upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-04 22:33:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Merge remote-tracking branch 'origin/master' into multi-topic-help

Browse source
This commit is contained in:
Peter Eckersley 2016-07-20 16:56:23 -07:00
commit a49d26f607
248 changed files with 9389 additions and 121 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

98
certbot-apache/certbot_apache/configurator.py
View file

@ -18,6 +18,7 @@ from certbot import interfaces
from certbot import util
from certbot.plugins import common
from certbot.plugins.util import path_surgery
from certbot_apache import augeas_configurator
from certbot_apache import constants
@ -141,6 +142,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
return os.path.join(self.config.config_dir,
constants.MOD_SSL_CONF_DEST)
def prepare(self):
"""Prepare the authenticator/installer.
@ -159,8 +161,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
# Verify Apache is installed
restart_cmd = constants.os_constant("restart_cmd")[0]
if not util.exe_exists(restart_cmd):
raise errors.NoInstallationError(
'Cannot find Apache install ({0} not in PATH)'.format(restart_cmd))
if not path_surgery(restart_cmd):
raise errors.NoInstallationError(
'Cannot find Apache control command {0}'.format(restart_cmd))
# Make sure configuration is valid
self.config_test()
@ -516,7 +519,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
"""
addrs = set()
args = self.aug.match(path + "/arg")
try:
args = self.aug.match(path + "/arg")
except RuntimeError:
logger.warn("Encountered a problem while parsing file: %s, skipping", path)
return None
for arg in args:
addrs.add(obj.Addr.fromstring(self.parser.get_arg(arg)))
is_ssl = False
@ -530,7 +537,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
if addr.get_port() == "443":
is_ssl = True
filename = get_file_path(path)
filename = get_file_path(self.aug.get("/augeas/files%s/path" % get_file_path(path)))
if self.conf("handle-sites"):
is_enabled = self.is_site_enabled(filename)
else:
@ -564,6 +571,8 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
os.path.basename(path) == "VirtualHost"]
for path in paths:
new_vhost = self._create_vhost(path)
if not new_vhost:
continue
realpath = os.path.realpath(new_vhost.filep)
if realpath not in vhost_paths.keys():
vhs.append(new_vhost)
@ -777,7 +786,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
self.aug.load()
# Get Vhost augeas path for new vhost
vh_p = self.aug.match("/files%s//* [label()=~regexp('%s')]" %
(ssl_fp, parser.case_i("VirtualHost")))
(self._escape(ssl_fp), parser.case_i("VirtualHost")))
if len(vh_p) != 1:
logger.error("Error: should only be one vhost in %s", avail_fp)
raise errors.PluginError("Currently, we only support "
@ -821,7 +830,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
else:
return non_ssl_vh_fp + self.conf("le_vhost_ext")
def _sift_line(self, line):
def _sift_rewrite_rule(self, line):
"""Decides whether a line should be copied to a SSL vhost.
A canonical example of when sifting a line is required:
@ -872,18 +881,62 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
with open(avail_fp, "r") as orig_file:
with open(ssl_fp, "w") as new_file:
new_file.write("<IfModule mod_ssl.c>\n")
comment = ("# Some rewrite rules in this file were "
"disabled on your HTTPS site,\n"
"# because they have the potential to create "
"redirection loops.\n")
for line in orig_file:
if self._sift_line(line):
A = line.lstrip().startswith("RewriteCond")
B = line.lstrip().startswith("RewriteRule")
if not (A or B):
new_file.write(line)
continue
# A RewriteRule that doesn't need filtering
if B and not self._sift_rewrite_rule(line):
new_file.write(line)
continue
# A RewriteRule that does need filtering
if B and self._sift_rewrite_rule(line):
if not sift:
new_file.write(
"# Some rewrite rules in this file were "
"were disabled on your HTTPS site,\n"
"# because they have the potential to "
"create redirection loops.\n")
new_file.write(comment)
sift = True
new_file.write("# " + line)
else:
new_file.write(line)
continue
# We save RewriteCond(s) and their corresponding
# RewriteRule in 'chunk'.
# We then decide whether we comment out the entire
# chunk based on its RewriteRule.
chunk = []
if A:
chunk.append(line)
line = next(orig_file)
# RewriteCond(s) must be followed by one RewriteRule
while not line.lstrip().startswith("RewriteRule"):
chunk.append(line)
line = next(orig_file)
# Now, current line must start with a RewriteRule
chunk.append(line)
if self._sift_rewrite_rule(line):
if not sift:
new_file.write(comment)
sift = True
new_file.write(''.join(
['# ' + l for l in chunk]))
continue
else:
new_file.write(''.join(chunk))
continue
new_file.write("</IfModule>\n")
except IOError:
logger.fatal("Error writing/reading to file in make_vhost_ssl")
@ -943,7 +996,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
self.parser.add_dir(vh_path, "Include", self.mod_ssl_conf)
def _add_servername_alias(self, target_name, vhost):
fp = vhost.filep
fp = self._escape(vhost.filep)
vh_p = self.aug.match("/files%s//* [label()=~regexp('%s')]" %
(fp, parser.case_i("VirtualHost")))
if not vh_p:
@ -996,6 +1049,17 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
if need_to_save:
self.save()
def _escape(self, fp):
fp = fp.replace(",", "\\,")
fp = fp.replace("[", "\\[")
fp = fp.replace("]", "\\]")
fp = fp.replace("|", "\\|")
fp = fp.replace("=", "\\=")
fp = fp.replace("(", "\\(")
fp = fp.replace(")", "\\)")
fp = fp.replace("!", "\\!")
return fp
######################################################################
# Enhancements
######################################################################
@ -1068,7 +1132,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
if not use_stapling_aug_path:
self.parser.add_dir(ssl_vhost.path, "SSLUseStapling", "on")
ssl_vhost_aug_path = parser.get_aug_path(ssl_vhost.filep)
ssl_vhost_aug_path = self._escape(parser.get_aug_path(ssl_vhost.filep))
# Check if there's an existing SSLStaplingCache directive.
stapling_cache_aug_path = self.parser.find_dir('SSLStaplingCache',
@ -1325,7 +1389,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
self.aug.load()
# Make a new vhost data structure and add it to the lists
new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath))
new_vhost = self._create_vhost(parser.get_aug_path(self._escape(redirect_filepath)))
self.vhosts.append(new_vhost)
self._enhanced_vhosts["redirect"].add(new_vhost)

