisconfigurationError( + ("Cannot find a VirtualHost matching domain %s. " + "In order for Certbot to correctly perform the challenge " + "please add a corresponding server_name directive to your " + "nginx configuration: " + "https://nginx.org/en/docs/http/server_names.html") % (target_name)) + return vhost def _get_redirect_ranked_matches(self, target_name, port): """Gets a ranked list of plaintextish port-listening vhosts matching target_name diff --git a/certbot-nginx/certbot_nginx/http_01.py b/certbot-nginx/certbot_nginx/http_01.py index 7cbd239cc..4f565f2ca 100644 --- a/certbot-nginx/certbot_nginx/http_01.py +++ b/certbot-nginx/certbot_nginx/http_01.py @@ -93,7 +93,8 @@ class NginxHttp01(common.ChallengePerformer): :class:`certbot.achallenges.KeyAuthorizationAnnotatedChallenge` """ - vhost = self.configurator.choose_vhost(achall.domain, create_if_no_match=True) + vhost = self.configurator.choose_redirect_vhost(achall.domain, + self.configurator.config.http01_port, create_if_no_match=True) validation = achall.validation(achall.account_key) validation_path = self._get_validation_path(achall)