diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py
index 89d602f5f..d012b76b1 100644
--- a/certbot-apache/certbot_apache/configurator.py
+++ b/certbot-apache/certbot_apache/configurator.py
@@ -18,6 +18,7 @@ from certbot import interfaces
from certbot import util
from certbot.plugins import common
+from certbot.plugins.util import path_surgery
from certbot_apache import augeas_configurator
from certbot_apache import constants
@@ -141,6 +142,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
return os.path.join(self.config.config_dir,
constants.MOD_SSL_CONF_DEST)
+
def prepare(self):
"""Prepare the authenticator/installer.
@@ -157,8 +159,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
raise errors.NoInstallationError("Problem in Augeas installation")
# Verify Apache is installed
- if not util.exe_exists(constants.os_constant("restart_cmd")[0]):
- raise errors.NoInstallationError
+ restart_cmd = constants.os_constant("restart_cmd")[0]
+ if not util.exe_exists(restart_cmd):
+ if not path_surgery(restart_cmd):
+ raise errors.NoInstallationError(
+ 'Cannot find Apache control command {0}'.format(restart_cmd))
# Make sure configuration is valid
self.config_test()
@@ -819,7 +824,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
else:
return non_ssl_vh_fp + self.conf("le_vhost_ext")
- def _sift_line(self, line):
+ def _sift_rewrite_rule(self, line):
"""Decides whether a line should be copied to a SSL vhost.
A canonical example of when sifting a line is required:
@@ -870,18 +875,62 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
with open(avail_fp, "r") as orig_file:
with open(ssl_fp, "w") as new_file:
new_file.write("\n")
+
+ comment = ("# Some rewrite rules in this file were "
+ "disabled on your HTTPS site,\n"
+ "# because they have the potential to create "
+ "redirection loops.\n")
+
for line in orig_file:
- if self._sift_line(line):
+ A = line.lstrip().startswith("RewriteCond")
+ B = line.lstrip().startswith("RewriteRule")
+
+ if not (A or B):
+ new_file.write(line)
+ continue
+
+ # A RewriteRule that doesn't need filtering
+ if B and not self._sift_rewrite_rule(line):
+ new_file.write(line)
+ continue
+
+ # A RewriteRule that does need filtering
+ if B and self._sift_rewrite_rule(line):
if not sift:
- new_file.write(
- "# Some rewrite rules in this file were "
- "were disabled on your HTTPS site,\n"
- "# because they have the potential to "
- "create redirection loops.\n")
+ new_file.write(comment)
sift = True
new_file.write("# " + line)
- else:
- new_file.write(line)
+ continue
+
+ # We save RewriteCond(s) and their corresponding
+ # RewriteRule in 'chunk'.
+ # We then decide whether we comment out the entire
+ # chunk based on its RewriteRule.
+ chunk = []
+ if A:
+ chunk.append(line)
+ line = next(orig_file)
+
+ # RewriteCond(s) must be followed by one RewriteRule
+ while not line.lstrip().startswith("RewriteRule"):
+ chunk.append(line)
+ line = next(orig_file)
+
+ # Now, current line must start with a RewriteRule
+ chunk.append(line)
+
+ if self._sift_rewrite_rule(line):
+ if not sift:
+ new_file.write(comment)
+ sift = True
+
+ new_file.write(''.join(
+ ['# ' + l for l in chunk]))
+ continue
+ else:
+ new_file.write(''.join(chunk))
+ continue
+
new_file.write("\n")
except IOError:
logger.fatal("Error writing/reading to file in make_vhost_ssl")
diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py
index 9a034c3e0..99b1b8b74 100644
--- a/certbot-apache/certbot_apache/tests/configurator_test.py
+++ b/certbot-apache/certbot_apache/tests/configurator_test.py
@@ -1,4 +1,4 @@
-# pylint: disable=too-many-public-methods
+# pylint: disable=too-many-public-methods,too-many-lines
"""Test for certbot_apache.configurator."""
import os
import shutil
@@ -49,11 +49,14 @@ class MultipleVhostsTest(util.ApacheTest):
shutil.rmtree(self.config_dir)
shutil.rmtree(self.work_dir)
- @mock.patch("certbot_apache.configurator.util.exe_exists")
- def test_prepare_no_install(self, mock_exe_exists):
- mock_exe_exists.return_value = False
- self.assertRaises(
- errors.NoInstallationError, self.config.prepare)
+ @mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas")
+ @mock.patch("certbot_apache.configurator.path_surgery")
+ def test_prepare_no_install(self, mock_surgery, _init_augeas):
+ silly_path = {"PATH": "/tmp/nothingness2342"}
+ mock_surgery.return_value = False
+ with mock.patch.dict('os.environ', silly_path):
+ self.assertRaises(errors.NoInstallationError, self.config.prepare)
+ self.assertEquals(mock_surgery.call_count, 1)
@mock.patch("certbot_apache.augeas_configurator.AugeasConfigurator.init_augeas")
def test_prepare_no_augeas(self, mock_init_augeas):
@@ -86,6 +89,7 @@ class MultipleVhostsTest(util.ApacheTest):
self.assertRaises(
errors.NotSupportedError, self.config.prepare)
