diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 50fd10895..5c86ab4fb 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -18,6 +18,7 @@ from certbot import interfaces from certbot import util from certbot.plugins import common +from certbot.plugins.util import path_surgery from certbot_apache import augeas_configurator from certbot_apache import constants @@ -141,6 +142,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): return os.path.join(self.config.config_dir, constants.MOD_SSL_CONF_DEST) + def prepare(self): """Prepare the authenticator/installer. @@ -159,8 +161,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): - raise errors.NoInstallationError( - 'Cannot find Apache install ({0} not in PATH)'.format(restart_cmd)) + if not path_surgery(restart_cmd): + raise errors.NoInstallationError( + 'Cannot find Apache control command {0}'.format(restart_cmd)) # Make sure configuration is valid self.config_test() @@ -516,7 +519,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ addrs = set() - args = self.aug.match(path + "/arg") + try: + args = self.aug.match(path + "/arg") + except RuntimeError: + logger.warn("Encountered a problem while parsing file: %s, skipping", path) + return None for arg in args: addrs.add(obj.Addr.fromstring(self.parser.get_arg(arg))) is_ssl = False @@ -530,7 +537,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if addr.get_port() == "443": is_ssl = True - filename = get_file_path(path) + filename = get_file_path(self.aug.get("/augeas/files%s/path" % get_file_path(path))) if self.conf("handle-sites"): is_enabled = self.is_site_enabled(filename) else: @@ -564,6 +571,8 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): os.path.basename(path) == "VirtualHost"] for path in paths: new_vhost = self._create_vhost(path) + if not new_vhost: + continue realpath = os.path.realpath(new_vhost.filep) if realpath not in vhost_paths.keys(): vhs.append(new_vhost) @@ -777,7 +786,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): self.aug.load() # Get Vhost augeas path for new vhost vh_p = self.aug.match("/files%s//* [label()=~regexp('%s')]" % - (ssl_fp, parser.case_i("VirtualHost"))) + (self._escape(ssl_fp), parser.case_i("VirtualHost"))) if len(vh_p) != 1: logger.error("Error: should only be one vhost in %s", avail_fp) raise errors.PluginError("Currently, we only support " @@ -821,7 +830,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): else: return non_ssl_vh_fp + self.conf("le_vhost_ext") - def _sift_line(self, line): + def _sift_rewrite_rule(self, line): """Decides whether a line should be copied to a SSL vhost. A canonical example of when sifting a line is required: @@ -872,18 +881,62 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): with open(avail_fp, "r") as orig_file: with open(ssl_fp, "w") as new_file: new_file.write("\n") + + comment = ("# Some rewrite rules in this file were " + "disabled on your HTTPS site,\n" + "# because they have the potential to create " + "redirection loops.\n") + for line in orig_file: - if self._sift_line(line): + A = line.lstrip().startswith("RewriteCond") + B = line.lstrip().startswith("RewriteRule") + + if not (A or B): + new_file.write(line) + continue + + # A RewriteRule that doesn't need filtering + if B and not self._sift_rewrite_rule(line): + new_file.write(line) + continue + + # A RewriteRule that does need filtering + if B and self._sift_rewrite_rule(line): if not sift: - new_file.write( - "# Some rewrite rules in this file were " - "were disabled on your HTTPS site,\n" - "# because they have the potential to " - "create redirection loops.\n") + new_file.write(comment) sift = True new_file.write("# " + line) - else: - new_file.write(line) + continue + + # We save RewriteCond(s) and their corresponding + # RewriteRule in 'chunk'. + # We then decide whether we comment out the entire + # chunk based on its RewriteRule. + chunk = [] + if A: + chunk.append(line) + line = next(orig_file) + + # RewriteCond(s) must be followed by one RewriteRule + while not line.lstrip().startswith("RewriteRule"): + chunk.append(line) + line = next(orig_file) + + # Now, current line must start with a RewriteRule + chunk.append(line) + + if self._sift_rewrite_rule(line): + if not sift: + new_file.write(comment) + sift = True + + new_file.write(''.join( + ['# ' + l for l in chunk])) + continue + else: + new_file.write(''.join(chunk)) + continue + new_file.write("\n") except IOError: logger.fatal("Error writing/reading to file in make_vhost_ssl") @@ -943,7 +996,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): self.parser.add_dir(vh_path, "Include", self.mod_ssl_conf) def _add_servername_alias(self, target_name, vhost): - fp = vhost.filep + fp = self._escape(vhost.filep) vh_p = self.aug.match("/files%s//* [label()=~regexp('%s')]" % (fp, parser.case_i("VirtualHost"))) if not vh_p: @@ -996,6 +1049,17 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if need_to_save: self.save() + def _escape(self, fp): + fp = fp.replace(",", "\\,") + fp = fp.replace("[", "\\[") + fp = fp.replace("]", "\\]") + fp = fp.replace("|", "\\|") + fp = fp.replace("=", "\\=") + fp = fp.replace("(", "\\(") + fp = fp.replace(")", "\\)") + fp = fp.replace("!", "\\!") + return fp + ###################################################################### # Enhancements ###################################################################### @@ -1068,7 +1132,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if not use_stapling_aug_path: self.parser.add_dir(ssl_vhost.path, "SSLUseStapling", "on") - ssl_vhost_aug_path = parser.get_aug_path(ssl_vhost.filep) + ssl_vhost_aug_path = self._escape(parser.get_aug_path(ssl_vhost.filep)) # Check if there's an existing SSLStaplingCache directive. stapling_cache_aug_path = self.parser.find_dir('SSLStaplingCache', @@ -1325,7 +1389,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): self.aug.load() # Make a new vhost data structure and add it to the lists - new_vhost = self._create_vhost(parser.get_aug_path(redirect_filepath)) + new_vhost = self._create_vhost(parser.get_aug_path(self._escape(redirect_filepath))) self.vhosts.append(new_vhost) self._enhanced_vhosts["redirect"].add(new_vhost) diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index 9a034c3e0..0bbdac1aa 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -1,4 +1,4 @@ -# pylint: disable=too-many-public-methods +# pylint: disable=too-many-public-methods,too-many-lines """Test for certbot_apache.configurator.""" import os import shutil @@ -49,11 +49,14 @@ class MultipleVhostsTest(util.ApacheTest): shutil.rmtree(self.config_dir) shutil.rmtree(self.work_dir) - @mock.patch("certbot_apache.configurator.util.exe_exists") - def test_prepare_no_install(self, mock_exe_exists): - mock_exe_exists.return_value = False - self.assertRaises( - errors.NoInstallationError, self.config.prepare) + @mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas") + @mock.patch("certbot_apache.configurator.path_surgery") + def test_prepare_no_install(self, mock_surgery, _init_augeas): + silly_path = {"PATH": "/tmp/nothingness2342"} + mock_surgery.return_value = False + with mock.patch.dict('os.environ', silly_path): + self.assertRaises(errors.NoInstallationError, self.config.prepare) + self.assertEquals(mock_surgery.call_count, 1) @mock.patch("certbot_apache.augeas_configurator.AugeasConfigurator.init_augeas") def test_prepare_no_augeas(self, mock_init_augeas): @@ -86,6 +89,7 @@ class MultipleVhostsTest(util.ApacheTest): self.assertRaises( errors.NotSupportedError, self.config.prepare) + def test_add_parser_arguments(self): # pylint: disable=no-self-use from certbot_apache.configurator import ApacheConfigurator # Weak test.. @@ -1110,16 +1114,19 @@ class MultipleVhostsTest(util.ApacheTest): self.config._enable_redirect(self.vh_truth[1], "") self.assertEqual(len(self.config.vhosts), 9) - def test_sift_line(self): + def test_sift_rewrite_rule(self): # pylint: disable=protected-access small_quoted_target = "RewriteRule ^ \"http://\"" - self.assertFalse(self.config._sift_line(small_quoted_target)) + self.assertFalse(self.config._sift_rewrite_rule(small_quoted_target)) https_target = "RewriteRule ^ https://satoshi" - self.assertTrue(self.config._sift_line(https_target)) + self.assertTrue(self.config._sift_rewrite_rule(https_target)) normal_target = "RewriteRule ^/(.*) http://www.a.com:1234/$1 [L,R]" - self.assertFalse(self.config._sift_line(normal_target)) + self.assertFalse(self.config._sift_rewrite_rule(normal_target)) + + not_rewriterule = "NotRewriteRule ^ ..." + self.assertFalse(self.config._sift_rewrite_rule(not_rewriterule)) @mock.patch("certbot_apache.configurator.zope.component.getUtility") def test_make_vhost_ssl_with_existing_rewrite_rule(self, mock_get_utility): @@ -1148,7 +1155,61 @@ class MultipleVhostsTest(util.ApacheTest): "[L,QSA,R=permanent]") self.assertTrue(commented_rewrite_rule in conf_text) mock_get_utility().add_message.assert_called_once_with(mock.ANY, + mock.ANY) + @mock.patch("certbot_apache.configurator.zope.component.getUtility") + def test_make_vhost_ssl_with_existing_rewrite_conds(self, mock_get_utility): + self.config.parser.modules.add("rewrite_module") + + http_vhost = self.vh_truth[0] + + self.config.parser.add_dir( + http_vhost.path, "RewriteEngine", "on") + + # Add a chunk that should not be commented out. + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{DOCUMENT_ROOT}/%{REQUEST_FILENAME}", "!-f"]) + self.config.parser.add_dir( + http_vhost.path, "RewriteRule", + ["^(.*)$", "b://u%{REQUEST_URI}", "[P,QSA,L]"]) + + # Add a chunk that should be commented out. + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{HTTPS}", "!=on"]) + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{HTTPS}", "!^$"]) + self.config.parser.add_dir( + http_vhost.path, "RewriteRule", + ["^", + "https://%{SERVER_NAME}%{REQUEST_URI}", + "[L,QSA,R=permanent]"]) + + self.config.save() + + ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0]) + + conf_line_set = set(open(ssl_vhost.filep).read().splitlines()) + + not_commented_cond1 = ("RewriteCond " + "%{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f") + not_commented_rewrite_rule = ("RewriteRule " + "^(.*)$ b://u%{REQUEST_URI} [P,QSA,L]") + + commented_cond1 = "# RewriteCond %{HTTPS} !=on" + commented_cond2 = "# RewriteCond %{HTTPS} !^$" + commented_rewrite_rule = ("# RewriteRule ^ " + "https://%{SERVER_NAME}%{REQUEST_URI} " + "[L,QSA,R=permanent]") + + self.assertTrue(not_commented_cond1 in conf_line_set) + self.assertTrue(not_commented_rewrite_rule in conf_line_set) + + self.assertTrue(commented_cond1 in conf_line_set) + self.assertTrue(commented_cond2 in conf_line_set) + self.assertTrue(commented_rewrite_rule in conf_line_set) + mock_get_utility().add_message.assert_called_once_with(mock.ANY, + mock.ANY) + def get_achalls(self): """Return testing achallenges.""" @@ -1186,6 +1247,45 @@ class MultipleVhostsTest(util.ApacheTest): self.config.aug.match.side_effect = RuntimeError self.assertFalse(self.config._check_aug_version()) +class AugeasVhostsTest(util.ApacheTest): + """Test vhosts with illegal names dependant on augeas version.""" + # pylint: disable=protected-access + + def setUp(self): # pylint: disable=arguments-differ + td = "debian_apache_2_4/augeas_vhosts" + cr = "debian_apache_2_4/augeas_vhosts/apache2" + vr = "debian_apache_2_4/augeas_vhosts/apache2/sites-available" + super(AugeasVhostsTest, self).setUp(test_dir=td, + config_root=cr, + vhost_root=vr) + + self.config = util.get_apache_configurator( + self.config_path, self.vhost_path, self.config_dir, self.work_dir) + self.vh_truth = util.get_vh_truth( + self.temp_dir, "debian_apache_2_4/augeas_vhosts") + + def tearDown(self): + shutil.rmtree(self.temp_dir) + shutil.rmtree(self.config_dir) + shutil.rmtree(self.work_dir) + + def test_choosevhost_with_illegal_name(self): + self.config.aug = mock.MagicMock() + self.config.aug.match.side_effect = RuntimeError + path = "debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf" + chosen_vhost = self.config._create_vhost(path) + self.assertEqual(None, chosen_vhost) + + def test_choosevhost_works(self): + path = "debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf" + chosen_vhost = self.config._create_vhost(path) + self.assertTrue(chosen_vhost == None or chosen_vhost.path == path) + + @mock.patch("certbot_apache.configurator.ApacheConfigurator._create_vhost") + def test_get_vhost_continue(self, mock_vhost): + mock_vhost.return_value = None + vhs = self.config.get_virtual_hosts() + self.assertEqual([], vhs) if __name__ == "__main__": unittest.main() # pragma: no cover diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/apache2.