120
certbot-apache/certbot_apache/tests/configurator_test.py
View file

@ -1,4 +1,4 @@
# pylint: disable=too-many-public-methods
# pylint: disable=too-many-public-methods,too-many-lines
"""Test for certbot_apache.configurator."""
import os
import shutil
@ -49,11 +49,14 @@ class MultipleVhostsTest(util.ApacheTest):
shutil.rmtree(self.config_dir)
shutil.rmtree(self.work_dir)
@mock.patch("certbot_apache.configurator.util.exe_exists")
def test_prepare_no_install(self, mock_exe_exists):
mock_exe_exists.return_value = False
self.assertRaises(
errors.NoInstallationError, self.config.prepare)
@mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas")
@mock.patch("certbot_apache.configurator.path_surgery")
def test_prepare_no_install(self, mock_surgery, _init_augeas):
silly_path = {"PATH": "/tmp/nothingness2342"}
mock_surgery.return_value = False
with mock.patch.dict('os.environ', silly_path):
self.assertRaises(errors.NoInstallationError, self.config.prepare)
self.assertEquals(mock_surgery.call_count, 1)
@mock.patch("certbot_apache.augeas_configurator.AugeasConfigurator.init_augeas")
def test_prepare_no_augeas(self, mock_init_augeas):
@ -86,6 +89,7 @@ class MultipleVhostsTest(util.ApacheTest):
self.assertRaises(
errors.NotSupportedError, self.config.prepare)
def test_add_parser_arguments(self): # pylint: disable=no-self-use
from certbot_apache.configurator import ApacheConfigurator
# Weak test..
@ -1110,16 +1114,19 @@ class MultipleVhostsTest(util.ApacheTest):
self.config._enable_redirect(self.vh_truth[1], "")
self.assertEqual(len(self.config.vhosts), 9)
def test_sift_line(self):
def test_sift_rewrite_rule(self):
# pylint: disable=protected-access
small_quoted_target = "RewriteRule ^ \"http://\""
self.assertFalse(self.config._sift_line(small_quoted_target))
self.assertFalse(self.config._sift_rewrite_rule(small_quoted_target))
https_target = "RewriteRule ^ https://satoshi"
self.assertTrue(self.config._sift_line(https_target))
self.assertTrue(self.config._sift_rewrite_rule(https_target))
normal_target = "RewriteRule ^/(.*) http://www.a.com:1234/$1 [L,R]"
self.assertFalse(self.config._sift_line(normal_target))
self.assertFalse(self.config._sift_rewrite_rule(normal_target))
not_rewriterule = "NotRewriteRule ^ ..."
self.assertFalse(self.config._sift_rewrite_rule(not_rewriterule))
@mock.patch("certbot_apache.configurator.zope.component.getUtility")
def test_make_vhost_ssl_with_existing_rewrite_rule(self, mock_get_utility):
@ -1148,7 +1155,61 @@ class MultipleVhostsTest(util.ApacheTest):
"[L,QSA,R=permanent]")
self.assertTrue(commented_rewrite_rule in conf_text)
mock_get_utility().add_message.assert_called_once_with(mock.ANY,
mock.ANY)
@mock.patch("certbot_apache.configurator.zope.component.getUtility")
def test_make_vhost_ssl_with_existing_rewrite_conds(self, mock_get_utility):
self.config.parser.modules.add("rewrite_module")
http_vhost = self.vh_truth[0]
self.config.parser.add_dir(
http_vhost.path, "RewriteEngine", "on")
# Add a chunk that should not be commented out.
self.config.parser.add_dir(http_vhost.path,
"RewriteCond", ["%{DOCUMENT_ROOT}/%{REQUEST_FILENAME}", "!-f"])
self.config.parser.add_dir(
http_vhost.path, "RewriteRule",
["^(.*)$", "b://u%{REQUEST_URI}", "[P,QSA,L]"])
# Add a chunk that should be commented out.
self.config.parser.add_dir(http_vhost.path,
"RewriteCond", ["%{HTTPS}", "!=on"])
self.config.parser.add_dir(http_vhost.path,
"RewriteCond", ["%{HTTPS}", "!^$"])
self.config.parser.add_dir(
http_vhost.path, "RewriteRule",
["^",
"https://%{SERVER_NAME}%{REQUEST_URI}",
"[L,QSA,R=permanent]"])
self.config.save()
ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0])
conf_line_set = set(open(ssl_vhost.filep).read().splitlines())
not_commented_cond1 = ("RewriteCond "
"%{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f")
not_commented_rewrite_rule = ("RewriteRule "
"^(.*)$ b://u%{REQUEST_URI} [P,QSA,L]")
commented_cond1 = "# RewriteCond %{HTTPS} !=on"
commented_cond2 = "# RewriteCond %{HTTPS} !^$"
commented_rewrite_rule = ("# RewriteRule ^ "
"https://%{SERVER_NAME}%{REQUEST_URI} "
"[L,QSA,R=permanent]")
self.assertTrue(not_commented_cond1 in conf_line_set)
self.assertTrue(not_commented_rewrite_rule in conf_line_set)
self.assertTrue(commented_cond1 in conf_line_set)
self.assertTrue(commented_cond2 in conf_line_set)
self.assertTrue(commented_rewrite_rule in conf_line_set)
mock_get_utility().add_message.assert_called_once_with(mock.ANY,
mock.ANY)
def get_achalls(self):
"""Return testing achallenges."""
@ -1186,6 +1247,45 @@ class MultipleVhostsTest(util.ApacheTest):
self.config.aug.match.side_effect = RuntimeError
self.assertFalse(self.config._check_aug_version())
class AugeasVhostsTest(util.ApacheTest):
"""Test vhosts with illegal names dependant on augeas version."""
# pylint: disable=protected-access
def setUp(self): # pylint: disable=arguments-differ
td = "debian_apache_2_4/augeas_vhosts"
cr = "debian_apache_2_4/augeas_vhosts/apache2"
vr = "debian_apache_2_4/augeas_vhosts/apache2/sites-available"
super(AugeasVhostsTest, self).setUp(test_dir=td,
config_root=cr,
vhost_root=vr)
self.config = util.get_apache_configurator(
self.config_path, self.vhost_path, self.config_dir, self.work_dir)
self.vh_truth = util.get_vh_truth(
self.temp_dir, "debian_apache_2_4/augeas_vhosts")
def tearDown(self):
shutil.rmtree(self.temp_dir)
shutil.rmtree(self.config_dir)
shutil.rmtree(self.work_dir)
def test_choosevhost_with_illegal_name(self):
self.config.aug = mock.MagicMock()
self.config.aug.match.side_effect = RuntimeError
path = "debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf"
chosen_vhost = self.config._create_vhost(path)
self.assertEqual(None, chosen_vhost)
def test_choosevhost_works(self):
path = "debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf"
chosen_vhost = self.config._create_vhost(path)
self.assertTrue(chosen_vhost == None or chosen_vhost.path == path)
@mock.patch("certbot_apache.configurator.ApacheConfigurator._create_vhost")
def test_get_vhost_continue(self, mock_vhost):
mock_vhost.return_value = None
vhs = self.config.get_virtual_hosts()
self.assertEqual([], vhs)
if __name__ == "__main__":
unittest.main() # pragma: no cover

196
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/apache2.conf vendored Normal file
View file

@ -0,0 +1,196 @@
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See http://httpd.apache.org/docs/2.4/ for detailed information about
# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
# hints.
#
#
# Summary of how the Apache 2 configuration works in Debian:
# The Apache 2 web server configuration in Debian is quite different to
# upstream's suggested way to configure the web server. This is because Debian's
# default Apache2 installation attempts to make adding and removing modules,
# virtual hosts, and extra configuration directives as flexible as possible, in
# order to make automating the changes and administering the server as easy as
# possible.
# It is split into several files forming the configuration hierarchy outlined
# below, all located in the /etc/apache2/ directory:
#
# /etc/apache2/
# |-- apache2.conf
# | `-- ports.conf
# |-- mods-enabled
# | |-- *.load
# | `-- *.conf
# |-- conf-enabled
# | `-- *.conf
# `-- sites-enabled
# `-- *.conf
#
#
# * apache2.conf is the main configuration file (this file). It puts the pieces
# together by including all remaining configuration files when starting up the
# web server.
#
# * ports.conf is always included from the main configuration file. It is
# supposed to determine listening ports for incoming connections which can be
# customized anytime.
#
# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
# directories contain particular configuration snippets which manage modules,
# global configuration fragments, or virtual host configurations,
# respectively.
#
# They are activated by symlinking available configuration files from their
# respective *-available/ counterparts. These should be managed by using our
# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
# their respective man pages for detailed information.
#
# * The binary is called apache2. Due to the use of environment variables, in
# the default configuration, apache2 needs to be started/stopped with
# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
# work with the default configuration.
# Global configuration
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
Mutex file:${APACHE_LOCK_DIR} default
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
# This needs to be set in /etc/apache2/envvars
#
PidFile ${APACHE_PID_FILE}
#
# Timeout: The number of seconds before receives and sends time out.
#
Timeout 300
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 5
# These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the severity of messages logged to the error_log.
# Available values: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the log level for particular modules, e.g.
# "LogLevel info ssl:warn"
#
LogLevel warn
# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf
# Include list of ports to listen on
Include ports.conf
# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# These deviate from the Common Log Format definitions in that they use %O
# (the actual bytes sent including headers) instead of %b (the size of the
# requested file), because the latter makes it impossible to detect partial
# requests.
#
# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
# Use mod_remoteip instead.
#
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
IncludeOptional conf-enabled/*.conf
# Include the virtual host configurations:
IncludeOptional sites-enabled/*.conf
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

3
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/bad_conf_file.conf vendored Normal file
View file

@ -0,0 +1,3 @@
<VirtualHost 1.1.1.1>
ServerName invalid.net

4
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/other-vhosts-access-log.conf vendored Normal file
View file

@ -0,0 +1,4 @@
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

35
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/security.conf vendored Normal file
View file

@ -0,0 +1,35 @@
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#ServerTokens Minimal
ServerTokens OS
#ServerTokens Full
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#ServerSignature Off
ServerSignature On
#
# Allow TRACE method
#
# Set to "extended" to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
TraceEnable Off
#TraceEnable On
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