+
def test_add_parser_arguments(self): # pylint: disable=no-self-use
from certbot_apache.configurator import ApacheConfigurator
# Weak test..
@@ -1110,16 +1114,19 @@ class MultipleVhostsTest(util.ApacheTest):
self.config._enable_redirect(self.vh_truth[1], "")
self.assertEqual(len(self.config.vhosts), 9)
- def test_sift_line(self):
+ def test_sift_rewrite_rule(self):
# pylint: disable=protected-access
small_quoted_target = "RewriteRule ^ \"http://\""
- self.assertFalse(self.config._sift_line(small_quoted_target))
+ self.assertFalse(self.config._sift_rewrite_rule(small_quoted_target))
https_target = "RewriteRule ^ https://satoshi"
- self.assertTrue(self.config._sift_line(https_target))
+ self.assertTrue(self.config._sift_rewrite_rule(https_target))
normal_target = "RewriteRule ^/(.*) http://www.a.com:1234/$1 [L,R]"
- self.assertFalse(self.config._sift_line(normal_target))
+ self.assertFalse(self.config._sift_rewrite_rule(normal_target))
+
+ not_rewriterule = "NotRewriteRule ^ ..."
+ self.assertFalse(self.config._sift_rewrite_rule(not_rewriterule))
@mock.patch("certbot_apache.configurator.zope.component.getUtility")
def test_make_vhost_ssl_with_existing_rewrite_rule(self, mock_get_utility):
@@ -1148,7 +1155,61 @@ class MultipleVhostsTest(util.ApacheTest):
"[L,QSA,R=permanent]")
self.assertTrue(commented_rewrite_rule in conf_text)
mock_get_utility().add_message.assert_called_once_with(mock.ANY,
+
mock.ANY)
+ @mock.patch("certbot_apache.configurator.zope.component.getUtility")
+ def test_make_vhost_ssl_with_existing_rewrite_conds(self, mock_get_utility):
+ self.config.parser.modules.add("rewrite_module")
+
+ http_vhost = self.vh_truth[0]
+
+ self.config.parser.add_dir(
+ http_vhost.path, "RewriteEngine", "on")
+
+ # Add a chunk that should not be commented out.
+ self.config.parser.add_dir(http_vhost.path,
+ "RewriteCond", ["%{DOCUMENT_ROOT}/%{REQUEST_FILENAME}", "!-f"])
+ self.config.parser.add_dir(
+ http_vhost.path, "RewriteRule",
+ ["^(.*)$", "b://u%{REQUEST_URI}", "[P,QSA,L]"])
+
+ # Add a chunk that should be commented out.
+ self.config.parser.add_dir(http_vhost.path,
+ "RewriteCond", ["%{HTTPS}", "!=on"])
+ self.config.parser.add_dir(http_vhost.path,
+ "RewriteCond", ["%{HTTPS}", "!^$"])
+ self.config.parser.add_dir(
+ http_vhost.path, "RewriteRule",
+ ["^",
+ "https://%{SERVER_NAME}%{REQUEST_URI}",
+ "[L,QSA,R=permanent]"])
+
+ self.config.save()
+
+ ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0])
+
+ conf_line_set = set(open(ssl_vhost.filep).read().splitlines())
+
+ not_commented_cond1 = ("RewriteCond "
+ "%{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f")
+ not_commented_rewrite_rule = ("RewriteRule "
+ "^(.*)$ b://u%{REQUEST_URI} [P,QSA,L]")
+
+ commented_cond1 = "# RewriteCond %{HTTPS} !=on"
+ commented_cond2 = "# RewriteCond %{HTTPS} !^$"
+ commented_rewrite_rule = ("# RewriteRule ^ "
+ "https://%{SERVER_NAME}%{REQUEST_URI} "
+ "[L,QSA,R=permanent]")
+
+ self.assertTrue(not_commented_cond1 in conf_line_set)
+ self.assertTrue(not_commented_rewrite_rule in conf_line_set)
+
+ self.assertTrue(commented_cond1 in conf_line_set)
+ self.assertTrue(commented_cond2 in conf_line_set)
+ self.assertTrue(commented_rewrite_rule in conf_line_set)
+ mock_get_utility().add_message.assert_called_once_with(mock.ANY,
+ mock.ANY)
+
def get_achalls(self):
"""Return testing achallenges."""
diff --git a/certbot-compatibility-test/nginx/README b/certbot-compatibility-test/nginx/README
new file mode 100644
index 000000000..f32de2148
--- /dev/null
+++ b/certbot-compatibility-test/nginx/README
@@ -0,0 +1,27 @@
+Eventually there will also be a compatibility test here like the Apache one.
+
+Right now, this is data for the roundtrip test (checking that the parser
+can parse each file and that the reserialized config file it generates is
+identical to the original).
+
+If run in a virtualenv or otherwise so that certbot_nginx can be imported,
+the roundtrip test can run as
+
+python roundtrip.py nginx-roundtrip-testdata
+
+It gives exit status 0 for success and 1 if at least one parse or roundtrip
+failure occurred.