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/apache2.conf new file mode 100644 index 000000000..2a5bb7be2 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/apache2.conf @@ -0,0 +1,196 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +Mutex file:${APACHE_LOCK_DIR} default + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/bad_conf_file.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/bad_conf_file.conf new file mode 100644 index 000000000..8e9178803 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/bad_conf_file.conf @@ -0,0 +1,3 @@ + + +ServerName invalid.net diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/other-vhosts-access-log.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/other-vhosts-access-log.conf new file mode 100644 index 000000000..5e9f5e9e7 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/other-vhosts-access-log.conf @@ -0,0 +1,4 @@ +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/security.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/security.conf new file mode 100644 index 000000000..eccfcb1fd --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/security.conf @@ -0,0 +1,35 @@ +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +TraceEnable Off +#TraceEnable On + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/serve-cgi-bin.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/serve-cgi-bin.conf new file mode 100644 index 000000000..b02782dab --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-available/serve-cgi-bin.conf @@ -0,0 +1,20 @@ + + + Define ENABLE_USR_LIB_CGI_BIN + + + + Define ENABLE_USR_LIB_CGI_BIN + + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/other-vhosts-access-log.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/other-vhosts-access-log.conf new file mode 120000 index 000000000..8af91e530 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/other-vhosts-access-log.conf @@ -0,0 +1 @@ +../conf-available/other-vhosts-access-log.conf \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/security.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/security.conf new file mode 120000 index 000000000..036c97fa7 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/security.conf @@ -0,0 +1 @@ +../conf-available/security.conf \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/serve-cgi-bin.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/serve-cgi-bin.conf new file mode 120000 index 000000000..d917f688e --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/conf-enabled/serve-cgi-bin.conf @@ -0,0 +1 @@ +../conf-available/serve-cgi-bin.conf \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/envvars b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/envvars new file mode 100644 index 000000000..a13d9a89e --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/envvars @@ -0,0 +1,29 @@ +# envvars - default environment variables for apache2ctl + +# this won't be correct after changing uid +unset HOME + +# for supporting multiple apache2 instances +if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then + SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}" +else + SUFFIX= +fi + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=www-data +export APACHE_RUN_GROUP=www-data +# temporary state file location. This might be changed to /run in Wheezy+1 +export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid +export APACHE_RUN_DIR=/var/run/apache2$SUFFIX +export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX +# Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. +export APACHE_LOG_DIR=/var/log/apache2$SUFFIX + +## The locale used by some modules like mod_dav +export LANG=C + +export LANG + diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/authz_svn.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/authz_svn.load new file mode 100644 index 000000000..c6df2733b --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/authz_svn.load @@ -0,0 +1,5 @@ +# Depends: dav_svn + + Include mods-enabled/dav_svn.load + +LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav.load new file mode 100644 index 000000000..a5867fff3 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav.load @@ -0,0 +1,3 @@ + + LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so + diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.conf new file mode 100644 index 000000000..801cbd6bd --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.conf @@ -0,0 +1,56 @@ +# dav_svn.conf - Example Subversion/Apache configuration +# +# For details and further options see the Apache user manual and +# the Subversion book. +# +# NOTE: for a setup with multiple vhosts, you will want to do this +# configuration in /etc/apache2/sites-available/*, not here. + +# ... +# URL controls how the repository appears to the outside world. +# In this example clients access the repository as http://hostname/svn/ +# Note, a literal /svn should NOT exist in your document root. +# + + # Uncomment this to enable the repository + #DAV svn + + # Set this to the path to your repository + #SVNPath /var/lib/svn + # Alternatively, use SVNParentPath if you have multiple repositories under + # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...). + # You need either SVNPath and SVNParentPath, but not both. + #SVNParentPath /var/lib/svn + + # Access control is done at 3 levels: (1) Apache authentication, via + # any of several methods. A "Basic Auth" section is commented out + # below. (2) Apache and , also commented out + # below. (3) mod_authz_svn is a svn-specific authorization module + # which offers fine-grained read/write access control for paths + # within a repository. (The first two layers are coarse-grained; you + # can only enable/disable access to an entire repository.) Note that + # mod_authz_svn is noticeably slower than the other two layers, so if + # you don't need the fine-grained control, don't configure it. + + # Basic Authentication is repository-wide. It is not secure unless + # you are using https. See the 'htpasswd' command to create and + # manage the password file - and the documentation for the + # 'auth_basic' and 'authn_file' modules, which you will need for this + # (enable them with 'a2enmod'). + #AuthType Basic + #AuthName "Subversion Repository" + #AuthUserFile /etc/apache2/dav_svn.passwd + + # To enable authorization via mod_authz_svn (enable that module separately): + # + #AuthzSVNAccessFile /etc/apache2/dav_svn.authz + # + + # The following three lines allow anonymous read, but make + # committers authenticate themselves. It requires the 'authz_user' + # module (enable it with 'a2enmod'). + # + #Require valid-user + # + +# diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.load new file mode 100644 index 000000000..e41e1581a --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/dav_svn.load @@ -0,0 +1,7 @@ +# Depends: dav + + + Include mods-enabled/dav.load + + LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so + diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/rewrite.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/rewrite.load new file mode 100644 index 000000000..b32f16264 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/rewrite.load @@ -0,0 +1 @@ +LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.conf new file mode 100644 index 000000000..e9fcf4f9b --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.conf @@ -0,0 +1,89 @@ + + + # Pseudo Random Number Generator (PRNG): + # Configure one or more sources to seed the PRNG of the SSL library. + # The seed data should be of good random quality. + # WARNING! On some platforms /dev/random blocks if not enough entropy + # is available. This means you then cannot use the /dev/random device + # because it would lead to very long connection times (as long as + # it requires to make more entropy available). But usually those + # platforms additionally provide a /dev/urandom device which doesn't + # block. So, if available, use this one instead. Read the mod_ssl User + # Manual for more details. + # + SSLRandomSeed startup builtin + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLRandomSeed connect file:/dev/urandom 512 + + ## + ## SSL Global Context + ## + ## All SSL configuration in this context applies both to + ## the main server and all SSL-enabled virtual hosts. + ## + + # + # Some MIME-types for downloading Certificates and CRLs + # + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl + + # Pass Phrase Dialog: + # Configure the pass phrase gathering process. + # The filtering dialog program (`builtin' is a internal + # terminal dialog) has to provide the pass phrase on stdout. + SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase + + # Inter-Process Session Cache: + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + # (The mechanism dbm has known memory leaks and should not be used). + #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache + SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) + SSLSessionCacheTimeout 300 + + # Semaphore: + # Configure the path to the mutual exclusion semaphore the + # SSL engine uses internally for inter-process synchronization. + # (Disabled by default, the global Mutex directive consolidates by default + # this) + #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache + + + # SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. See the + # ciphers(1) man page from the openssl package for list of all available + # options. + # Enable only secure ciphers: + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + + # Speed-optimized SSL Cipher configuration: + # If speed is your main concern (on busy HTTPS servers e.g.), + # you might want to force clients to specific, performance + # optimized ciphers. In this case, prepend those ciphers + # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. + # Caveat: by giving precedence to RC4-SHA and AES128-SHA + # (as in the example below), most connections will no longer + # have perfect forward secrecy - if the server's key is + # compromised, captures of past or future traffic must be + # considered compromised, too. + #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 + #SSLHonorCipherOrder on + + # The protocols to enable. + # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 + # SSL v2 is no longer supported + SSLProtocol all + + # Allow insecure renegotiation with clients which do not yet support the + # secure renegotiation protocol. Default: Off + #SSLInsecureRenegotiation on + + # Whether to forbid non-SNI clients to access name based virtual hosts. + # Default: Off + #SSLStrictSNIVHostCheck On + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.load new file mode 100644 index 000000000..3d2336ae0 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-available/ssl.load @@ -0,0 +1,2 @@ +# Depends: setenvif mime socache_shmcb +LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/.gitignore b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/.gitignore new file mode 100644 index 000000000..e69de29bb diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/authz_svn.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/authz_svn.load new file mode 120000 index 000000000..7ac0725dd --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/authz_svn.load @@ -0,0 +1 @@ +../mods-available/authz_svn.load \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav.load new file mode 120000 index 000000000..9dcfef6da --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav.load @@ -0,0 +1 @@ +../mods-available/dav.load \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.conf new file mode 120000 index 000000000..964c7bb0b --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.conf @@ -0,0 +1 @@ +../mods-available/dav_svn.conf \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.load b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.load new file mode 120000 index 000000000..4094e4173 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/mods-enabled/dav_svn.load @@ -0,0 +1 @@ +../mods-available/dav_svn.load \ No newline at end of file diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/ports.