20
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/serve-cgi-bin.conf vendored Normal file
View file

@ -0,0 +1,20 @@
<IfModule mod_alias.c>
<IfModule mod_cgi.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfModule mod_cgid.c>
Define ENABLE_USR_LIB_CGI_BIN
</IfModule>
<IfDefine ENABLE_USR_LIB_CGI_BIN>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all granted
</Directory>
</IfDefine>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/other-vhosts-access-log.conf vendored Symbolic link
View file

@ -0,0 +1 @@
../conf-available/other-vhosts-access-log.conf

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/security.conf vendored Symbolic link
View file

@ -0,0 +1 @@
../conf-available/security.conf

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/serve-cgi-bin.conf vendored Symbolic link
View file

@ -0,0 +1 @@
../conf-available/serve-cgi-bin.conf

29
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/envvars vendored Normal file
View file

@ -0,0 +1,29 @@
# envvars - default environment variables for apache2ctl
# this won't be correct after changing uid
unset HOME
# for supporting multiple apache2 instances
if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
else
SUFFIX=
fi
# Since there is no sane way to get the parsed apache2 config in scripts, some
# settings are defined via environment variables and then used in apache2ctl,
# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
# temporary state file location. This might be changed to /run in Wheezy+1
export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid
export APACHE_RUN_DIR=/var/run/apache2$SUFFIX
export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX
# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2.
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
## The locale used by some modules like mod_dav
export LANG=C
export LANG

5
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/authz_svn.load vendored Normal file
View file

@ -0,0 +1,5 @@
# Depends: dav_svn
<IfModule !mod_dav_svn.c>
Include mods-enabled/dav_svn.load
</IfModule>
LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so

3
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav.load vendored Normal file
View file

@ -0,0 +1,3 @@
<IfModule !mod_dav.c>
LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
</IfModule>

56
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.conf vendored Normal file
View file

@ -0,0 +1,56 @@
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.
# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.
#<Location /svn>
# Uncomment this to enable the repository
#DAV svn
# Set this to the path to your repository
#SVNPath /var/lib/svn
# Alternatively, use SVNParentPath if you have multiple repositories under
# under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
# You need either SVNPath and SVNParentPath, but not both.
#SVNParentPath /var/lib/svn
# Access control is done at 3 levels: (1) Apache authentication, via
# any of several methods. A "Basic Auth" section is commented out
# below. (2) Apache <Limit> and <LimitExcept>, also commented out
# below. (3) mod_authz_svn is a svn-specific authorization module
# which offers fine-grained read/write access control for paths
# within a repository. (The first two layers are coarse-grained; you
# can only enable/disable access to an entire repository.) Note that
# mod_authz_svn is noticeably slower than the other two layers, so if
# you don't need the fine-grained control, don't configure it.
# Basic Authentication is repository-wide. It is not secure unless
# you are using https. See the 'htpasswd' command to create and
# manage the password file - and the documentation for the
# 'auth_basic' and 'authn_file' modules, which you will need for this
# (enable them with 'a2enmod').
#AuthType Basic
#AuthName "Subversion Repository"
#AuthUserFile /etc/apache2/dav_svn.passwd
# To enable authorization via mod_authz_svn (enable that module separately):
#<IfModule mod_authz_svn.c>
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
#</IfModule>
# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# module (enable it with 'a2enmod').
#<LimitExcept GET PROPFIND OPTIONS REPORT>
#Require valid-user
#</LimitExcept>
#</Location>

7
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.load vendored Normal file
View file

@ -0,0 +1,7 @@
# Depends: dav
<IfModule !mod_dav_svn.c>
<IfModule !mod_dav.c>
Include mods-enabled/dav.load
</IfModule>
LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
</IfModule>

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/rewrite.load vendored Normal file
View file

@ -0,0 +1 @@
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

89
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.conf vendored Normal file
View file

@ -0,0 +1,89 @@
<IfModule mod_ssl.c>
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of all available
# options.
# Enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
# Allow insecure renegotiation with clients which do not yet support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

2
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.load vendored Normal file
View file

@ -0,0 +1,2 @@
# Depends: setenvif mime socache_shmcb
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

0
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/.gitignore vendored Normal file
View file

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/authz_svn.load vendored Symbolic link
View file

@ -0,0 +1 @@
../mods-available/authz_svn.load

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav.load vendored Symbolic link
View file

@ -0,0 +1 @@
../mods-available/dav.load

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.conf vendored Symbolic link
View file

@ -0,0 +1 @@
../mods-available/dav_svn.conf

1
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.load vendored Symbolic link
View file

@ -0,0 +1 @@
../mods-available/dav_svn.load

15
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/ports.conf vendored Normal file
View file

@ -0,0 +1,15 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

12
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf vendored Normal file
View file

@ -0,0 +1,12 @@
<VirtualHost *:80 [::]:80>
ServerName ip-172-30-0-17
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

0
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-enabled/placeholder.conf vendored Normal file
View file

3
certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/sites vendored Normal file
View file

@ -0,0 +1,3 @@
sites-available/certbot.conf, certbot.demo
sites-available/encryption-example.conf, encryption-example.demo
sites-available/ocsp-ssl.conf, ocspvhost.com

27
certbot-compatibility-test/nginx/README Normal file
View file

@ -0,0 +1,27 @@
Eventually there will also be a compatibility test here like the Apache one.
Right now, this is data for the roundtrip test (checking that the parser
can parse each file and that the reserialized config file it generates is
identical to the original).
If run in a virtualenv or otherwise so that certbot_nginx can be imported,
the roundtrip test can run as
python roundtrip.py nginx-roundtrip-testdata
It gives exit status 0 for success and 1 if at least one parse or roundtrip
failure occurred.
The directory nginx-roundtrip-testdata includes some config files that were
contributed to our project as well as most of the configs linked from
https://www.nginx.com/resources/wiki/start/
Some exceptions that were skipped are
https://www.nginx.com/resources/wiki/start/topics/recipes/moinmoin/
https://www.nginx.com/resources/wiki/start/topics/examples/SSL-Offloader/ (not much nginx configuration)
https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ (likewise)
https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/
https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/

34
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 Normal file
View file

@ -0,0 +1,34 @@
upstream django_server_random18709.example.org {
server unix:/srv/http/random22194/live/website.sock;
}
server {
listen 80;
server_name random18709.example.org;
location /media/ {
alias /srv/http/random22194/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random22194/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random18709.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random22194/live/access.log combined_plus;
error_log /var/log/nginx/random22194/live/error.log;
}
server {
server_name www.random18709.example.org;
server_name random24607.example.org www.random24607.example.org;
return 301 http://random18709.example.org$request_uri;
}

71
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 Normal file
View file

@ -0,0 +1,71 @@
upstream django_server_random1413.example.org {
server unix:/srv/http/random25151/live/website.sock;
}
server {
listen 443;
server_name www.random25266.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random25266.example.org.key;
location /media/ {
alias /srv/http/random25151/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random25151/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1413.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random25151/live/access.log combined_plus;
error_log /var/log/nginx/random25151/live/error.log;
}
server {
listen 443;
server_name random1413.example.org www.random1413.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random1413.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random1413.example.org.key;
location / {
return 301 https://www.random25266.example.org$request_uri;
}
}
server {
listen 443;
server_name random25266.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random25266.example.org.key;
location / {
return 301 https://www.random25266.example.org$request_uri;
}
}
server {
listen 80;
server_name random1413.example.org www.random1413.example.org;
server_name random28524.example.org www.random28524.example.org;
server_name random25266.example.org www.random25266.example.org;
server_name random26791.example.org www.random26791.example.org;
location / {
return 301 https://www.random25266.example.org$request_uri;
}
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random11921.example.org {
server unix:/srv/http/random9726/acceptance/website.sock;
}
server {
listen 80;
server_name random11921.example.org www.random11921.example.org;
if ($host != 'random11921.example.org') {
rewrite ^/(.*)$ http://random11921.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random9726/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random9726/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random11921.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 502 503 504 /50x.html;
}
location /50x.html {
root /usr/share/nginx/www/;
}
access_log /var/log/nginx/random9726/acceptance/access.log combined_plus;
error_log /var/log/nginx/random9726/acceptance/error.log;
}