+
+
+The directory nginx-roundtrip-testdata includes some config files that were
+contributed to our project as well as most of the configs linked from
+
+https://www.nginx.com/resources/wiki/start/
+
+Some exceptions that were skipped are
+
+https://www.nginx.com/resources/wiki/start/topics/recipes/moinmoin/
+https://www.nginx.com/resources/wiki/start/topics/examples/SSL-Offloader/ (not much nginx configuration)
+https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ (likewise)
+https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/
+https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033
new file mode 100644
index 000000000..19dc49444
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033
@@ -0,0 +1,34 @@
+upstream django_server_random18709.example.org {
+ server unix:/srv/http/random22194/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random18709.example.org;
+
+ location /media/ {
+ alias /srv/http/random22194/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random22194/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random18709.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random22194/live/access.log combined_plus;
+ error_log /var/log/nginx/random22194/live/error.log;
+}
+
+server {
+ server_name www.random18709.example.org;
+ server_name random24607.example.org www.random24607.example.org;
+ return 301 http://random18709.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571
new file mode 100644
index 000000000..fe95ac8dc
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571
@@ -0,0 +1,71 @@
+upstream django_server_random1413.example.org {
+ server unix:/srv/http/random25151/live/website.sock;
+}
+
+server {
+ listen 443;
+ server_name www.random25266.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random25266.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random25151/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random25151/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1413.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random25151/live/access.log combined_plus;
+ error_log /var/log/nginx/random25151/live/error.log;
+}
+
+
+server {
+ listen 443;
+ server_name random1413.example.org www.random1413.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random1413.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random1413.example.org.key;
+
+ location / {
+ return 301 https://www.random25266.example.org$request_uri;
+ }
+}
+
+server {
+ listen 443;
+ server_name random25266.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random25266.example.org.key;
+
+ location / {
+ return 301 https://www.random25266.example.org$request_uri;
+ }
+}
+
+server {
+ listen 80;
+ server_name random1413.example.org www.random1413.example.org;
+ server_name random28524.example.org www.random28524.example.org;
+ server_name random25266.example.org www.random25266.example.org;
+ server_name random26791.example.org www.random26791.example.org;
+
+ location / {
+ return 301 https://www.random25266.example.org$request_uri;
+ }
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591
new file mode 100644
index 000000000..103b56009
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591
@@ -0,0 +1,38 @@
+upstream django_server_random11921.example.org {
+ server unix:/srv/http/random9726/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random11921.example.org www.random11921.example.org;
+
+ if ($host != 'random11921.example.org') {
+ rewrite ^/(.*)$ http://random11921.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random9726/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random9726/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random11921.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ error_page 502 503 504 /50x.html;
+ }
+
+ location /50x.html {
+ root /usr/share/nginx/www/;
+ }
+
+ access_log /var/log/nginx/random9726/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random9726/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920
new file mode 100644
index 000000000..0f7c55762
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920
@@ -0,0 +1,16 @@
+server {
+ listen 80 default;
+
+ location / {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:81;
+ }
+
+ location ~ /\.ht {
+ deny all;
+ }
+
+ access_log /var/log/nginx/random27802/access.log combined_plus;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947
new file mode 100644
index 000000000..a09605d03
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947
@@ -0,0 +1,40 @@
+upstream django_server_acceptance.random8289.random17507.example.org {
+ server unix:/srv/http/random8289/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random23045.example.org;
+
+ location /media/ {
+ alias /srv/http/random8289/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random8289/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_acceptance.random8289.random17507.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+
+ satisfy any;
+ auth_basic 'random8289 acceptance';
+ auth_basic_user_file /srv/http/random8289/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random8289/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random8289/acceptance/error.log;
+}
+
+server {
+ server_name www.random23045.example.org;
+ return 301 http://random23045.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018
new file mode 100644
index 000000000..8aceca7ca
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018
@@ -0,0 +1,37 @@
+upstream django_server_random24036.example.org {
+ server unix:/srv/http/random1006/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random24036.example.org;
+ gzip on;
+ gzip_http_version 1.0;
+ gzip_types *;
+ gzip_vary on;
+ gzip_proxied any;
+
+ location ~ /media/(.*)$ {
+ alias /srv/http/random1006/live/website/static/$1;
+ expires 7d;
+ gzip on;
+ }
+
+
+ location / {
+ proxy_pass http://django_server_random24036.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random1006/live/access.log combined_plus;
+ error_log /var/log/nginx/random1006/live/error.log;
+}
+
+server {
+ server_name www.random24036.example.org;
+ server_name random32349.example.org www.random32349.example.org;
+ server_name random23794.example.org www.random23794.example.org;
+ rewrite ^ http://random24036.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046
new file mode 100644
index 000000000..1d81e5b52
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046
@@ -0,0 +1,36 @@
+upstream django_server_random25979.example.org {
+ server unix:/srv/http/random24211/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random25979.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random24211/internal/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random24211/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random25979.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random24211';
+ auth_basic_user_file /srv/http/random24211/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random24211/internal/access.log combined_plus;
+ error_log /var/log/nginx/random24211/internal/error.log;
+}
+
+server {
+ server_name www.random25979.example.org;
+ rewrite ^ http://intern.random24211.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382
new file mode 100644
index 000000000..0dc1af725
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382
@@ -0,0 +1,29 @@
+server {
+ listen 80;
+ listen 7891; # User0
+ listen 8080; # User1
+ listen 8900; # User2
+ listen 8912; # User3
+ listen 3567; # User4
+
+ server_name random666.example.org www.random666.example.org;
+
+ root /srv/http/random666.example.org;