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/ports.conf new file mode 100644 index 000000000..5daec58c1 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/ports.conf @@ -0,0 +1,15 @@ +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default.conf + +Listen 80 + + + Listen 443 + + + + Listen 443 + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf new file mode 100644 index 000000000..2bd4e1fe9 --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-available/old,default.conf @@ -0,0 +1,12 @@ + + + ServerName ip-172-30-0-17 + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-enabled/placeholder.conf b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/apache2/sites-enabled/placeholder.conf new file mode 100644 index 000000000..e69de29bb diff --git a/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/sites b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/sites new file mode 100644 index 000000000..ab518ee5b --- /dev/null +++ b/certbot-apache/certbot_apache/tests/testdata/debian_apache_2_4/augeas_vhosts/sites @@ -0,0 +1,3 @@ +sites-available/certbot.conf, certbot.demo +sites-available/encryption-example.conf, encryption-example.demo +sites-available/ocsp-ssl.conf, ocspvhost.com diff --git a/certbot-compatibility-test/nginx/README b/certbot-compatibility-test/nginx/README new file mode 100644 index 000000000..f32de2148 --- /dev/null +++ b/certbot-compatibility-test/nginx/README @@ -0,0 +1,27 @@ +Eventually there will also be a compatibility test here like the Apache one. + +Right now, this is data for the roundtrip test (checking that the parser +can parse each file and that the reserialized config file it generates is +identical to the original). + +If run in a virtualenv or otherwise so that certbot_nginx can be imported, +the roundtrip test can run as + +python roundtrip.py nginx-roundtrip-testdata + +It gives exit status 0 for success and 1 if at least one parse or roundtrip +failure occurred. + + +The directory nginx-roundtrip-testdata includes some config files that were +contributed to our project as well as most of the configs linked from + +https://www.nginx.com/resources/wiki/start/ + +Some exceptions that were skipped are + +https://www.nginx.com/resources/wiki/start/topics/recipes/moinmoin/ +https://www.nginx.com/resources/wiki/start/topics/examples/SSL-Offloader/ (not much nginx configuration) +https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ (likewise) +https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/ +https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/ diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 new file mode 100644 index 000000000..19dc49444 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 @@ -0,0 +1,34 @@ +upstream django_server_random18709.example.org { + server unix:/srv/http/random22194/live/website.sock; +} + +server { + listen 80; + server_name random18709.example.org; + + location /media/ { + alias /srv/http/random22194/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random18709.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random22194/live/access.log combined_plus; + error_log /var/log/nginx/random22194/live/error.log; +} + +server { + server_name www.random18709.example.org; + server_name random24607.example.org www.random24607.example.org; + return 301 http://random18709.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 new file mode 100644 index 000000000..fe95ac8dc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 @@ -0,0 +1,71 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 443; + server_name www.random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + + +server { + listen 443; + server_name random1413.example.org www.random1413.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random1413.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random1413.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 443; + server_name random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 80; + server_name random1413.example.org www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + server_name random25266.example.org www.random25266.example.org; + server_name random26791.example.org www.random26791.example.org; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 new file mode 100644 index 000000000..103b56009 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 @@ -0,0 +1,38 @@ +upstream django_server_random11921.example.org { + server unix:/srv/http/random9726/acceptance/website.sock; +} + +server { + listen 80; + server_name random11921.example.org www.random11921.example.org; + + if ($host != 'random11921.example.org') { + rewrite ^/(.*)$ http://random11921.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random9726/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random9726/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11921.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + error_page 502 503 504 /50x.html; + } + + location /50x.html { + root /usr/share/nginx/www/; + } + + access_log /var/log/nginx/random9726/acceptance/access.log combined_plus; + error_log /var/log/nginx/random9726/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 new file mode 100644 index 000000000..0f7c55762 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 @@ -0,0 +1,16 @@ +server { + listen 80 default; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random27802/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 new file mode 100644 index 000000000..a09605d03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 @@ -0,0 +1,40 @@ +upstream django_server_acceptance.random8289.random17507.example.org { + server unix:/srv/http/random8289/acceptance/website.sock; +} + +server { + listen 80; + server_name random23045.example.org; + + location /media/ { + alias /srv/http/random8289/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptance.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random8289 acceptance'; + auth_basic_user_file /srv/http/random8289/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random8289/acceptance/access.log combined_plus; + error_log /var/log/nginx/random8289/acceptance/error.log; +} + +server { + server_name www.random23045.example.org; + return 301 http://random23045.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 new file mode 100644 index 000000000..8aceca7ca --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 @@ -0,0 +1,37 @@ +upstream django_server_random24036.example.org { + server unix:/srv/http/random1006/live/website.sock; +} + +server { + listen 80; + server_name random24036.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/live/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random24036.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random1006/live/access.log combined_plus; + error_log /var/log/nginx/random1006/live/error.log; +} + +server { + server_name www.random24036.example.org; + server_name random32349.example.org www.random32349.example.org; + server_name random23794.example.org www.random23794.example.org; + rewrite ^ http://random24036.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 new file mode 100644 index 000000000..1d81e5b52 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 @@ -0,0 +1,36 @@ +upstream django_server_random25979.example.org { + server unix:/srv/http/random24211/internal/website.sock; +} + +server { + listen 80; + server_name random25979.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25979.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24211'; + auth_basic_user_file /srv/http/random24211/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24211/internal/access.log combined_plus; + error_log /var/log/nginx/random24211/internal/error.log; +} + +server { + server_name www.random25979.example.org; + rewrite ^ http://intern.random24211.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 new file mode 100644 index 000000000..0dc1af725 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 @@ -0,0 +1,29 @@ +server { + listen 80; + listen 7891; # User0 + listen 8080; # User1 + listen 8900; # User2 + listen 8912; # User3 + listen 3567; # User4 + + server_name random666.example.org www.random666.example.org; + + root /srv/http/random666.example.org; + index index.html index.htm; + + location /duif_assets/ { + try_files $uri $uri/ =404; + } + + location /index.html { + try_files $uri $uri/ =404; + } + + location / { + rewrite ^.+$ / break; + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random666.example.org/access.log combined_plus; + error_log /var/log/nginx/random666.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 new file mode 100644 index 000000000..13210b056 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 @@ -0,0 +1,38 @@ +upstream django_server_random23900.example.org { + server unix:/srv/http/random29467/acceptance/website.sock; +} + +server { + listen 80; + server_name random23900.example.org www.random23900.example.org; + + if ($host != 'random23900.example.org') { + rewrite ^/(.*)$ http://random23900.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random23900.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random29467 acceptance"; + auth_basic_user_file htpasswords/random29467_acceptance; + + } + + access_log /var/log/nginx/random29467/acceptance/access.log combined_plus; + error_log /var/log/nginx/random29467/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 new file mode 100644 index 000000000..8a8c90b7e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 @@ -0,0 +1,36 @@ +upstream django_server_random3140.example.org { + server unix:/srv/http/random2912/live/website.sock; +} + +server { + listen 80; + server_name random3140.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random3140.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random2912/live/access.log combined_plus; + error_log /var/log/nginx/random2912/live/error.log; +} + +server { + server_name www.random3140.example.org; + server_name random28398.example.org; + server_name random23689.example.org www.random23689.example.org; + server_name random25863.example.org www.random25863.example.org; + + rewrite ^ http://random3140.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 new file mode 100644 index 000000000..9d74e2098 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 @@ -0,0 +1,29 @@ +upstream django_server_random6410.example.org { + server unix:/srv/http/random28641/live/website.sock; +} + +server { + listen 80; + server_name www.random6410.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/live/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6410.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random28641/live/access.log combined_plus; + error_log /var/log/nginx/random28641/live/error.log; +} + +server { + server_name random6410.example.org; + rewrite ^ http://www.random6410.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 new file mode 100644 index 000000000..17ba72db4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 @@ -0,0 +1,33 @@ +server { + server_name random18267.example.org; + gzip on; + gzip_min_length 2000; + gzip_proxied any; + gzip_types application/json; + + client_max_body_size 30M; + + root /srv/http/random23264/data; + + # Security + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + + # try serving docs and (md5/immutable) directly + location ~ \+(f|doc)/ { + try_files $uri @proxy_to_app; + } + location / { + # XXX how to tell nginx to just refer to @proxy_to_app here? + try_files /.lqkwje @proxy_to_app; + } + location @proxy_to_app { + proxy_pass http://random20604.example.org:4040; + proxy_set_header X-outside-url $scheme://$host; + proxy_set_header X-Real-IP $remote_addr; + } + + access_log /var/log/nginx/random23264/access.log combined_plus; + error_log /var/log/nginx/random23264/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 new file mode 100644 index 000000000..af5a22620 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 @@ -0,0 +1,45 @@ +upstream django_server_random10305.example.org { + server unix:/srv/http/random23322/live/website.sock; +} + +server { + listen 80; + server_name random10305.example.org; + + location /media/ { + alias /srv/http/random23322/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random23322/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10305.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random23322/live/access.log combined_plus; + error_log /var/log/nginx/random23322/live/error.log; +} + +server { + listen 80; + + server_name random13399.example.org; + server_name www.random10305.example.org; + server_name random17958.example.org www.random17958.example.org; + server_name random15266.example.org www.random15266.example.org; + server_name random21296.example.org www.random21296.example.org; + server_name random5261.example.org www.random5261.example.org; + server_name random679.example.org www.random679.example.org; + server_name random31788.example.org www.random31788.example.org; + server_name random22704.example.org www.random22704.example.org; + server_name random17411.example.org www.random17411.example.org; + + return 301 http://random10305.