16
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 Normal file
View file

@ -0,0 +1,16 @@
server {
listen 80 default;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:81;
}
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/random27802/access.log combined_plus;
}

40
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 Normal file
View file

@ -0,0 +1,40 @@
upstream django_server_acceptance.random8289.random17507.example.org {
server unix:/srv/http/random8289/acceptance/website.sock;
}
server {
listen 80;
server_name random23045.example.org;
location /media/ {
alias /srv/http/random8289/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random8289/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_acceptance.random8289.random17507.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
satisfy any;
auth_basic 'random8289 acceptance';
auth_basic_user_file /srv/http/random8289/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random8289/acceptance/access.log combined_plus;
error_log /var/log/nginx/random8289/acceptance/error.log;
}
server {
server_name www.random23045.example.org;
return 301 http://random23045.example.org$request_uri;
}

37
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 Normal file
View file

@ -0,0 +1,37 @@
upstream django_server_random24036.example.org {
server unix:/srv/http/random1006/live/website.sock;
}
server {
listen 80;
server_name random24036.example.org;
gzip on;
gzip_http_version 1.0;
gzip_types *;
gzip_vary on;
gzip_proxied any;
location ~ /media/(.*)$ {
alias /srv/http/random1006/live/website/static/$1;
expires 7d;
gzip on;
}
location / {
proxy_pass http://django_server_random24036.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random1006/live/access.log combined_plus;
error_log /var/log/nginx/random1006/live/error.log;
}
server {
server_name www.random24036.example.org;
server_name random32349.example.org www.random32349.example.org;
server_name random23794.example.org www.random23794.example.org;
rewrite ^ http://random24036.example.org$request_uri permanent;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random25979.example.org {
server unix:/srv/http/random24211/internal/website.sock;
}
server {
listen 80;
server_name random25979.example.org;
location ^~ /media/ {
alias /srv/http/random24211/internal/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random24211/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random25979.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random24211';
auth_basic_user_file /srv/http/random24211/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random24211/internal/access.log combined_plus;
error_log /var/log/nginx/random24211/internal/error.log;
}
server {
server_name www.random25979.example.org;
rewrite ^ http://intern.random24211.org$request_uri permanent;
}

29
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 Normal file
View file

@ -0,0 +1,29 @@
server {
listen 80;
listen 7891; # User0
listen 8080; # User1
listen 8900; # User2
listen 8912; # User3
listen 3567; # User4
server_name random666.example.org www.random666.example.org;
root /srv/http/random666.example.org;
index index.html index.htm;
location /duif_assets/ {
try_files $uri $uri/ =404;
}
location /index.html {
try_files $uri $uri/ =404;
}
location / {
rewrite ^.+$ / break;
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/random666.example.org/access.log combined_plus;
error_log /var/log/nginx/random666.example.org/error.log;
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random23900.example.org {
server unix:/srv/http/random29467/acceptance/website.sock;
}
server {
listen 80;
server_name random23900.example.org www.random23900.example.org;
if ($host != 'random23900.example.org') {
rewrite ^/(.*)$ http://random23900.example.org/$1 permanent;
}
location ^~ /media/ {
alias /srv/http/random29467/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location ^~ /static/ {
alias /srv/http/random29467/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random23900.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
satisfy any;
allow 89.188.25.162;
auth_basic "random29467 acceptance";
auth_basic_user_file htpasswords/random29467_acceptance;
}
access_log /var/log/nginx/random29467/acceptance/access.log combined_plus;
error_log /var/log/nginx/random29467/acceptance/error.log;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random3140.example.org {
server unix:/srv/http/random2912/live/website.sock;
}
server {
listen 80;
server_name random3140.example.org;
location ^~ /media/ {
alias /srv/http/random2912/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random2912/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random3140.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random2912/live/access.log combined_plus;
error_log /var/log/nginx/random2912/live/error.log;
}
server {
server_name www.random3140.example.org;
server_name random28398.example.org;
server_name random23689.example.org www.random23689.example.org;
server_name random25863.example.org www.random25863.example.org;
rewrite ^ http://random3140.example.org$request_uri permanent;
}

29
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 Normal file
View file

@ -0,0 +1,29 @@
upstream django_server_random6410.example.org {
server unix:/srv/http/random28641/live/website.sock;
}
server {
listen 80;
server_name www.random6410.example.org;
location ~ /static/(.*)$ {
alias /srv/http/random28641/live/website/static/$1;
expires 7d;
}
location / {
proxy_pass http://django_server_random6410.example.org;
include /etc/nginx/proxy_params;
proxy_connect_timeout 240;
proxy_read_timeout 240;
}
access_log /var/log/nginx/random28641/live/access.log combined_plus;
error_log /var/log/nginx/random28641/live/error.log;
}
server {
server_name random6410.example.org;
rewrite ^ http://www.random6410.example.org$request_uri permanent;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 Normal file
View file

@ -0,0 +1,33 @@
server {
server_name random18267.example.org;
gzip on;
gzip_min_length 2000;
gzip_proxied any;
gzip_types application/json;
client_max_body_size 30M;
root /srv/http/random23264/data;
# Security
satisfy any;
include /etc/nginx/allow_ytec_ips_params;
deny all;
# try serving docs and (md5/immutable) directly
location ~ \+(f|doc)/ {
try_files $uri @proxy_to_app;
}
location / {
# XXX how to tell nginx to just refer to @proxy_to_app here?
try_files /.lqkwje @proxy_to_app;
}
location @proxy_to_app {
proxy_pass http://random20604.example.org:4040;
proxy_set_header X-outside-url $scheme://$host;
proxy_set_header X-Real-IP $remote_addr;
}
access_log /var/log/nginx/random23264/access.log combined_plus;
error_log /var/log/nginx/random23264/error.log;
}

45
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 Normal file
View file

@ -0,0 +1,45 @@
upstream django_server_random10305.example.org {
server unix:/srv/http/random23322/live/website.sock;
}
server {
listen 80;
server_name random10305.example.org;
location /media/ {
alias /srv/http/random23322/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random23322/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random10305.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random23322/live/access.log combined_plus;
error_log /var/log/nginx/random23322/live/error.log;
}
server {
listen 80;
server_name random13399.example.org;
server_name www.random10305.example.org;
server_name random17958.example.org www.random17958.example.org;
server_name random15266.example.org www.random15266.example.org;
server_name random21296.example.org www.random21296.example.org;
server_name random5261.example.org www.random5261.example.org;
server_name random679.example.org www.random679.example.org;
server_name random31788.example.org www.random31788.example.org;
server_name random22704.example.org www.random22704.example.org;
server_name random17411.example.org www.random17411.example.org;
return 301 http://random10305.example.org$request_uri;
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random30837.example.org {
server unix:/srv/http/random30992/live/website.sock;
}
server {
listen 80;
server_name www.random30837.example.org;
location ^~ /media/ {
alias /srv/http/random30992/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random30992/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random30837.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random30992/live/access.log combined_plus;
error_log /var/log/nginx/random30992/live/error.log;
}
server {
server_name random30837.example.org;
server_name random3263.example.org www.random3263.example.org;
server_name random6771.example.org www.random6771.example.org;
server_name random17696.example.org www.random17696.example.org;
server_name random7179.example.org www.random7179.example.org;
server_name random8127.example.org www.random8127.example.org;
rewrite ^ http://www.random30837.example.org$request_uri permanent;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random17705.example.org {
server unix:/srv/http/random8289/internal/website.sock;
}
server {
listen 80;
server_name random17705.example.org;
location /media/ {
alias /srv/http/random8289/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random8289/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random17705.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random8289/internal/access.log combined_plus;
error_log /var/log/nginx/random8289/internal/error.log;
}
server {
server_name www.random17705.example.org;
return 301 http://random17705.example.org$request_uri;
}