+ index index.html index.htm;
+
+ location /duif_assets/ {
+ try_files $uri $uri/ =404;
+ }
+
+ location /index.html {
+ try_files $uri $uri/ =404;
+ }
+
+ location / {
+ rewrite ^.+$ / break;
+ try_files $uri $uri/ =404;
+ }
+
+ access_log /var/log/nginx/random666.example.org/access.log combined_plus;
+ error_log /var/log/nginx/random666.example.org/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167
new file mode 100644
index 000000000..13210b056
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167
@@ -0,0 +1,38 @@
+upstream django_server_random23900.example.org {
+ server unix:/srv/http/random29467/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random23900.example.org www.random23900.example.org;
+
+ if ($host != 'random23900.example.org') {
+ rewrite ^/(.*)$ http://random23900.example.org/$1 permanent;
+ }
+
+ location ^~ /media/ {
+ alias /srv/http/random29467/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random29467/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random23900.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ satisfy any;
+ allow 89.188.25.162;
+ auth_basic "random29467 acceptance";
+ auth_basic_user_file htpasswords/random29467_acceptance;
+
+ }
+
+ access_log /var/log/nginx/random29467/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random29467/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849
new file mode 100644
index 000000000..8a8c90b7e
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849
@@ -0,0 +1,36 @@
+upstream django_server_random3140.example.org {
+ server unix:/srv/http/random2912/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random3140.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random2912/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random2912/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random3140.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random2912/live/access.log combined_plus;
+ error_log /var/log/nginx/random2912/live/error.log;
+}
+
+server {
+ server_name www.random3140.example.org;
+ server_name random28398.example.org;
+ server_name random23689.example.org www.random23689.example.org;
+ server_name random25863.example.org www.random25863.example.org;
+
+ rewrite ^ http://random3140.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027
new file mode 100644
index 000000000..9d74e2098
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027
@@ -0,0 +1,29 @@
+upstream django_server_random6410.example.org {
+ server unix:/srv/http/random28641/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name www.random6410.example.org;
+
+ location ~ /static/(.*)$ {
+ alias /srv/http/random28641/live/website/static/$1;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random6410.example.org;
+ include /etc/nginx/proxy_params;
+
+ proxy_connect_timeout 240;
+ proxy_read_timeout 240;
+ }
+
+ access_log /var/log/nginx/random28641/live/access.log combined_plus;
+ error_log /var/log/nginx/random28641/live/error.log;
+}
+
+server {
+ server_name random6410.example.org;
+ rewrite ^ http://www.random6410.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235
new file mode 100644
index 000000000..17ba72db4
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235
@@ -0,0 +1,33 @@
+server {
+ server_name random18267.example.org;
+ gzip on;
+ gzip_min_length 2000;
+ gzip_proxied any;
+ gzip_types application/json;
+
+ client_max_body_size 30M;
+
+ root /srv/http/random23264/data;
+
+ # Security
+ satisfy any;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+
+ # try serving docs and (md5/immutable) directly
+ location ~ \+(f|doc)/ {
+ try_files $uri @proxy_to_app;
+ }
+ location / {
+ # XXX how to tell nginx to just refer to @proxy_to_app here?
+ try_files /.lqkwje @proxy_to_app;
+ }
+ location @proxy_to_app {
+ proxy_pass http://random20604.example.org:4040;
+ proxy_set_header X-outside-url $scheme://$host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+
+ access_log /var/log/nginx/random23264/access.log combined_plus;
+ error_log /var/log/nginx/random23264/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649
new file mode 100644
index 000000000..af5a22620
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649
@@ -0,0 +1,45 @@
+upstream django_server_random10305.example.org {
+ server unix:/srv/http/random23322/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random10305.example.org;
+
+ location /media/ {
+ alias /srv/http/random23322/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random23322/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random10305.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random23322/live/access.log combined_plus;
+ error_log /var/log/nginx/random23322/live/error.log;
+}
+
+server {
+ listen 80;
+
+ server_name random13399.example.org;
+ server_name www.random10305.example.org;
+ server_name random17958.example.org www.random17958.example.org;
+ server_name random15266.example.org www.random15266.example.org;
+ server_name random21296.example.org www.random21296.example.org;
+ server_name random5261.example.org www.random5261.example.org;
+ server_name random679.example.org www.random679.example.org;
+ server_name random31788.example.org www.random31788.example.org;
+ server_name random22704.example.org www.random22704.example.org;
+ server_name random17411.example.org www.random17411.example.org;
+
+ return 301 http://random10305.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577
new file mode 100644
index 000000000..d7a17f76e
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577
@@ -0,0 +1,38 @@
+upstream django_server_random30837.example.org {
+ server unix:/srv/http/random30992/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name www.random30837.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random30992/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random30992/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random30837.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random30992/live/access.log combined_plus;
+ error_log /var/log/nginx/random30992/live/error.log;
+}
+
+server {
+ server_name random30837.example.org;
+ server_name random3263.example.org www.random3263.example.org;
+ server_name random6771.example.org www.random6771.example.org;
+ server_name random17696.example.org www.random17696.example.org;
+ server_name random7179.example.org www.random7179.example.org;
+ server_name random8127.example.org www.random8127.example.org;
+
+ rewrite ^ http://www.random30837.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402
new file mode 100644
index 000000000..ca9ca2f61
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402
@@ -0,0 +1,33 @@
+upstream django_server_random17705.example.org {
+ server unix:/srv/http/random8289/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random17705.example.org;
+
+ location /media/ {
+ alias /srv/http/random8289/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random8289/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random17705.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random8289/internal/access.log combined_plus;
+ error_log /var/log/nginx/random8289/internal/error.log;
+}
+
+server {
+ server_name www.random17705.example.org;
+ return 301 http://random17705.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430
new file mode 100644
index 000000000..7caf7b2a4
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430
@@ -0,0 +1,54 @@
+upstream django_server_random17507.example.org {