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 new file mode 100644 index 000000000..d7a17f76e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 @@ -0,0 +1,38 @@ +upstream django_server_random30837.example.org { + server unix:/srv/http/random30992/live/website.sock; +} + +server { + listen 80; + server_name www.random30837.example.org; + + location ^~ /media/ { + alias /srv/http/random30992/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random30992/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random30837.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random30992/live/access.log combined_plus; + error_log /var/log/nginx/random30992/live/error.log; +} + +server { + server_name random30837.example.org; + server_name random3263.example.org www.random3263.example.org; + server_name random6771.example.org www.random6771.example.org; + server_name random17696.example.org www.random17696.example.org; + server_name random7179.example.org www.random7179.example.org; + server_name random8127.example.org www.random8127.example.org; + + rewrite ^ http://www.random30837.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 new file mode 100644 index 000000000..ca9ca2f61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 @@ -0,0 +1,33 @@ +upstream django_server_random17705.example.org { + server unix:/srv/http/random8289/internal/website.sock; +} + +server { + listen 80; + server_name random17705.example.org; + + location /media/ { + alias /srv/http/random8289/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17705.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random8289/internal/access.log combined_plus; + error_log /var/log/nginx/random8289/internal/error.log; +} + +server { + server_name www.random17705.example.org; + return 301 http://random17705.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 new file mode 100644 index 000000000..7caf7b2a4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 @@ -0,0 +1,54 @@ +upstream django_server_random17507.example.org { + server unix:/srv/http/random7740/live/website.sock; +} + +server { + listen 80; + server_name random17507.example.org; + + location ^~ /media/ { + alias /srv/http/random7740/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7740/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random7740/live/access.log combined_plus; + error_log /var/log/nginx/random7740/live/error.log; +} + +server { + server_name www.random17507.example.org; + server_name random31197.example.org www.random31197.example.org; + server_name random19579.example.org www.random19579.example.org; + server_name random16629.example.org www.random16629.example.org; + server_name random28363.example.org www.random28363.example.org; + server_name random30185.example.org www.random30185.example.org; + server_name random22326.example.org www.random22326.example.org; + server_name random3622.example.org www.random3622.example.org; + server_name random1463.example.org www.random1463.example.org; + server_name random23341.example.org www.random23341.example.org; + server_name random2214.example.org www.random2214.example.org; + server_name random22684.example.org www.random22684.example.org; + server_name random6606.example.org www.random6606.example.org; + server_name random29138.example.org www.random29138.example.org; + server_name random15109.example.org www.random15109.example.org; + server_name random8002.example.org www.random8002.example.org; + server_name random16836.example.org www.random16836.example.org; + server_name random22283.example.org www.random22283.example.org; + + location = /googleXXXXXXXXXXXXXXXX.html { + alias /srv/http/random7740/live/website/templates/googleXXXXXXXXXXXXXXXX.html; + } + + rewrite ^ http://random17507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 new file mode 100644 index 000000000..2b2689f09 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 @@ -0,0 +1,36 @@ +upstream django_server_acceptatie.random20374.nl { + server unix:/srv/http/random20374/acceptance/website.sock; +} + +server { + listen 80; + server_name random28586.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptatie.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random20374'; + auth_basic_user_file /srv/http/random20374/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/acceptance/access.log combined_plus; + error_log /var/log/nginx/random20374/acceptance/error.log; +} + +server { + server_name www.random28586.example.org; + rewrite ^ http://random28586.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 new file mode 100644 index 000000000..b4f4bd61c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 @@ -0,0 +1,38 @@ +upstream django_server_random6822.example.org { + server unix:/srv/http/random7047/live/website.sock; +} + +server { + listen 8443; + server_name random6822.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location /media/ { + alias /srv/http/random7047/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random7047/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6822.example.org; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random7047/live/access.log combined_plus; + error_log /var/log/nginx/random7047/live/error.log; +} + +server { + listen 80; + server_name random6822.example.org; + + rewrite ^/(.*) https://random6822.example.org:8443/$1; +} + + diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 new file mode 100644 index 000000000..fa09bed93 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 @@ -0,0 +1,112 @@ +# You may add here your +# server { +# ... +# } +# statements for each of your virtual hosts to this file + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + root /usr/share/nginx/html; + index index.html index.htm; + + # Make site accessible from http://random20604.example.org/ + server_name random20604.example.org; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + # Uncomment to enable naxsi on this location + # include /etc/nginx/naxsi.rules + } + + # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests + #location /RequestDenied { + # proxy_pass http://127.0.0.1:8080; + #} + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + #error_page 500 502 503 504 /50x.html; + #location = /50x.html { + # root /usr/share/nginx/html; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + # + # # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php5-fpm: + # fastcgi_pass unix:/var/run/php5-fpm.sock; + # fastcgi_index index.php; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# another virtual host using mix of IP-, name-, and port-based configuration +# +#server { +# listen 8000; +# listen random20605.example.org:8080; +# server_name random20605.example.org alias another.alias; +# root html; +# index index.html index.htm; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + + +# HTTPS server +# +#server { +# listen 443; +# server_name random20604.example.org; +# +# root html; +# index index.html index.htm; +# +# ssl on; +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; +# +# ssl_session_timeout 5m; +# +# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; +# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; +# ssl_prefer_server_ciphers on; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 new file mode 100644 index 000000000..273694b51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 @@ -0,0 +1,39 @@ +upstream django_server_random29275.example.org { + server unix:/srv/http/random14353/internal/website.sock; +} + +server { + listen 80; + server_name random29275.example.org; + + location /media/ { + alias /srv/http/random14353/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29275.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'internal for random14353'; + auth_basic_user_file /srv/http/random14353/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/internal/access.log; + error_log /var/log/nginx/random14353/internal/error.log; +} + +server { + server_name www.random29275.example.org; + return 301 http://random29275.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 new file mode 100644 index 000000000..86a8980d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 @@ -0,0 +1,35 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random29227/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location /media/ { + alias /srv/http/random29227/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random29227/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29227/live/access.log combined_plus; + error_log /var/log/nginx/random29227/live/error.log; +} +server { + server_name random5297.example.org www.random5297.example.org; + server_name random17050.example.org www.random17050.example.org; + server_name www.random16112.example.org; + + return 301 http://random16112.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 new file mode 100644 index 000000000..32b88c62f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 @@ -0,0 +1,38 @@ +upstream django_server_random7474.example.org { + server unix:/srv/http/random4886/acceptance/website.sock; +} + +server { + listen 80; + server_name random7474.example.org; + + location /media/ { + alias /srv/http/random4886/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7474.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random4886'; + auth_basic_user_file /srv/http/random4886/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + client_max_body_size 20m; + + access_log /var/log/nginx/random4886/acceptance/access.log; + error_log /var/log/nginx/random4886/acceptance/error.log; +} + +server { + server_name www.random7474.example.org; + return 301 http://random7474.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 new file mode 100644 index 000000000..ac8ce609c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 @@ -0,0 +1,34 @@ +upstream django_server_random25713.example.org { + server unix:/srv/http/random24922/live/website.sock; +} + +server { + listen 80; + server_name random25713.example.org; + + location /media/ { + alias /srv/http/random24922/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random24922/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25713.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24922/live/access.log; + error_log /var/log/nginx/random24922/live/error.log; +} + +server { + server_name www.random25713.example.org; + return 301 http://random25713.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 new file mode 100644 index 000000000..e733a70ed --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 @@ -0,0 +1,14 @@ +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + index index.html index.htm; + root /srv/http/random11461/countdown/; + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 new file mode 100644 index 000000000..4a0967de8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 @@ -0,0 +1,32 @@ +upstream django_server_random6430.example.org { + server unix:/srv/http/random550/internal/website.sock; +} + +server { + listen 80; + server_name random6430.example.org; + + location /media/ { + alias /srv/http/random550/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6430.example.org; + include /etc/nginx/django_proxy_params; + + } + + access_log /var/log/nginx/random550/internal/access.log combined_plus; + error_log /var/log/nginx/random550/internal/error.log; +} + +server { + server_name www.random6430.example.org; + return 301 http://random6430.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 new file mode 100644 index 000000000..a3b10eed6 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 @@ -0,0 +1,32 @@ +upstream django_server_random25647.example.org { + server unix:/srv/http/random11461/live/website.sock; +} + +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random11461/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random11461/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25647.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 new file mode 100644 index 000000000..63b68d6ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 @@ -0,0 +1,36 @@ +upstream django_server_intern.random20374.nl { + server unix:/srv/http/random20374/internal/website.sock; +} + +server { + listen 80; + server_name random23818.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_intern.