54
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 Normal file
View file

@ -0,0 +1,54 @@
upstream django_server_random17507.example.org {
server unix:/srv/http/random7740/live/website.sock;
}
server {
listen 80;
server_name random17507.example.org;
location ^~ /media/ {
alias /srv/http/random7740/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random7740/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random17507.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random7740/live/access.log combined_plus;
error_log /var/log/nginx/random7740/live/error.log;
}
server {
server_name www.random17507.example.org;
server_name random31197.example.org www.random31197.example.org;
server_name random19579.example.org www.random19579.example.org;
server_name random16629.example.org www.random16629.example.org;
server_name random28363.example.org www.random28363.example.org;
server_name random30185.example.org www.random30185.example.org;
server_name random22326.example.org www.random22326.example.org;
server_name random3622.example.org www.random3622.example.org;
server_name random1463.example.org www.random1463.example.org;
server_name random23341.example.org www.random23341.example.org;
server_name random2214.example.org www.random2214.example.org;
server_name random22684.example.org www.random22684.example.org;
server_name random6606.example.org www.random6606.example.org;
server_name random29138.example.org www.random29138.example.org;
server_name random15109.example.org www.random15109.example.org;
server_name random8002.example.org www.random8002.example.org;
server_name random16836.example.org www.random16836.example.org;
server_name random22283.example.org www.random22283.example.org;
location = /googleXXXXXXXXXXXXXXXX.html {
alias /srv/http/random7740/live/website/templates/googleXXXXXXXXXXXXXXXX.html;
}
rewrite ^ http://random17507.example.org$request_uri permanent;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_acceptatie.random20374.nl {
server unix:/srv/http/random20374/acceptance/website.sock;
}
server {
listen 80;
server_name random28586.example.org;
location ^~ /media/ {
alias /srv/http/random20374/acceptance/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random20374/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_acceptatie.random20374.nl;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random20374';
auth_basic_user_file /srv/http/random20374/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random20374/acceptance/access.log combined_plus;
error_log /var/log/nginx/random20374/acceptance/error.log;
}
server {
server_name www.random28586.example.org;
rewrite ^ http://random28586.example.org$request_uri permanent;
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random6822.example.org {
server unix:/srv/http/random7047/live/website.sock;
}
server {
listen 8443;
server_name random6822.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random6822.example.org.complete-bundle.crt;
ssl_certificate_key /etc/ssl/private/random6822.example.org.key;
location /media/ {
alias /srv/http/random7047/live/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random7047/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random6822.example.org;
include /etc/nginx/proxy_params;
}
access_log /var/log/nginx/random7047/live/access.log combined_plus;
error_log /var/log/nginx/random7047/live/error.log;
}
server {
listen 80;
server_name random6822.example.org;
rewrite ^/(.*) https://random6822.example.org:8443/$1;
}

112
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 Normal file
View file

@ -0,0 +1,112 @@
# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts to this file
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://random20604.example.org/
server_name random20604.example.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen random20605.example.org:8080;
# server_name random20605.example.org alias another.alias;
# root html;
# index index.html index.htm;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name random20604.example.org;
#
# root html;
# index index.html index.htm;
#
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
#
# ssl_session_timeout 5m;
#
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
# ssl_prefer_server_ciphers on;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}

39
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 Normal file
View file

@ -0,0 +1,39 @@
upstream django_server_random29275.example.org {
server unix:/srv/http/random14353/internal/website.sock;
}
server {
listen 80;
server_name random29275.example.org;
location /media/ {
alias /srv/http/random14353/internal/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random14353/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random29275.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
satisfy any;
auth_basic 'internal for random14353';
auth_basic_user_file /srv/http/random14353/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random14353/internal/access.log;
error_log /var/log/nginx/random14353/internal/error.log;
}
server {
server_name www.random29275.example.org;
return 301 http://random29275.example.org$request_uri;
}

35
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 Normal file
View file

@ -0,0 +1,35 @@
upstream django_server_random16112.example.org {
server unix:/srv/http/random29227/live/website.sock;
}
server {
listen 80;
server_name random16112.example.org;
location /media/ {
alias /srv/http/random29227/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random29227/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random16112.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random29227/live/access.log combined_plus;
error_log /var/log/nginx/random29227/live/error.log;
}
server {
server_name random5297.example.org www.random5297.example.org;
server_name random17050.example.org www.random17050.example.org;
server_name www.random16112.example.org;
return 301 http://random16112.example.org$request_uri;
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random7474.example.org {
server unix:/srv/http/random4886/acceptance/website.sock;
}
server {
listen 80;
server_name random7474.example.org;
location /media/ {
alias /srv/http/random4886/acceptance/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random4886/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random7474.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random4886';
auth_basic_user_file /srv/http/random4886/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
client_max_body_size 20m;
access_log /var/log/nginx/random4886/acceptance/access.log;
error_log /var/log/nginx/random4886/acceptance/error.log;
}
server {
server_name www.random7474.example.org;
return 301 http://random7474.example.org$request_uri;
}

34
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 Normal file
View file

@ -0,0 +1,34 @@
upstream django_server_random25713.example.org {
server unix:/srv/http/random24922/live/website.sock;
}
server {
listen 80;
server_name random25713.example.org;
location /media/ {
alias /srv/http/random24922/live/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random24922/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random25713.example.org;
include /etc/nginx/proxy_params;
satisfy any;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random24922/live/access.log;
error_log /var/log/nginx/random24922/live/error.log;
}
server {
server_name www.random25713.example.org;
return 301 http://random25713.example.org$request_uri;
}

14
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 Normal file
View file

@ -0,0 +1,14 @@
server {
listen 80;
server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org;
if ($host != 'random25647.example.org') {
rewrite ^/(.*)$ http://random25647.example.org/$1 permanent;
}
index index.html index.htm;
root /srv/http/random11461/countdown/;
access_log /var/log/nginx/random11461/live/access.log combined_plus;
error_log /var/log/nginx/random11461/live/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random6430.example.org {
server unix:/srv/http/random550/internal/website.sock;
}
server {
listen 80;
server_name random6430.example.org;
location /media/ {
alias /srv/http/random550/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random550/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random6430.example.org;
include /etc/nginx/django_proxy_params;
}
access_log /var/log/nginx/random550/internal/access.log combined_plus;
error_log /var/log/nginx/random550/internal/error.log;
}
server {
server_name www.random6430.example.org;
return 301 http://random6430.example.org$request_uri;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random25647.example.org {
server unix:/srv/http/random11461/live/website.sock;
}
server {
listen 80;
server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org;
if ($host != 'random25647.example.org') {
rewrite ^/(.*)$ http://random25647.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random11461/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random11461/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random25647.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random11461/live/access.log combined_plus;
error_log /var/log/nginx/random11461/live/error.log;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_intern.random20374.nl {
server unix:/srv/http/random20374/internal/website.sock;
}
server {
listen 80;
server_name random23818.example.org;
location ^~ /media/ {
alias /srv/http/random20374/internal/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random20374/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_intern.random20374.nl;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random20374';
auth_basic_user_file /srv/http/random20374/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random20374/internal/access.log combined_plus;
error_log /var/log/nginx/random20374/internal/error.log;
}
server {
server_name www.random23818.example.org;
rewrite ^ http://random23818.example.org$request_uri permanent;
}

39
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 Normal file
View file

@ -0,0 +1,39 @@
upstream django_server_random7949.example.org {
server unix:/srv/http/random1006/acceptance/website.sock;
}
server {
listen 80;
server_name random7949.example.org;
gzip on;
gzip_http_version 1.0;
gzip_types *;
gzip_vary on;
gzip_proxied any;
location ~ /media/(.*)$ {
alias /srv/http/random1006/acceptance/website/static/$1;
expires 7d;
gzip on;
}
location / {
proxy_pass http://django_server_random7949.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random1006';
auth_basic_user_file /srv/http/random1006/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random1006/acceptance/access.log combined_plus;
error_log /var/log/nginx/random1006/acceptance/error.log;
}
server {
server_name www.random7949.example.org;
rewrite ^ http://random7949.example.org$request_uri permanent;
}

39
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 Normal file
View file

@ -0,0 +1,39 @@
upstream django_server_random1515.example.org {
server unix:/srv/http/random15255/acceptance/website.sock fail_timeout=5;
}
server {
listen 80;
server_name random1515.example.org www.random1515.example.org;
if ($host != 'random1515.example.org') {
rewrite ^/(.*)$ http://random1515.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random15255/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random15255/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1515.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
satisfy any;
auth_basic 'random191 acceptance';
auth_basic_user_file /srv/http/random15255/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random15255/acceptance/access.log combined_plus;
error_log /var/log/nginx/random15255/acceptance/error.log;
}