+ server unix:/srv/http/random7740/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random17507.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random7740/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random7740/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random17507.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random7740/live/access.log combined_plus;
+ error_log /var/log/nginx/random7740/live/error.log;
+}
+
+server {
+ server_name www.random17507.example.org;
+ server_name random31197.example.org www.random31197.example.org;
+ server_name random19579.example.org www.random19579.example.org;
+ server_name random16629.example.org www.random16629.example.org;
+ server_name random28363.example.org www.random28363.example.org;
+ server_name random30185.example.org www.random30185.example.org;
+ server_name random22326.example.org www.random22326.example.org;
+ server_name random3622.example.org www.random3622.example.org;
+ server_name random1463.example.org www.random1463.example.org;
+ server_name random23341.example.org www.random23341.example.org;
+ server_name random2214.example.org www.random2214.example.org;
+ server_name random22684.example.org www.random22684.example.org;
+ server_name random6606.example.org www.random6606.example.org;
+ server_name random29138.example.org www.random29138.example.org;
+ server_name random15109.example.org www.random15109.example.org;
+ server_name random8002.example.org www.random8002.example.org;
+ server_name random16836.example.org www.random16836.example.org;
+ server_name random22283.example.org www.random22283.example.org;
+
+ location = /googleXXXXXXXXXXXXXXXX.html {
+ alias /srv/http/random7740/live/website/templates/googleXXXXXXXXXXXXXXXX.html;
+ }
+
+ rewrite ^ http://random17507.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141
new file mode 100644
index 000000000..2b2689f09
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141
@@ -0,0 +1,36 @@
+upstream django_server_acceptatie.random20374.nl {
+ server unix:/srv/http/random20374/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random28586.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random20374/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random20374/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_acceptatie.random20374.nl;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random20374';
+ auth_basic_user_file /srv/http/random20374/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random20374/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random20374/acceptance/error.log;
+}
+
+server {
+ server_name www.random28586.example.org;
+ rewrite ^ http://random28586.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270
new file mode 100644
index 000000000..b4f4bd61c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270
@@ -0,0 +1,38 @@
+upstream django_server_random6822.example.org {
+ server unix:/srv/http/random7047/live/website.sock;
+}
+
+server {
+ listen 8443;
+ server_name random6822.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random6822.example.org.complete-bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random6822.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random7047/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random7047/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random6822.example.org;
+ include /etc/nginx/proxy_params;
+ }
+
+ access_log /var/log/nginx/random7047/live/access.log combined_plus;
+ error_log /var/log/nginx/random7047/live/error.log;
+}
+
+server {
+ listen 80;
+ server_name random6822.example.org;
+
+ rewrite ^/(.*) https://random6822.example.org:8443/$1;
+}
+
+
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291
new file mode 100644
index 000000000..fa09bed93
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291
@@ -0,0 +1,112 @@
+# You may add here your
+# server {
+# ...
+# }
+# statements for each of your virtual hosts to this file
+
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server ipv6only=on;
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ # Make site accessible from http://random20604.example.org/
+ server_name random20604.example.org;
+
+ location / {
+ # First attempt to serve request as file, then
+ # as directory, then fall back to displaying a 404.
+ try_files $uri $uri/ =404;
+ # Uncomment to enable naxsi on this location
+ # include /etc/nginx/naxsi.rules
+ }
+
+ # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
+ #location /RequestDenied {
+ # proxy_pass http://127.0.0.1:8080;
+ #}
+
+ #error_page 404 /404.html;
+
+ # redirect server error pages to the static page /50x.html
+ #
+ #error_page 500 502 503 504 /50x.html;
+ #location = /50x.html {
+ # root /usr/share/nginx/html;
+ #}
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ #
+ #location ~ \.php$ {
+ # fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+ #
+ # # With php5-cgi alone:
+ # fastcgi_pass 127.0.0.1:9000;
+ # # With php5-fpm:
+ # fastcgi_pass unix:/var/run/php5-fpm.sock;
+ # fastcgi_index index.php;
+ # include fastcgi_params;
+ #}
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ #
+ #location ~ /\.ht {
+ # deny all;
+ #}
+}
+
+
+# another virtual host using mix of IP-, name-, and port-based configuration
+#
+#server {
+# listen 8000;
+# listen random20605.example.org:8080;
+# server_name random20605.example.org alias another.alias;
+# root html;
+# index index.html index.htm;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
+
+
+# HTTPS server
+#
+#server {
+# listen 443;
+# server_name random20604.example.org;
+#
+# root html;
+# index index.html index.htm;
+#
+# ssl on;
+# ssl_certificate cert.pem;
+# ssl_certificate_key cert.key;
+#
+# ssl_session_timeout 5m;
+#
+# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
+# ssl_prefer_server_ciphers on;
+#
+# location / {
+# try_files $uri $uri/ =404;
+# }
+#}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456
new file mode 100644
index 000000000..273694b51
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456
@@ -0,0 +1,39 @@
+upstream django_server_random29275.example.org {
+ server unix:/srv/http/random14353/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random29275.example.org;
+
+ location /media/ {
+ alias /srv/http/random14353/internal/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random14353/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random29275.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+
+ satisfy any;
+ auth_basic 'internal for random14353';
+ auth_basic_user_file /srv/http/random14353/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random14353/internal/access.log;
+ error_log /var/log/nginx/random14353/internal/error.log;
+}
+
+server {
+ server_name www.random29275.example.org;
+ return 301 http://random29275.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497
new file mode 100644
index 000000000..86a8980d2
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497
@@ -0,0 +1,35 @@
+upstream django_server_random16112.example.org {
+ server unix:/srv/http/random29227/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random16112.example.org;
+
+ location /media/ {
+ alias /srv/http/random29227/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random29227/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random16112.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random29227/live/access.log combined_plus;
+ error_log /var/log/nginx/random29227/live/error.log;
+}
+server {
+ server_name random5297.example.org www.random5297.example.org;
+ server_name random17050.example.org www.random17050.example.org;
+ server_name www.random16112.example.org;