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random20374'; + auth_basic_user_file /srv/http/random20374/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/internal/access.log combined_plus; + error_log /var/log/nginx/random20374/internal/error.log; +} + +server { + server_name www.random23818.example.org; + rewrite ^ http://random23818.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 new file mode 100644 index 000000000..d6d4e5bea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 @@ -0,0 +1,39 @@ +upstream django_server_random7949.example.org { + server unix:/srv/http/random1006/acceptance/website.sock; +} + +server { + listen 80; + server_name random7949.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/acceptance/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random7949.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random1006'; + auth_basic_user_file /srv/http/random1006/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/acceptance/access.log combined_plus; + error_log /var/log/nginx/random1006/acceptance/error.log; +} + +server { + server_name www.random7949.example.org; + rewrite ^ http://random7949.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 new file mode 100644 index 000000000..2609e2080 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 @@ -0,0 +1,39 @@ +upstream django_server_random1515.example.org { + server unix:/srv/http/random15255/acceptance/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random1515.example.org www.random1515.example.org; + + if ($host != 'random1515.example.org') { + rewrite ^/(.*)$ http://random1515.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1515.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 acceptance'; + auth_basic_user_file /srv/http/random15255/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/acceptance/access.log combined_plus; + error_log /var/log/nginx/random15255/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 new file mode 100644 index 000000000..617472e0d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 @@ -0,0 +1,39 @@ +upstream django_server_live.random8289.random17507.example.org { + server unix:/srv/http/random8289/live/website.sock; +} + +server { + listen 443; + server_name random23886.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random23886.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random23886.example.org.key; + + location /media/ { + alias /srv/http/random8289/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_live.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random8289/live/access.log combined_plus; + error_log /var/log/nginx/random8289/live/error.log; +} + +server { + listen 80; + server_name random23886.example.org; + return 301 https://random23886.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 new file mode 100644 index 000000000..41aaef04d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 @@ -0,0 +1,36 @@ +upstream django_server_random31523.example.org { + server unix:/srv/http/random16722.example.org/internal/website.sock; +} + +server { + listen 80; + server_name random31523.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31523.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random16722.example.org'; + auth_basic_user_file /srv/http/random16722.example.org/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random16722.example.org/internal/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/internal/error.log; +} + +server { + server_name www.random31523.example.org; + rewrite ^ http://random31523.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 new file mode 100644 index 000000000..6e3112ad8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 @@ -0,0 +1,34 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 80; + server_name random1413.example.org; + + location ^~ /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + +server { + server_name www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + rewrite ^ http://random1413.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 new file mode 100644 index 000000000..20d718409 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 @@ -0,0 +1,36 @@ +upstream django_server_random9619.example.org { + server unix:/srv/http/random28641/internal/website.sock; +} + +server { + listen 80; + server_name random9619.example.org; + + location ^~ /media/ { + alias /srv/http/random28641/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random28641/internal/website/static/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random9619.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random28641'; + auth_basic_user_file /srv/http/random28641/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/internal/access.log combined_plus; + error_log /var/log/nginx/random28641/internal/error.log; +} + +server { + server_name www.random9619.example.org; + rewrite ^ http://random9619.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 new file mode 100644 index 000000000..5650efb4c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 @@ -0,0 +1,33 @@ +upstream django_server_random31758.example.org { + server unix:/srv/http/random21623/internal/website.sock; +} + +server { + listen 80; + server_name random31758.example.org www.random31758.example.org; + + if ($host != 'random31758.example.org') { + rewrite ^/(.*)$ http://random31758.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random21623/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31758.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/internal/access.log combined_plus; + error_log /var/log/nginx/random21623/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 new file mode 100644 index 000000000..85576da76 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 @@ -0,0 +1,32 @@ +upstream django_server_random1688.example.org { + server unix:/srv/http/random6470/acceptance/website.sock; +} + +server { + listen 80; + server_name random5078.example.org random1688.example.org www.random1688.example.org; + + if ($host != 'random5078.example.org') { + rewrite ^/(.*)$ http://random5078.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random6470/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random6470/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1688.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random6470/acceptance/access.log combined_plus; + error_log /var/log/nginx/random6470/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 new file mode 100644 index 000000000..00d1d2b0b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 @@ -0,0 +1,33 @@ +upstream django_server_random22746.example.org { + server unix:/srv/http/random6344/internal/website.sock; +} + +server { + listen 80; + server_name random22746.example.org; + + if ($host != 'random22746.example.org') { + rewrite ^/(.*)$ http://random22746.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random6344/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22746.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/internal/access.log combined_plus; + error_log /var/log/nginx/random6344/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 new file mode 100644 index 000000000..5b91f0eaf --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 @@ -0,0 +1,74 @@ +upstream django_server_random15255_live { + server unix:/srv/http/random15255/live/website.sock fail_timeout=5; +} + +server { + listen 443; + server_name random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + location /media/ { + alias /srv/http/random15255/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + + location /static/ { + alias /srv/http/random15255/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_live; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random15255/live/access.log combined_plus; + error_log /var/log/nginx/random15255/live/error.log; +} + +server { + listen 80; + server_name random7381.example.org www.random7381.example.org; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 8445; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 1000; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 443; + server_name www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 new file mode 100644 index 000000000..4f78b645b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 @@ -0,0 +1,56 @@ +upstream django_server_random27579.example.org { + server unix:/srv/http/random21623/live/website.sock; +} + +server { + listen 443; + server_name random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + location /media/ { + alias /srv/http/random21623/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27579.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/live/access.log combined_plus; + error_log /var/log/nginx/random21623/live/error.log; +} + +server { + listen 443; + server_name www.random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + return 301 https://random27579.example.org$request_uri; +} + +server { + listen 80; + + server_name random27579.example.org www.random27579.example.org random11512.example.org; + server_name random18003.example.org www.random18003.example.org; + server_name random26730.example.org www.random26730.example.org; + server_name random3968.example.org www.random3968.example.org; + server_name random11925.example.org www.random11925.example.org; + + return 301 https://random27579.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 new file mode 100644 index 000000000..25933cebb --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 @@ -0,0 +1,33 @@ +upstream django_server_random31057.example.org { + server unix:/srv/http/random22194/acceptance/website.sock; +} + +server { + listen 80; + server_name random31057.example.org www.random31057.example.org; + + if ($host != 'random31057.example.org') { + rewrite ^/(.*)$ http://random31057.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random22194/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31057.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 120; + } + + access_log /var/log/nginx/random22194/acceptance/access.log combined_plus; + error_log /var/log/nginx/random22194/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 new file mode 100644 index 000000000..9db2c07f5 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 @@ -0,0 +1,32 @@ +upstream django_server_random16722.example.org { + server unix:/srv/http/random16722.example.org/live/website.sock; +} + +server { + listen 80; + server_name random16722.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16722.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random16722.example.org/live/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/live/error.log; +} + +server { + server_name www.random16722.example.org; + rewrite ^ http://random16722.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 new file mode 100644 index 000000000..7bd3f2778 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 @@ -0,0 +1,32 @@ +upstream django_server_random14388.example.org { + server unix:/srv/http/random4886/live/website.sock; +} + +server { + listen 80; + server_name random14388.example.org; + + location /media/ { + alias /srv/http/random4886/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random14388.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random4886/live/access.log; + error_log /var/log/nginx/random4886/live/error.log; +} + +server { + server_name www.random14388.example.org; + return 301 http://random14388.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 new file mode 100644 index 000000000..f7efda324 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 @@ -0,0 +1,7 @@ +server { + listen 80; + server_name random14996.example.org; + + root /srv/http/random23392/; + index index.html; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 new file mode 100644 index 000000000..1d2b7ec83 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 @@ -0,0 +1,62 @@ +upstream django_server_random6177.example.org { + server unix:/srv/http/random550/live/website.sock; +} + +server { + listen 443 ssl; + server_name random2179.example.org; + + ssl_certificate /etc/ssl/public/random2179.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random2179.example.org.key; + + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access.log combined_plus; + error_log /var/log/nginx/random550/live/error.log; +} + +server { + listen 80; + server_name random2179.example.org; + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + #location = / { + # return 301 https://random2179.example.org$request_uri; + #} + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access_http.log combined_plus; + error_log /var/log/nginx/random550/live/error_http.log; +} + +server { + server_name random6177.example.org www.random6177.example.org; + return 301 http://random2179.