39
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 Normal file
View file

@ -0,0 +1,39 @@
upstream django_server_live.random8289.random17507.example.org {
server unix:/srv/http/random8289/live/website.sock;
}
server {
listen 443;
server_name random23886.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random23886.example.org.complete-bundle.crt;
ssl_certificate_key /etc/ssl/private/random23886.example.org.key;
location /media/ {
alias /srv/http/random8289/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random8289/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_live.random8289.random17507.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random8289/live/access.log combined_plus;
error_log /var/log/nginx/random8289/live/error.log;
}
server {
listen 80;
server_name random23886.example.org;
return 301 https://random23886.example.org$request_uri;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random31523.example.org {
server unix:/srv/http/random16722.example.org/internal/website.sock;
}
server {
listen 80;
server_name random31523.example.org;
location ^~ /media/ {
alias /srv/http/random16722.example.org/internal/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random16722.example.org/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random31523.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random16722.example.org';
auth_basic_user_file /srv/http/random16722.example.org/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random16722.example.org/internal/access.log combined_plus;
error_log /var/log/nginx/random16722.example.org/internal/error.log;
}
server {
server_name www.random31523.example.org;
rewrite ^ http://random31523.example.org$request_uri permanent;
}

34
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 Normal file
View file

@ -0,0 +1,34 @@
upstream django_server_random1413.example.org {
server unix:/srv/http/random25151/live/website.sock;
}
server {
listen 80;
server_name random1413.example.org;
location ^~ /media/ {
alias /srv/http/random25151/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location ^~ /static/ {
alias /srv/http/random25151/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1413.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random25151/live/access.log combined_plus;
error_log /var/log/nginx/random25151/live/error.log;
}
server {
server_name www.random1413.example.org;
server_name random28524.example.org www.random28524.example.org;
rewrite ^ http://random1413.example.org$request_uri permanent;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random9619.example.org {
server unix:/srv/http/random28641/internal/website.sock;
}
server {
listen 80;
server_name random9619.example.org;
location ^~ /media/ {
alias /srv/http/random28641/internal/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random28641/internal/website/static/;
expires 7d;
}
location / {
proxy_pass http://django_server_random9619.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random28641';
auth_basic_user_file /srv/http/random28641/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random28641/internal/access.log combined_plus;
error_log /var/log/nginx/random28641/internal/error.log;
}
server {
server_name www.random9619.example.org;
rewrite ^ http://random9619.example.org$request_uri permanent;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random31758.example.org {
server unix:/srv/http/random21623/internal/website.sock;
}
server {
listen 80;
server_name random31758.example.org www.random31758.example.org;
if ($host != 'random31758.example.org') {
rewrite ^/(.*)$ http://random31758.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random21623/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random21623/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random31758.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random21623/internal/access.log combined_plus;
error_log /var/log/nginx/random21623/internal/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random1688.example.org {
server unix:/srv/http/random6470/acceptance/website.sock;
}
server {
listen 80;
server_name random5078.example.org random1688.example.org www.random1688.example.org;
if ($host != 'random5078.example.org') {
rewrite ^/(.*)$ http://random5078.example.org/$1 permanent;
}
location ^~ /media/ {
alias /srv/http/random6470/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location ^~ /static/ {
alias /srv/http/random6470/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1688.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random6470/acceptance/access.log combined_plus;
error_log /var/log/nginx/random6470/acceptance/error.log;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random22746.example.org {
server unix:/srv/http/random6344/internal/website.sock;
}
server {
listen 80;
server_name random22746.example.org;
if ($host != 'random22746.example.org') {
rewrite ^/(.*)$ http://random22746.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random6344/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random6344/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random22746.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random6344/internal/access.log combined_plus;
error_log /var/log/nginx/random6344/internal/error.log;
}

74
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 Normal file
View file

@ -0,0 +1,74 @@
upstream django_server_random15255_live {
server unix:/srv/http/random15255/live/website.sock fail_timeout=5;
}
server {
listen 443;
server_name random7381.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
location /media/ {
alias /srv/http/random15255/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random15255/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random15255_live;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random15255/live/access.log combined_plus;
error_log /var/log/nginx/random15255/live/error.log;
}
server {
listen 80;
server_name random7381.example.org www.random7381.example.org;
return 301 https://random7381.example.org$request_uri;
}
server {
listen 8445;
server_name random7381.example.org www.random7381.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
return 301 https://random7381.example.org$request_uri;
}
server {
listen 1000;
server_name random7381.example.org www.random7381.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
return 301 https://random7381.example.org$request_uri;
}
server {
listen 443;
server_name www.random7381.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
return 301 https://random7381.example.org$request_uri;
}

56
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 Normal file
View file

@ -0,0 +1,56 @@
upstream django_server_random27579.example.org {
server unix:/srv/http/random21623/live/website.sock;
}
server {
listen 443;
server_name random27579.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random27579.example.org.key;
location /media/ {
alias /srv/http/random21623/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random21623/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random27579.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random21623/live/access.log combined_plus;
error_log /var/log/nginx/random21623/live/error.log;
}
server {
listen 443;
server_name www.random27579.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random27579.example.org.key;
return 301 https://random27579.example.org$request_uri;
}
server {
listen 80;
server_name random27579.example.org www.random27579.example.org random11512.example.org;
server_name random18003.example.org www.random18003.example.org;
server_name random26730.example.org www.random26730.example.org;
server_name random3968.example.org www.random3968.example.org;
server_name random11925.example.org www.random11925.example.org;
return 301 https://random27579.example.org$request_uri;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random31057.example.org {
server unix:/srv/http/random22194/acceptance/website.sock;
}
server {
listen 80;
server_name random31057.example.org www.random31057.example.org;
if ($host != 'random31057.example.org') {
rewrite ^/(.*)$ http://random31057.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random22194/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random22194/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random31057.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 120;
}
access_log /var/log/nginx/random22194/acceptance/access.log combined_plus;
error_log /var/log/nginx/random22194/acceptance/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random16722.example.org {
server unix:/srv/http/random16722.example.org/live/website.sock;
}
server {
listen 80;
server_name random16722.example.org;
location ^~ /media/ {
alias /srv/http/random16722.example.org/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random16722.example.org/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random16722.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random16722.example.org/live/access.log combined_plus;
error_log /var/log/nginx/random16722.example.org/live/error.log;
}
server {
server_name www.random16722.example.org;
rewrite ^ http://random16722.example.org$request_uri permanent;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random14388.example.org {
server unix:/srv/http/random4886/live/website.sock;
}
server {
listen 80;
server_name random14388.example.org;
location /media/ {
alias /srv/http/random4886/live/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random4886/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random14388.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random4886/live/access.log;
error_log /var/log/nginx/random4886/live/error.log;
}
server {
server_name www.random14388.example.org;
return 301 http://random14388.example.org$request_uri;
}

7
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 Normal file
View file

@ -0,0 +1,7 @@
server {
listen 80;
server_name random14996.example.org;
root /srv/http/random23392/;
index index.html;
}

62
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 Normal file
View file

@ -0,0 +1,62 @@
upstream django_server_random6177.example.org {
server unix:/srv/http/random550/live/website.sock;
}
server {
listen 443 ssl;
server_name random2179.example.org;
ssl_certificate /etc/ssl/public/random2179.example.org.bundle.crt;
ssl_certificate_key /etc/ssl/private/random2179.example.org.key;
location /media/ {
alias /srv/http/random550/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random550/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random6177.example.org;
include /etc/nginx/django_proxy_params;
}
access_log /var/log/nginx/random550/live/access.log combined_plus;
error_log /var/log/nginx/random550/live/error.log;
}
server {
listen 80;
server_name random2179.example.org;
location /media/ {
alias /srv/http/random550/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random550/live/static_collected/;
expires 7d;
}
#location = / {
# return 301 https://random2179.example.org$request_uri;
#}
location / {
proxy_pass http://django_server_random6177.example.org;
include /etc/nginx/django_proxy_params;
}
access_log /var/log/nginx/random550/live/access_http.log combined_plus;
error_log /var/log/nginx/random550/live/error_http.log;
}
server {
server_name random6177.example.org www.random6177.example.org;
return 301 http://random2179.example.org$request_uri;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random22047.example.org {
server unix:/srv/http/random26975/acceptance/website.sock;
}
server {
listen 80;
server_name random22047.example.org;
location /media/ {
alias /srv/http/random26975/acceptance/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random26975/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random22047.example.org;
include /etc/nginx/django_proxy_params;
satisfy any;
auth_basic 'acceptance for random26975';
auth_basic_user_file /srv/http/random26975/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random26975/acceptance/access.log;
error_log /var/log/nginx/random26975/acceptance/error.log;
}
server {
server_name www.random22047.example.org;
return 301 http://random22047.example.org$request_uri;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random6193.example.org {
server unix:/srv/http/random4755/live/website.sock;
}
server {
listen 80;
server_name random6193.example.org www.random6193.example.org;
if ($host != 'random6193.example.org') {
rewrite ^/(.*)$ http://random6193.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random4755/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random4755/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random6193.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random4755/live/access.log combined_plus;
error_log /var/log/nginx/random4755/live/error.log;
}