+
+ return 301 http://random16112.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852
new file mode 100644
index 000000000..32b88c62f
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852
@@ -0,0 +1,38 @@
+upstream django_server_random7474.example.org {
+ server unix:/srv/http/random4886/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random7474.example.org;
+
+ location /media/ {
+ alias /srv/http/random4886/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random4886/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random7474.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random4886';
+ auth_basic_user_file /srv/http/random4886/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ client_max_body_size 20m;
+
+ access_log /var/log/nginx/random4886/acceptance/access.log;
+ error_log /var/log/nginx/random4886/acceptance/error.log;
+}
+
+server {
+ server_name www.random7474.example.org;
+ return 301 http://random7474.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345
new file mode 100644
index 000000000..ac8ce609c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345
@@ -0,0 +1,34 @@
+upstream django_server_random25713.example.org {
+ server unix:/srv/http/random24922/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random25713.example.org;
+
+ location /media/ {
+ alias /srv/http/random24922/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random24922/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random25713.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random24922/live/access.log;
+ error_log /var/log/nginx/random24922/live/error.log;
+}
+
+server {
+ server_name www.random25713.example.org;
+ return 301 http://random25713.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175
new file mode 100644
index 000000000..e733a70ed
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175
@@ -0,0 +1,14 @@
+server {
+ listen 80;
+ server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org;
+
+ if ($host != 'random25647.example.org') {
+ rewrite ^/(.*)$ http://random25647.example.org/$1 permanent;
+ }
+
+ index index.html index.htm;
+ root /srv/http/random11461/countdown/;
+
+ access_log /var/log/nginx/random11461/live/access.log combined_plus;
+ error_log /var/log/nginx/random11461/live/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832
new file mode 100644
index 000000000..4a0967de8
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832
@@ -0,0 +1,32 @@
+upstream django_server_random6430.example.org {
+ server unix:/srv/http/random550/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random6430.example.org;
+
+ location /media/ {
+ alias /srv/http/random550/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random550/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random6430.example.org;
+ include /etc/nginx/django_proxy_params;
+
+ }
+
+ access_log /var/log/nginx/random550/internal/access.log combined_plus;
+ error_log /var/log/nginx/random550/internal/error.log;
+}
+
+server {
+ server_name www.random6430.example.org;
+ return 301 http://random6430.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942
new file mode 100644
index 000000000..a3b10eed6
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942
@@ -0,0 +1,32 @@
+upstream django_server_random25647.example.org {
+ server unix:/srv/http/random11461/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org;
+
+ if ($host != 'random25647.example.org') {
+ rewrite ^/(.*)$ http://random25647.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random11461/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random11461/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random25647.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random11461/live/access.log combined_plus;
+ error_log /var/log/nginx/random11461/live/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018
new file mode 100644
index 000000000..63b68d6ff
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018
@@ -0,0 +1,36 @@
+upstream django_server_intern.random20374.nl {
+ server unix:/srv/http/random20374/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random23818.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random20374/internal/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random20374/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_intern.random20374.nl;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random20374';
+ auth_basic_user_file /srv/http/random20374/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random20374/internal/access.log combined_plus;
+ error_log /var/log/nginx/random20374/internal/error.log;
+}
+
+server {
+ server_name www.random23818.example.org;
+ rewrite ^ http://random23818.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069
new file mode 100644
index 000000000..d6d4e5bea
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069
@@ -0,0 +1,39 @@
+upstream django_server_random7949.example.org {
+ server unix:/srv/http/random1006/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random7949.example.org;
+ gzip on;
+ gzip_http_version 1.0;
+ gzip_types *;
+ gzip_vary on;
+ gzip_proxied any;
+
+ location ~ /media/(.*)$ {
+ alias /srv/http/random1006/acceptance/website/static/$1;
+ expires 7d;
+ gzip on;
+ }
+
+
+ location / {
+ proxy_pass http://django_server_random7949.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random1006';
+ auth_basic_user_file /srv/http/random1006/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random1006/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random1006/acceptance/error.log;
+}
+
+server {
+ server_name www.random7949.example.org;
+ rewrite ^ http://random7949.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334
new file mode 100644
index 000000000..2609e2080
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334
@@ -0,0 +1,39 @@
+upstream django_server_random1515.example.org {
+ server unix:/srv/http/random15255/acceptance/website.sock fail_timeout=5;
+}
+
+server {
+ listen 80;
+ server_name random1515.example.org www.random1515.example.org;
+
+ if ($host != 'random1515.example.org') {
+ rewrite ^/(.*)$ http://random1515.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random15255/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random15255/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1515.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+
+ satisfy any;
+ auth_basic 'random191 acceptance';
+ auth_basic_user_file /srv/http/random15255/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random15255/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random15255/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639
new file mode 100644
index 000000000..617472e0d
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639
@@ -0,0 +1,39 @@
+upstream django_server_live.random8289.random17507.example.org {
+ server unix:/srv/http/random8289/live/website.sock;
+}
+
+server {
+ listen 443;
+ server_name random23886.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random23886.example.org.complete-bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random23886.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random8289/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random8289/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_live.random8289.random17507.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random8289/live/access.log combined_plus;
+ error_log /var/log/nginx/random8289/live/error.log;
+}
+
+server {
+ listen 80;
+ server_name random23886.example.org;