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 new file mode 100644 index 000000000..b23aeae19 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 @@ -0,0 +1,36 @@ +upstream django_server_random22047.example.org { + server unix:/srv/http/random26975/acceptance/website.sock; +} + +server { + listen 80; + server_name random22047.example.org; + + location /media/ { + alias /srv/http/random26975/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22047.example.org; + include /etc/nginx/django_proxy_params; + + satisfy any; + auth_basic 'acceptance for random26975'; + auth_basic_user_file /srv/http/random26975/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random26975/acceptance/access.log; + error_log /var/log/nginx/random26975/acceptance/error.log; +} + +server { + server_name www.random22047.example.org; + return 301 http://random22047.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 new file mode 100644 index 000000000..7628d27d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 @@ -0,0 +1,32 @@ +upstream django_server_random6193.example.org { + server unix:/srv/http/random4755/live/website.sock; +} + +server { + listen 80; + server_name random6193.example.org www.random6193.example.org; + + if ($host != 'random6193.example.org') { + rewrite ^/(.*)$ http://random6193.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6193.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/live/access.log combined_plus; + error_log /var/log/nginx/random4755/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 new file mode 100644 index 000000000..232935a51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 @@ -0,0 +1,26 @@ +server { + listen 80; + server_name www.random25446.example.org random25446.example.org; + + if ($host != 'random25446.example.org') { + rewrite ^/(.*)$ http://random25446.example.org/$1 permanent; + } + + location ^~ /media { + alias /srv/http/random17476/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static { + alias /srv/http/random17476/internal/static_collected/; + expires 7d; + } + + location / { + include fastcgi_params; + fastcgi_pass unix:/srv/http/random17476/internal/website.sock; + } + + access_log /var/log/nginx/random17476/internal/access.log combined_plus; + error_log /var/log/nginx/random17476/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 new file mode 100644 index 000000000..8e5893d61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 @@ -0,0 +1,32 @@ +upstream django_server_random4030.example.org { + server unix:/srv/http/random26975/live/website.sock; +} + +server { + listen 80; + server_name random4030.example.org; + + location /media/ { + alias /srv/http/random26975/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random4030.example.org; + include /etc/nginx/django_proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random26975/live/access.log; + error_log /var/log/nginx/random26975/live/error.log; +} + +server { + server_name www.random4030.example.org; + return 301 http://random4030.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 new file mode 100644 index 000000000..3ef549982 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 @@ -0,0 +1,32 @@ +upstream django_server_random5890.example.org { + server unix:/srv/http/random4755/internal/website.sock; +} + +server { + listen 80; + server_name random5890.example.org; + + if ($host != 'random5890.example.org') { + rewrite ^/(.*)$ http://random5890.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random5890.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/internal/access.log combined_plus; + error_log /var/log/nginx/random4755/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 new file mode 100644 index 000000000..f7cfb854c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 @@ -0,0 +1,21 @@ +server { + listen 80 default_server; + #listen [::]:80 default_server ipv6only=on; + root /var/www/default/; + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/access.log combined_plus; + error_log /var/log/nginx/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 new file mode 100644 index 000000000..9328e2943 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 @@ -0,0 +1,37 @@ +upstream django_server_random10783.example.org { + server unix:/srv/http/random4711/acceptance/website.sock; +} + +server { + listen 80; + server_name random10783.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10783.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + satisfy any; + auth_basic 'acceptance for random4711'; + auth_basic_user_file /srv/http/random4711/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4711/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4711/acceptance/error.log; +} + +server { + server_name www.random10783.example.org; + rewrite ^ http://random10783.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 new file mode 100644 index 000000000..fdef2900c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 @@ -0,0 +1,5 @@ +server { + location =/ { + return 404; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 new file mode 100644 index 000000000..5f579971a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 @@ -0,0 +1,32 @@ +upstream django_server_random17112.example.org { + server unix:/srv/http/random29467/live/website.sock; +} + +server { + listen 80; + server_name random17112.example.org www.random17112.example.org; + + if ($host != 'random17112.example.org') { + rewrite ^/(.*)$ http://random17112.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29467/live/access.log combined_plus; + error_log /var/log/nginx/random29467/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 new file mode 100644 index 000000000..8e455eb9b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 @@ -0,0 +1,36 @@ +upstream django_server_random1296.example.org { + server unix:/srv/http/random2912/acceptance/website.sock; +} + +server { + listen 80; + server_name random1296.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1296.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random2912'; + auth_basic_user_file /srv/http/random2912/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random2912/acceptance/access.log combined_plus; + error_log /var/log/nginx/random2912/acceptance/error.log; +} + +server { + server_name www.random1296.example.org; + rewrite ^ http://random1296.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 new file mode 100644 index 000000000..3d0ac97ae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 @@ -0,0 +1,36 @@ +upstream django_server_random11685.example.org { + server unix:/srv/http/random4886/internal/website.sock; +} + +server { + listen 80; + server_name random11685.example.org; + + location /media/ { + alias /srv/http/random4886/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11685.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random4886'; + auth_basic_user_file /srv/http/random4886/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4886/internal/access.log; + error_log /var/log/nginx/random4886/internal/error.log; +} + +server { + server_name www.random11685.example.org; + return 301 http://random11685.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 new file mode 100644 index 000000000..69bcb26c0 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 @@ -0,0 +1,32 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random24645/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24645/live/access.log; + error_log /var/log/nginx/random24645/live/error.log; +} + +server { + server_name www.random16112.example.org; + rewrite ^ http://random16112.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 new file mode 100644 index 000000000..be6481eae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 @@ -0,0 +1,33 @@ +upstream django_server_random29198.example.org { + server unix:/srv/http/random28641/acceptance/website.sock; +} + +server { + listen 80; + server_name random29198.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/acceptance/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random29198.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28641'; + auth_basic_user_file /srv/http/random28641/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28641/acceptance/error.log; +} + +server { + server_name www.random29198.example.org; + rewrite ^ http://random29198.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 new file mode 100644 index 000000000..683aa3226 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 @@ -0,0 +1,67 @@ +server { + listen 80; + #listen [::]:80 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} + +server { + listen 443 default_server; + #listen [::]:443 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # We created (will create) this SSL certificate ourselves, using our own CA. This way, we can control strictly which CA the XXX trusts. + # See ytec #6244 + # However, we're working on a fix for high SSL overhead. We're hoping to be able to keep the connections open between log POSTs, like SSL can. + ssl on; + ssl_certificate /etc/ssl/public/random12800.example.org.crt; + ssl_certificate_key /etc/ssl/private/random12800.example.org.key; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 new file mode 100644 index 000000000..479edac5d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 @@ -0,0 +1,37 @@ +upstream django_server_random12785.example.org { + server unix:/srv/http/random14353/live/website.sock; +} + +server { + listen 80; + server_name random12785.example.org; + + location /media/ { + alias /srv/http/random14353/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random12785.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/live/access.log; + error_log /var/log/nginx/random14353/live/error.log; +} + +server { + server_name www.random12785.example.org; + return 301 http://random12785.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 new file mode 100644 index 000000000..84e44dd7c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 @@ -0,0 +1,31 @@ +upstream django_server_random7150.example.org { + server unix:/srv/http/random550/acceptance/website.sock; +} + +server { + listen 80; + server_name random7150.example.org; + + location /media/ { + alias /srv/http/random550/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7150.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/acceptance/access.log combined_plus; + error_log /var/log/nginx/random550/acceptance/error.log; +} + +server { + server_name www.random7150.example.org; + return 301 http://random7150.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 new file mode 100644 index 000000000..648693cbc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 @@ -0,0 +1,33 @@ +upstream django_server_random31131.example.org { + server unix:/srv/http/random24334/internal/website.sock; +} + +server { + listen 80; + server_name random31131.example.org; + + location /media/ { + alias /srv/http/random24334/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31131.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random24334/internal/access.log combined_plus; + error_log /var/log/nginx/random24334/internal/error.log; +} + +server { + server_name www.random31131.example.org; + return 301 http://random31131.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 new file mode 100644 index 000000000..8c7738c03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 @@ -0,0 +1,4 @@ +server { + server_name www.random5115; + return 301 http://www.random10305.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 new file mode 100644 index 000000000..16f4e5e9e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 @@ -0,0 +1,25 @@ +server { + listen 80; + root /home/admin/random19651_log/; + server_name random16339.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random4235/access.log combined_plus; + error_log /var/log/nginx/random4235/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 new file mode 100644 index 000000000..e9c986ff1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 @@ -0,0 +1,32 @@ +upstream django_server_random21989.example.org { + server unix:/srv/http/random28136/acceptance/website.sock; +} + +server { + listen 80; + server_name random21989.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/acceptance/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random21989.