26
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 Normal file
View file

@ -0,0 +1,26 @@
server {
listen 80;
server_name www.random25446.example.org random25446.example.org;
if ($host != 'random25446.example.org') {
rewrite ^/(.*)$ http://random25446.example.org/$1 permanent;
}
location ^~ /media {
alias /srv/http/random17476/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location ^~ /static {
alias /srv/http/random17476/internal/static_collected/;
expires 7d;
}
location / {
include fastcgi_params;
fastcgi_pass unix:/srv/http/random17476/internal/website.sock;
}
access_log /var/log/nginx/random17476/internal/access.log combined_plus;
error_log /var/log/nginx/random17476/internal/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random4030.example.org {
server unix:/srv/http/random26975/live/website.sock;
}
server {
listen 80;
server_name random4030.example.org;
location /media/ {
alias /srv/http/random26975/live/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random26975/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random4030.example.org;
include /etc/nginx/django_proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random26975/live/access.log;
error_log /var/log/nginx/random26975/live/error.log;
}
server {
server_name www.random4030.example.org;
return 301 http://random4030.example.org$request_uri;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random5890.example.org {
server unix:/srv/http/random4755/internal/website.sock;
}
server {
listen 80;
server_name random5890.example.org;
if ($host != 'random5890.example.org') {
rewrite ^/(.*)$ http://random5890.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random4755/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random4755/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random5890.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random4755/internal/access.log combined_plus;
error_log /var/log/nginx/random4755/internal/error.log;
}

21
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 Normal file
View file

@ -0,0 +1,21 @@
server {
listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
root /var/www/default/;
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
access_log /var/log/nginx/access.log combined_plus;
error_log /var/log/nginx/error.log;
}

37
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 Normal file
View file

@ -0,0 +1,37 @@
upstream django_server_random10783.example.org {
server unix:/srv/http/random4711/acceptance/website.sock;
}
server {
listen 80;
server_name random10783.example.org;
location ^~ /media/ {
alias /srv/http/random4711/acceptance/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random4711/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random10783.example.org;
include /etc/nginx/proxy_params;
proxy_read_timeout 4m;
satisfy any;
auth_basic 'acceptance for random4711';
auth_basic_user_file /srv/http/random4711/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random4711/acceptance/access.log combined_plus;
error_log /var/log/nginx/random4711/acceptance/error.log;
}
server {
server_name www.random10783.example.org;
rewrite ^ http://random10783.example.org$request_uri permanent;
}

5
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 Normal file
View file

@ -0,0 +1,5 @@
server {
location =/ {
return 404;
}
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random17112.example.org {
server unix:/srv/http/random29467/live/website.sock;
}
server {
listen 80;
server_name random17112.example.org www.random17112.example.org;
if ($host != 'random17112.example.org') {
rewrite ^/(.*)$ http://random17112.example.org/$1 permanent;
}
location ^~ /media/ {
alias /srv/http/random29467/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location ^~ /static/ {
alias /srv/http/random29467/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random17112.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random29467/live/access.log combined_plus;
error_log /var/log/nginx/random29467/live/error.log;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random1296.example.org {
server unix:/srv/http/random2912/acceptance/website.sock;
}
server {
listen 80;
server_name random1296.example.org;
location ^~ /media/ {
alias /srv/http/random2912/acceptance/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random2912/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1296.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random2912';
auth_basic_user_file /srv/http/random2912/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random2912/acceptance/access.log combined_plus;
error_log /var/log/nginx/random2912/acceptance/error.log;
}
server {
server_name www.random1296.example.org;
rewrite ^ http://random1296.example.org$request_uri permanent;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random11685.example.org {
server unix:/srv/http/random4886/internal/website.sock;
}
server {
listen 80;
server_name random11685.example.org;
location /media/ {
alias /srv/http/random4886/internal/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random4886/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random11685.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random4886';
auth_basic_user_file /srv/http/random4886/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random4886/internal/access.log;
error_log /var/log/nginx/random4886/internal/error.log;
}
server {
server_name www.random11685.example.org;
return 301 http://random11685.example.org$request_uri;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random16112.example.org {
server unix:/srv/http/random24645/live/website.sock;
}
server {
listen 80;
server_name random16112.example.org;
location ^~ /media/ {
alias /srv/http/random24645/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random24645/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random16112.example.org;
include /etc/nginx/proxy_params;
# You can configure access rules here
}
access_log /var/log/nginx/random24645/live/access.log;
error_log /var/log/nginx/random24645/live/error.log;
}
server {
server_name www.random16112.example.org;
rewrite ^ http://random16112.example.org$request_uri permanent;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random29198.example.org {
server unix:/srv/http/random28641/acceptance/website.sock;
}
server {
listen 80;
server_name random29198.example.org;
location ~ /static/(.*)$ {
alias /srv/http/random28641/acceptance/website/static/$1;
expires 7d;
}
location / {
proxy_pass http://django_server_random29198.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random28641';
auth_basic_user_file /srv/http/random28641/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random28641/acceptance/access.log combined_plus;
error_log /var/log/nginx/random28641/acceptance/error.log;
}
server {
server_name www.random29198.example.org;
rewrite ^ http://random29198.example.org$request_uri permanent;
}

67
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 Normal file
View file

@ -0,0 +1,67 @@
server {
listen 80;
#listen [::]:80 default_server ipv6only=on;
root /var/www/random616_log/;
server_name random12800.example.org;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
}
access_log /var/log/nginx/random12543/access.log combined_plus;
error_log /var/log/nginx/random12543/error.log;
}
server {
listen 443 default_server;
#listen [::]:443 default_server ipv6only=on;
root /var/www/random616_log/;
server_name random12800.example.org;
# We created (will create) this SSL certificate ourselves, using our own CA. This way, we can control strictly which CA the XXX trusts.
# See ytec #6244
# However, we're working on a fix for high SSL overhead. We're hoping to be able to keep the connections open between log POSTs, like SSL can.
ssl on;
ssl_certificate /etc/ssl/public/random12800.example.org.crt;
ssl_certificate_key /etc/ssl/private/random12800.example.org.key;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/random12543/access.log combined_plus;
error_log /var/log/nginx/random12543/error.log;
}

37
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 Normal file
View file

@ -0,0 +1,37 @@
upstream django_server_random12785.example.org {
server unix:/srv/http/random14353/live/website.sock;
}
server {
listen 80;
server_name random12785.example.org;
location /media/ {
alias /srv/http/random14353/live/dynamic/public/;
expires 7d;
}
location /static/ {
alias /srv/http/random14353/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random12785.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
satisfy any;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random14353/live/access.log;
error_log /var/log/nginx/random14353/live/error.log;
}
server {
server_name www.random12785.example.org;
return 301 http://random12785.example.org$request_uri;
}

31
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 Normal file
View file

@ -0,0 +1,31 @@
upstream django_server_random7150.example.org {
server unix:/srv/http/random550/acceptance/website.sock;
}
server {
listen 80;
server_name random7150.example.org;
location /media/ {
alias /srv/http/random550/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random550/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random7150.example.org;
include /etc/nginx/django_proxy_params;
}
access_log /var/log/nginx/random550/acceptance/access.log combined_plus;
error_log /var/log/nginx/random550/acceptance/error.log;
}
server {
server_name www.random7150.example.org;
return 301 http://random7150.example.org$request_uri;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random31131.example.org {
server unix:/srv/http/random24334/internal/website.sock;
}
server {
listen 80;
server_name random31131.example.org;
location /media/ {
alias /srv/http/random24334/internal/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random24334/internal/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random31131.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/random24334/internal/access.log combined_plus;
error_log /var/log/nginx/random24334/internal/error.log;
}
server {
server_name www.random31131.example.org;
return 301 http://random31131.example.org$request_uri;
}