+ return 301 https://random23886.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966
new file mode 100644
index 000000000..41aaef04d
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966
@@ -0,0 +1,36 @@
+upstream django_server_random31523.example.org {
+ server unix:/srv/http/random16722.example.org/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random31523.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random16722.example.org/internal/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random16722.example.org/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random31523.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random16722.example.org';
+ auth_basic_user_file /srv/http/random16722.example.org/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random16722.example.org/internal/access.log combined_plus;
+ error_log /var/log/nginx/random16722.example.org/internal/error.log;
+}
+
+server {
+ server_name www.random31523.example.org;
+ rewrite ^ http://random31523.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791
new file mode 100644
index 000000000..6e3112ad8
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791
@@ -0,0 +1,34 @@
+upstream django_server_random1413.example.org {
+ server unix:/srv/http/random25151/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random1413.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random25151/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random25151/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1413.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random25151/live/access.log combined_plus;
+ error_log /var/log/nginx/random25151/live/error.log;
+}
+
+server {
+ server_name www.random1413.example.org;
+ server_name random28524.example.org www.random28524.example.org;
+ rewrite ^ http://random1413.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955
new file mode 100644
index 000000000..20d718409
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955
@@ -0,0 +1,36 @@
+upstream django_server_random9619.example.org {
+ server unix:/srv/http/random28641/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random9619.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random28641/internal/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random28641/internal/website/static/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random9619.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random28641';
+ auth_basic_user_file /srv/http/random28641/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random28641/internal/access.log combined_plus;
+ error_log /var/log/nginx/random28641/internal/error.log;
+}
+
+server {
+ server_name www.random9619.example.org;
+ rewrite ^ http://random9619.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369
new file mode 100644
index 000000000..5650efb4c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369
@@ -0,0 +1,33 @@
+upstream django_server_random31758.example.org {
+ server unix:/srv/http/random21623/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random31758.example.org www.random31758.example.org;
+
+ if ($host != 'random31758.example.org') {
+ rewrite ^/(.*)$ http://random31758.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random21623/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random21623/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random31758.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random21623/internal/access.log combined_plus;
+ error_log /var/log/nginx/random21623/internal/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549
new file mode 100644
index 000000000..85576da76
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549
@@ -0,0 +1,32 @@
+upstream django_server_random1688.example.org {
+ server unix:/srv/http/random6470/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random5078.example.org random1688.example.org www.random1688.example.org;
+
+ if ($host != 'random5078.example.org') {
+ rewrite ^/(.*)$ http://random5078.example.org/$1 permanent;
+ }
+
+ location ^~ /media/ {
+ alias /srv/http/random6470/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random6470/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1688.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random6470/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random6470/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230
new file mode 100644
index 000000000..00d1d2b0b
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230
@@ -0,0 +1,33 @@
+upstream django_server_random22746.example.org {
+ server unix:/srv/http/random6344/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random22746.example.org;
+
+ if ($host != 'random22746.example.org') {
+ rewrite ^/(.*)$ http://random22746.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random6344/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random6344/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random22746.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random6344/internal/access.log combined_plus;
+ error_log /var/log/nginx/random6344/internal/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325
new file mode 100644
index 000000000..5b91f0eaf
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325
@@ -0,0 +1,74 @@
+upstream django_server_random15255_live {
+ server unix:/srv/http/random15255/live/website.sock fail_timeout=5;
+}
+
+server {
+ listen 443;
+ server_name random7381.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random15255/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+
+ location /static/ {
+ alias /srv/http/random15255/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random15255_live;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random15255/live/access.log combined_plus;
+ error_log /var/log/nginx/random15255/live/error.log;
+}
+
+server {
+ listen 80;
+ server_name random7381.example.org www.random7381.example.org;
+
+ return 301 https://random7381.example.org$request_uri;
+}
+
+server {
+ listen 8445;
+ server_name random7381.example.org www.random7381.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
+
+ return 301 https://random7381.example.org$request_uri;
+}
+
+server {
+ listen 1000;
+ server_name random7381.example.org www.random7381.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
+
+ return 301 https://random7381.example.org$request_uri;
+}
+
+server {
+ listen 443;
+ server_name www.random7381.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7381.example.org.key;
+
+ return 301 https://random7381.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470
new file mode 100644
index 000000000..4f78b645b
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470
@@ -0,0 +1,56 @@
+upstream django_server_random27579.example.org {
+ server unix:/srv/http/random21623/live/website.sock;
+}
+
+server {
+ listen 443;
+ server_name random27579.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random27579.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random21623/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random21623/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random27579.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random21623/live/access.log combined_plus;
+ error_log /var/log/nginx/random21623/live/error.log;
+}
+
+server {
+ listen 443;
+ server_name www.random27579.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random27579.example.org.key;
+
+ return 301 https://random27579.example.org$request_uri;
+}
+
+server {
+ listen 80;
+
+ server_name random27579.example.org www.random27579.example.org random11512.example.org;