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28136'; + auth_basic_user_file /srv/http/random28136/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28136/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28136/acceptance/error.log; +} + +server { + server_name www.random21989.example.org; + rewrite ^ http://random21989.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 new file mode 100644 index 000000000..66929620f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 @@ -0,0 +1,46 @@ +upstream django_server_random1769.example.org { + server unix:/srv/http/random7047/acceptance/website.sock; +} + +server { + listen 80; + server_name random1769.example.org; + + if ($host != 'random1769.example.org') { + rewrite ^/(.*)$ http://random1769.example.org/$1 permanent; + } + + rewrite ^/(.*) https://$host:8444/$1; +} + +server { + listen 8444; + server_name random1769.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location ^~ /media/ { + alias /srv/http/random7047/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7047/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1769.example.org; + include /etc/nginx/proxy_params; + + #satisfy any; + #auth_basic 'acceptance for random7047'; + #auth_basic_user_file /srv/http/random7047/acceptance/htpasswords; + #include /etc/nginx/allow_ytec_ips_params; + #deny all; + } + + access_log /var/log/nginx/random7047/acceptance/access.log combined_plus; + error_log /var/log/nginx/random7047/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 new file mode 100644 index 000000000..7a415c293 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 @@ -0,0 +1,32 @@ +server { + listen 80; + server_name random9761.example.org; + + + location ~ /static/(.*)$ { + alias /srv/http/random14537/static_collected/$1; + expires 7d; + } + + location ~ /media/(.*)$ { + alias /srv/http/random14537/dynamic/public/$1; + expires 7d; + include upload_folder_security_params; + } + + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + proxy_connect_timeout 120; + proxy_read_timeout 120; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random14537/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 new file mode 100644 index 000000000..0fdca78d7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 @@ -0,0 +1,44 @@ +server { + listen 80; + server_name random3674.example.org www.random3674.example.org; + + root /srv/http/random3674.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random3674.example.org/access.log combined_plus; + error_log /var/log/nginx/random3674.example.org/error.log; +} + +server { + listen 80; + server_name random27569.example.org www.random27569.example.org; + + root /srv/http/random27569.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random27569.example.org/access.log combined_plus; + error_log /var/log/nginx/random27569.example.org/error.log; +} + +server { + listen 80; + server_name random11055.example.org www.random11055.example.org; + + root /srv/http/random11055.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random11055.example.org/access.log combined_plus; + error_log /var/log/nginx/random11055.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 new file mode 100644 index 000000000..1180f2eb1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 @@ -0,0 +1,46 @@ +upstream django_server_random7267.example.org { + server unix:/srv/http/random24334/live/website.sock; +} + +server { + listen 80; + listen 443 ssl; + + server_name random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + location /media/ { + alias /srv/http/random24334/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7267.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random24334/live/access.log combined_plus; + error_log /var/log/nginx/random24334/live/error.log; +} + +server { + listen 80; + listen 443 ssl; + + server_name www.random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + return 301 http://random7267.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 new file mode 100644 index 000000000..1a1deb96b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 @@ -0,0 +1,31 @@ +upstream django_server_random2104.example.org { + server unix:/srv/http/random28136/live/website.sock; +} + +server { + listen 80; + server_name www.random2104.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/live/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random2104.example.org; + include /etc/nginx/proxy_params; + proxy_connect_timeout 240; + proxy_read_timeout 240; + + # You can configure access rules here + } + + access_log /var/log/nginx/random28136/live/access.log combined_plus; + error_log /var/log/nginx/random28136/live/error.log; +} + +server { + server_name random2104.example.org; + rewrite ^ http://www.random2104.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 new file mode 100644 index 000000000..add683007 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 @@ -0,0 +1,33 @@ +upstream django_server_random24919.example.org { + server unix:/srv/http/random7831/live/website.sock; +} + +server { + listen 80; + server_name random24919.example.org; + + location ^~ /media/ { + alias /srv/http/random7831/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7831/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random24919.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random7831/live/access.log combined_plus; + error_log /var/log/nginx/random7831/live/error.log; +} + +server { + server_name www.random24919.example.org; + rewrite ^ http://random24919.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 new file mode 100644 index 000000000..ef347862f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 @@ -0,0 +1,12 @@ +# vhost created by moving from marauder, but there it was an apache vhost. + +server { + listen 80; + server_name random3080.example.org www.random3080.example.org random26833.example.org www.random26833.example.org; + + root /srv/http/random10391.example.org/; + + if ($request_uri != '/googleYYYYYYYYYYYYYYYY.html') { + rewrite ^ http://random10305.example.org/ permanent; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 new file mode 100644 index 000000000..bcfc662b2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 @@ -0,0 +1,38 @@ +upstream django_server_random1107.example.org { + server unix:/srv/http/random4755/acceptance/website.sock; +} + +server { + listen 80; + server_name random1107.example.org www.random1107.example.org; + + if ($host != 'random1107.example.org') { + rewrite ^/(.*)$ http://random1107.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1107.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random4755 acceptance"; + auth_basic_user_file htpasswords/random4755_acceptance; + + } + + access_log /var/log/nginx/random4755/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4755/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 new file mode 100644 index 000000000..fe41f9872 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 @@ -0,0 +1,36 @@ +upstream django_server_random8404.example.org { + server unix:/srv/http/random1006/internal/website.sock; +} + +server { + listen 80; + server_name random8404.example.org; + + location ^~ /media/ { + alias /srv/http/random1006/internal/website/static/; + expires 7d; + } + #location ^~ /static/ { + # alias /srv/http/random1006/internal/website/static/; + # expires 7d; + #} + + location / { + proxy_pass http://django_server_random8404.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random1006'; + auth_basic_user_file /srv/http/random1006/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/internal/access.log combined_plus; + error_log /var/log/nginx/random1006/internal/error.log; +} + +server { + server_name www.random8404.example.org; + rewrite ^ http://random8404.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 new file mode 100644 index 000000000..d5c157e88 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 @@ -0,0 +1,39 @@ +upstream django_server_random15255_intern { + server unix:/srv/http/random15255/intern/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random11459.example.org www.random11459.example.org; + + if ($host != 'random11459.example.org') { + rewrite ^/(.*)$ http://random11459.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_intern; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 internal'; + auth_basic_user_file /srv/http/random15255/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/internal/access.log combined_plus; + error_log /var/log/nginx/random15255/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 new file mode 100644 index 000000000..4a49ea47e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 @@ -0,0 +1,32 @@ +upstream django_server_random20084.example.org { + server unix:/srv/http/random1540/live/website.sock; +} + +server { + listen 80; + server_name random3969.example.org www.random20084.example.org random20084.example.org; + + if ($host != 'www.random20084.example.org') { + rewrite ^/(.*)$ http://www.random20084.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random1540/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random1540/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20084.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random1540/live/access.log combined_plus; + error_log /var/log/nginx/random1540/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 new file mode 100644 index 000000000..9e0d39d47 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 @@ -0,0 +1,36 @@ +upstream django_server_random29577.example.org { + server unix:/srv/http/random24645/internal/website.sock; +} + +server { + listen 80; + server_name random29577.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29577.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24645'; + auth_basic_user_file /srv/http/random24645/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24645/internal/access.log; + error_log /var/log/nginx/random24645/internal/error.log; +} + +server { + server_name www.random29577.example.org; + rewrite ^ http://random29577.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 new file mode 100644 index 000000000..c3b979b4e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 @@ -0,0 +1,46 @@ +upstream django_server_random25771.example.org { + server unix:/srv/http/random4711/live/website.sock; +} + +server { + listen 80; + server_name random25771.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25771.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + # You can configure access rules here + } + + client_max_body_size 25m; + + access_log /var/log/nginx/random4711/live/access.log combined_plus; + error_log /var/log/nginx/random4711/live/error.log; +} + +server { + server_name www.random25771.example.org; + server_name *.random17707.example.org; + server_name *.random22274.example.org; + server_name *.random26333.example.org; + server_name *.random10742.example.org; + server_name *.random8297.example.org; + server_name *.random18250.example.org; + server_name *.random30184.example.org; + server_name *.random27005.example.org; + server_name *.random12286.example.org; + server_name *.random28076.example.org; + server_name *.random26194.example.org; + rewrite ^ http://random25771.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 new file mode 100644 index 000000000..91e31bbfd --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 @@ -0,0 +1,40 @@ +upstream django_server_random27891.example.org { + server unix:/srv/http/random6344/live/website.sock; +} + +server { + listen 443; + server_name random27891.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27891.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27891.example.org.key; + + location /media/ { + alias /srv/http/random6344/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27891.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/live/access.log combined_plus; + error_log /var/log/nginx/random6344/live/error.log; +} + +server { + listen 80; + server_name random27891.example.org; + + return 301 https://random27891.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 new file mode 100644 index 000000000..3fe9c4011 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 @@ -0,0 +1,32 @@ +upstream django_server_random27507.example.org { + server unix:/srv/http/random24211/live/website.sock; +} + +server { + listen 80; + server_name random27507.