4
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 Normal file
View file

@ -0,0 +1,4 @@
server {
server_name www.random5115;
return 301 http://www.random10305.example.org;
}

25
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 Normal file
View file

@ -0,0 +1,25 @@
server {
listen 80;
root /home/admin/random19651_log/;
server_name random16339.example.org;
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/random4235/access.log combined_plus;
error_log /var/log/nginx/random4235/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 Normal file
View file

@ -0,0 +1,32 @@
upstream django_server_random21989.example.org {
server unix:/srv/http/random28136/acceptance/website.sock;
}
server {
listen 80;
server_name random21989.example.org;
location ~ /static/(.*)$ {
alias /srv/http/random28136/acceptance/website/static/$1;
expires 7d;
}
location / {
proxy_pass http://django_server_random21989.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'acceptance for random28136';
auth_basic_user_file /srv/http/random28136/acceptance/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random28136/acceptance/access.log combined_plus;
error_log /var/log/nginx/random28136/acceptance/error.log;
}
server {
server_name www.random21989.example.org;
rewrite ^ http://random21989.example.org$request_uri permanent;
}

46
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 Normal file
View file

@ -0,0 +1,46 @@
upstream django_server_random1769.example.org {
server unix:/srv/http/random7047/acceptance/website.sock;
}
server {
listen 80;
server_name random1769.example.org;
if ($host != 'random1769.example.org') {
rewrite ^/(.*)$ http://random1769.example.org/$1 permanent;
}
rewrite ^/(.*) https://$host:8444/$1;
}
server {
listen 8444;
server_name random1769.example.org;
ssl on;
ssl_certificate /etc/ssl/public/random6822.example.org.crt;
ssl_certificate_key /etc/ssl/private/random6822.example.org.key;
location ^~ /media/ {
alias /srv/http/random7047/acceptance/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random7047/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1769.example.org;
include /etc/nginx/proxy_params;
#satisfy any;
#auth_basic 'acceptance for random7047';
#auth_basic_user_file /srv/http/random7047/acceptance/htpasswords;
#include /etc/nginx/allow_ytec_ips_params;
#deny all;
}
access_log /var/log/nginx/random7047/acceptance/access.log combined_plus;
error_log /var/log/nginx/random7047/acceptance/error.log;
}

32
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 Normal file
View file

@ -0,0 +1,32 @@
server {
listen 80;
server_name random9761.example.org;
location ~ /static/(.*)$ {
alias /srv/http/random14537/static_collected/$1;
expires 7d;
}
location ~ /media/(.*)$ {
alias /srv/http/random14537/dynamic/public/$1;
expires 7d;
include upload_folder_security_params;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:81;
proxy_connect_timeout 120;
proxy_read_timeout 120;
}
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/random14537/access.log combined_plus;
}

44
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 Normal file
View file

@ -0,0 +1,44 @@
server {
listen 80;
server_name random3674.example.org www.random3674.example.org;
root /srv/http/random3674.example.org;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/random3674.example.org/access.log combined_plus;
error_log /var/log/nginx/random3674.example.org/error.log;
}
server {
listen 80;
server_name random27569.example.org www.random27569.example.org;
root /srv/http/random27569.example.org;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/random27569.example.org/access.log combined_plus;
error_log /var/log/nginx/random27569.example.org/error.log;
}
server {
listen 80;
server_name random11055.example.org www.random11055.example.org;
root /srv/http/random11055.example.org;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/random11055.example.org/access.log combined_plus;
error_log /var/log/nginx/random11055.example.org/error.log;
}

46
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 Normal file
View file

@ -0,0 +1,46 @@
upstream django_server_random7267.example.org {
server unix:/srv/http/random24334/live/website.sock;
}
server {
listen 80;
listen 443 ssl;
server_name random7267.example.org;
ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7267.example.org.key;
location /media/ {
alias /srv/http/random24334/live/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random24334/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random7267.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
}
access_log /var/log/nginx/random24334/live/access.log combined_plus;
error_log /var/log/nginx/random24334/live/error.log;
}
server {
listen 80;
listen 443 ssl;
server_name www.random7267.example.org;
ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt;
ssl_certificate_key /etc/ssl/private/random7267.example.org.key;
return 301 http://random7267.example.org$request_uri;
}

31
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 Normal file
View file

@ -0,0 +1,31 @@
upstream django_server_random2104.example.org {
server unix:/srv/http/random28136/live/website.sock;
}
server {
listen 80;
server_name www.random2104.example.org;
location ~ /static/(.*)$ {
alias /srv/http/random28136/live/website/static/$1;
expires 7d;
}
location / {
proxy_pass http://django_server_random2104.example.org;
include /etc/nginx/proxy_params;
proxy_connect_timeout 240;
proxy_read_timeout 240;
# You can configure access rules here
}
access_log /var/log/nginx/random28136/live/access.log combined_plus;
error_log /var/log/nginx/random28136/live/error.log;
}
server {
server_name random2104.example.org;
rewrite ^ http://www.random2104.example.org$request_uri permanent;
}

33
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 Normal file
View file

@ -0,0 +1,33 @@
upstream django_server_random24919.example.org {
server unix:/srv/http/random7831/live/website.sock;
}
server {
listen 80;
server_name random24919.example.org;
location ^~ /media/ {
alias /srv/http/random7831/live/dynamic/public/;
expires 7d;
}
location ^~ /static/ {
alias /srv/http/random7831/live/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random24919.example.org;
include /etc/nginx/proxy_params;
proxy_connect_timeout 240;
proxy_read_timeout 240;
}
access_log /var/log/nginx/random7831/live/access.log combined_plus;
error_log /var/log/nginx/random7831/live/error.log;
}
server {
server_name www.random24919.example.org;
rewrite ^ http://random24919.example.org$request_uri permanent;
}

12
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 Normal file
View file

@ -0,0 +1,12 @@
# vhost created by moving from marauder, but there it was an apache vhost.
server {
listen 80;
server_name random3080.example.org www.random3080.example.org random26833.example.org www.random26833.example.org;
root /srv/http/random10391.example.org/;
if ($request_uri != '/googleYYYYYYYYYYYYYYYY.html') {
rewrite ^ http://random10305.example.org/ permanent;
}
}

38
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 Normal file
View file

@ -0,0 +1,38 @@
upstream django_server_random1107.example.org {
server unix:/srv/http/random4755/acceptance/website.sock;
}
server {
listen 80;
server_name random1107.example.org www.random1107.example.org;
if ($host != 'random1107.example.org') {
rewrite ^/(.*)$ http://random1107.example.org/$1 permanent;
}
location /media/ {
alias /srv/http/random4755/acceptance/dynamic/public/;
expires 7d;
include upload_folder_security_params;
}
location /static/ {
alias /srv/http/random4755/acceptance/static_collected/;
expires 7d;
}
location / {
proxy_pass http://django_server_random1107.example.org;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
satisfy any;
allow 89.188.25.162;
auth_basic "random4755 acceptance";
auth_basic_user_file htpasswords/random4755_acceptance;
}
access_log /var/log/nginx/random4755/acceptance/access.log combined_plus;
error_log /var/log/nginx/random4755/acceptance/error.log;
}

36
certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 Normal file
View file

@ -0,0 +1,36 @@
upstream django_server_random8404.example.org {
server unix:/srv/http/random1006/internal/website.sock;
}
server {
listen 80;
server_name random8404.example.org;
location ^~ /media/ {
alias /srv/http/random1006/internal/website/static/;
expires 7d;
}
#location ^~ /static/ {
# alias /srv/http/random1006/internal/website/static/;
# expires 7d;
#}
location / {
proxy_pass http://django_server_random8404.example.org;
include /etc/nginx/proxy_params;
satisfy any;
auth_basic 'internal for random1006';
auth_basic_user_file /srv/http/random1006/internal/htpasswords;
include /etc/nginx/allow_ytec_ips_params;
deny all;
}
access_log /var/log/nginx/random1006/internal/access.log combined_plus;
error_log /var/log/nginx/random1006/internal/error.log;
}
server {
server_name www.random8404.example.org;
rewrite ^ http://random8404.example.org$request_uri permanent;
}

Some files were not shown because too many files have changed in this diff Show more