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24211/live/access.log combined_plus; + error_log /var/log/nginx/random24211/live/error.log; +} + +server { + server_name www.random27507.example.org; + rewrite ^ http://random27507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 new file mode 100644 index 000000000..90dad9601 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 @@ -0,0 +1,111 @@ +upstream django_server_random20374.nl { + server unix:/srv/http/random20374/live/website.sock; +} + +server { + listen 80; + + # Main domain + server_name random9123.example.org; + + # So called mini-sites, resulting in landing pages for Google. + server_name random16942.example.org; + server_name random23560.example.org; + server_name random17636.example.org; + server_name random13969.example.org; + server_name random4892.example.org; + server_name random24240.example.org; + server_name random25863.example.org; + server_name random26503.example.org; + server_name random5090.example.org; + server_name random1856.example.org; + server_name random2911.example.org; + server_name random16405.example.org; + + location /media/ { + alias /srv/http/random20374/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random20374/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20374.nl; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random20374/live/access.log combined_plus; + error_log /var/log/nginx/random20374/live/error.log; +} + +server { + server_name www.random9123.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random1825.example.org random1825.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random16942.example.org; + return 301 $scheme://random16942.example.org; +} + +server { + server_name www.random23560.example.org; + return 301 $scheme://random23560.example.org; +} + +server { + server_name www.random17636.example.org; + return 301 $scheme://random17636.example.org; +} + +server { + server_name www.random13969.example.org; + return 301 $scheme://random13969.example.org; +} + +server { + server_name www.random4892.example.org; + return 301 $scheme://random4892.example.org; +} + +server { + server_name www.random24240.example.org; + return 301 $scheme://random24240.example.org; +} + +server { + server_name www.random25863.example.org; + return 301 $scheme://random25863.example.org; +} + +server { + server_name www.random26503.example.org; + return 301 $scheme://random26503.example.org; +} + +server { + server_name www.random5090.example.org; + return 301 $scheme://random5090.example.org; +} + +server { + server_name www.random1856.example.org; + return 301 $scheme://random1856.example.org; +} + +server { + server_name www.random2911.example.org; + return 301 $scheme://random2911.example.org; +} + +server { + server_name www.random16405.example.org; + return 301 $scheme://random16405.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost new file mode 100644 index 000000000..71344abea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost @@ -0,0 +1,44 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location / { + try_files $uri $uri/ /index.php?path_info=$uri&$args; + access_log off; + expires max; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf new file mode 100644 index 000000000..b3ca02f92 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf @@ -0,0 +1,3 @@ +map $uri $blogname{ + ~^(?P/[^/]+/)files/(.*) $blogpath ; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf new file mode 100644 index 000000000..056987136 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf @@ -0,0 +1,9 @@ +#-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### fastcgi configuration. +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +include fastcgi_params; +fastcgi_buffers 256 4k; +fastcgi_intercept_errors on; +## allow 4 hrs - pass timeout responsibility to upstrea +fastcgi_read_timeout 14400; +fastcgi_index index.php; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params new file mode 100644 index 000000000..4a7f26920 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params @@ -0,0 +1,32 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### fastcgi parameters. +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + +## PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; +## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or +## later. The if_not_empty flag was introduced in 1.1.11. See: +## http://nginx.org/en/CHANGES. If using a version that doesn't +## support this comment out the line below. +fastcgi_param HTTPS $https if_not_empty; +## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above. +#fastcgi_param HTTPS $https diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf new file mode 100644 index 000000000..e7974ff6a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win new file mode 100644 index 000000000..72afabe89 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf new file mode 100644 index 000000000..a8d62223a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf @@ -0,0 +1,7 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### Implement the $https_if_not_empty variable for Nginx versions below 1.1.11. + +map $scheme $https { + default ''; + https on; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types new file mode 100644 index 000000000..618b8f8e7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types @@ -0,0 +1,77 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-current-dictionary: american -*- +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/atom+xml atom; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.wap.xhtml+xml xhtml; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + + # Mime types for web fonts. Stolen from here: + # http://seconddrawer.com.au/blog/ in part. + application/x-font-ttf ttf; + font/opentype otf; + application/vnd.ms-fontobject eot; + application/x-woff woff; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf new file mode 100644 index 000000000..22ad4c317 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf @@ -0,0 +1,119 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +user www-data; +worker_processes 4; + +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; + ## epoll is preferred on 2.6 Linux + ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll + use epoll; + ## Accept as many connections as possible. + multi_accept on; +} + +http { + ## MIME types. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## FastCGI. + include /etc/nginx/fastcgi.conf; + + ## Default log and error files. + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## Use sendfile() syscall to speed up I/O operations and speed up + ## static file serving. + sendfile on; + ## Handling of IPs in proxied and load balancing situations. + set_real_ip_from 0.0.0.0/32; # all addresses get a real IP. + real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy + + ## Define a zone for limiting the number of simultaneous + ## connections nginx accepts. 1m means 32000 simultaneous + ## sessions. We need to define for each server the limit_conn + ## value refering to this or other zones. + ## ** This syntax requires nginx version >= + ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older + ## ** version then use the limit_zone directive below + ## ** instead. Comment out this + ## ** one if not using nginx version >= 1.1.8. + limit_conn_zone $binary_remote_addr zone=arbeit:10m; + + ## Timeouts. + client_body_timeout 60; + client_header_timeout 60; + keepalive_timeout 10 10; + send_timeout 60; + + ## Reset lingering timed out connections. Deflect DDoS. + reset_timedout_connection on; + + ## Body size. + client_max_body_size 10m; + + ## TCP options. + tcp_nodelay on; + tcp_nopush on; + + ## Compression. + gzip on; + gzip_buffers 16 8k; + gzip_comp_level 1; + gzip_http_version 1.1; + gzip_min_length 10; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf; + gzip_vary on; + gzip_proxied any; # Compression for all requests. + ## No need for regexps. See + ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable + gzip_disable "msie6"; + + ## Serve already compressed files directly, bypassing on-the-fly + ## compression. + gzip_static on; + + ## Hide the Nginx version number. + server_tokens off; + + ## Use a SSL/TLS cache for SSL session resume. This needs to be + ## here (in this context, for session resumption to work. See this + ## thread on the Nginx mailing list: + ## http://nginx.org/pipermail/nginx/2010-November/023736.html. + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + ## For the filefield_nginx_progress module to work. From the + ## README. Reserve 1MB under the name 'uploads' to track uploads. + upload_progress uploads 1m; + + ## Enable clickjacking protection in modern browsers. Available in + ## IE8 also. See + ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header + add_header X-Frame-Options sameorigin; + + ## Include the upstream servers for PHP FastCGI handling config. + include upstream_phpcgi.conf; + + ## If using Nginx version >= 1.1.11 then there's a $https variable + ## that has the value 'on' if the used scheme is https and '' if not. + ## See: http://trac.nginx.org/nginx/changeset/4380/nginx + ## http://trac.nginx.org/nginx/changeset/4333/nginx and + ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a + ## previous version then uncomment out the line below. + #include map_https_fcgi.conf; + + ## Include the upstream servers for Apache handling the PHP + ## processes. In this case Nginx functions as a reverse proxy. + #include reverse_proxy.conf; + #include upstream_phpapache.conf; + + ## Include all vhosts. + include /etc/nginx/sites-enabled/*; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf new file mode 100644 index 000000000..ee0faadd7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf @@ -0,0 +1,10 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- + +### Configuration for reverse proxy. Passing the necessary headers to +### the backend. Nginx doesn't tunnel the connection, it opens a new +### one. Hence whe need to send these headers to the backend so that +### the client(s) IP is available to them. The host is also sent. + +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header Host $http_host; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default new file mode 100644 index 000000000..9dbaa44ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default @@ -0,0 +1,19 @@ +# -*-mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Block all illegal host headers. Taken from a discussion on nginx +### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following +### a suggestion by Maxim Dounin. Also suggested in +### http://nginx.org/en/docs/http/request_processing.html. +server { + listen [::]:80 default_server; + # Uncomment the line below and comment the above if you're + # running a Nginx version less than 0.8.20. + # listen [::]:80 default; + + # Accept redirects based on the value of the Host header. If + # there's no valid vhost configuration file with a + # corresponding server_name directive then signal an error and + # fail silently. See: + # http://wiki.nginx.org/NginxHttpCoreModule#server_name_in_redirect + server_name_in_redirect off; + return 444; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf new file mode 100644 index 000000000..e77024456 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf @@ -0,0 +1,102 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Nginx configuration for Chive. + +server { + ## This is to avoid the spurious if for sub-domain name + ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name. + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + server_name www.chive.example.com; + + return 301 $scheme://chive.example.com$request_uri; + +} # server domain rewrite. + +server { + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + limit_conn arbeit 32; + server_name chive.example.com; + + ## Parameterization using hostname of access and log filenames. + access_log /var/log/nginx/chive.example.com_access.log; + error_log /var/log/nginx/chive.example.com_error.log; + + root /var/www/sites/chive.example.com; + index index.php index.html; + + ## Support for favicon. Return a 204 (No Content) if the favicon + ## doesn't exist. + location = /favicon.ico { + try_files /favicon.ico =204; + } + + ## The main location is accessed using Basic Auth. + location / { + ## Access is restricted. + auth_basic "Restricted Access"; # auth realm + auth_basic_user_file .htpasswd-users; # htpasswd file + + ## Use PATH_INFO for translating the requests to the + ## FastCGI. This config follows Igor's suggestion here: + ## http://forum.nginx.org/read.php?2,124378,124582. + ## This is preferable to using: + ## fastcgi_split_path_info ^(.+\.php)(.*)$ + ## It saves one regex in the location. Hence it's faster. + location ~ ^(?