+ server_name random18003.example.org www.random18003.example.org;
+ server_name random26730.example.org www.random26730.example.org;
+ server_name random3968.example.org www.random3968.example.org;
+ server_name random11925.example.org www.random11925.example.org;
+
+ return 301 https://random27579.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791
new file mode 100644
index 000000000..25933cebb
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791
@@ -0,0 +1,33 @@
+upstream django_server_random31057.example.org {
+ server unix:/srv/http/random22194/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random31057.example.org www.random31057.example.org;
+
+ if ($host != 'random31057.example.org') {
+ rewrite ^/(.*)$ http://random31057.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random22194/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random22194/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random31057.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_read_timeout 120;
+ }
+
+ access_log /var/log/nginx/random22194/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random22194/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803
new file mode 100644
index 000000000..9db2c07f5
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803
@@ -0,0 +1,32 @@
+upstream django_server_random16722.example.org {
+ server unix:/srv/http/random16722.example.org/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random16722.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random16722.example.org/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random16722.example.org/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random16722.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random16722.example.org/live/access.log combined_plus;
+ error_log /var/log/nginx/random16722.example.org/live/error.log;
+}
+
+server {
+ server_name www.random16722.example.org;
+ rewrite ^ http://random16722.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838
new file mode 100644
index 000000000..7bd3f2778
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838
@@ -0,0 +1,32 @@
+upstream django_server_random14388.example.org {
+ server unix:/srv/http/random4886/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random14388.example.org;
+
+ location /media/ {
+ alias /srv/http/random4886/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random4886/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random14388.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random4886/live/access.log;
+ error_log /var/log/nginx/random4886/live/error.log;
+}
+
+server {
+ server_name www.random14388.example.org;
+ return 301 http://random14388.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125
new file mode 100644
index 000000000..f7efda324
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125
@@ -0,0 +1,7 @@
+server {
+ listen 80;
+ server_name random14996.example.org;
+
+ root /srv/http/random23392/;
+ index index.html;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193
new file mode 100644
index 000000000..1d2b7ec83
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193
@@ -0,0 +1,62 @@
+upstream django_server_random6177.example.org {
+ server unix:/srv/http/random550/live/website.sock;
+}
+
+server {
+ listen 443 ssl;
+ server_name random2179.example.org;
+
+ ssl_certificate /etc/ssl/public/random2179.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random2179.example.org.key;
+
+
+ location /media/ {
+ alias /srv/http/random550/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random550/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random6177.example.org;
+ include /etc/nginx/django_proxy_params;
+ }
+
+ access_log /var/log/nginx/random550/live/access.log combined_plus;
+ error_log /var/log/nginx/random550/live/error.log;
+}
+
+server {
+ listen 80;
+ server_name random2179.example.org;
+
+ location /media/ {
+ alias /srv/http/random550/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random550/live/static_collected/;
+ expires 7d;
+ }
+
+ #location = / {
+ # return 301 https://random2179.example.org$request_uri;
+ #}
+
+ location / {
+ proxy_pass http://django_server_random6177.example.org;
+ include /etc/nginx/django_proxy_params;
+ }
+
+ access_log /var/log/nginx/random550/live/access_http.log combined_plus;
+ error_log /var/log/nginx/random550/live/error_http.log;
+}
+
+server {
+ server_name random6177.example.org www.random6177.example.org;
+ return 301 http://random2179.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213
new file mode 100644
index 000000000..b23aeae19
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213
@@ -0,0 +1,36 @@
+upstream django_server_random22047.example.org {
+ server unix:/srv/http/random26975/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random22047.example.org;
+
+ location /media/ {
+ alias /srv/http/random26975/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random26975/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random22047.example.org;
+ include /etc/nginx/django_proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random26975';
+ auth_basic_user_file /srv/http/random26975/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random26975/acceptance/access.log;
+ error_log /var/log/nginx/random26975/acceptance/error.log;
+}
+
+server {
+ server_name www.random22047.example.org;
+ return 301 http://random22047.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480
new file mode 100644
index 000000000..7628d27d2
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480
@@ -0,0 +1,32 @@
+upstream django_server_random6193.example.org {
+ server unix:/srv/http/random4755/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random6193.example.org www.random6193.example.org;
+
+ if ($host != 'random6193.example.org') {
+ rewrite ^/(.*)$ http://random6193.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random4755/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random4755/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random6193.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random4755/live/access.log combined_plus;
+ error_log /var/log/nginx/random4755/live/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195
new file mode 100644
index 000000000..232935a51
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195
@@ -0,0 +1,26 @@
+server {
+ listen 80;
+ server_name www.random25446.example.org random25446.example.org;
+
+ if ($host != 'random25446.example.org') {
+ rewrite ^/(.*)$ http://random25446.example.org/$1 permanent;
+ }
+
+ location ^~ /media {
+ alias /srv/http/random17476/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location ^~ /static {
+ alias /srv/http/random17476/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ include fastcgi_params;
+ fastcgi_pass unix:/srv/http/random17476/internal/website.sock;
+ }
+
+ access_log /var/log/nginx/random17476/internal/access.log combined_plus;
+ error_log /var/log/nginx/random17476/internal/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221
new file mode 100644
index 000000000..8e5893d61
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221
@@ -0,0 +1,32 @@
+upstream django_server_random4030.example.org {
+ server unix:/srv/http/random26975/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random4030.example.org;
+
+ location /media/ {
+ alias /srv/http/random26975/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random26975/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random4030.example.org;
+ include /etc/nginx/django_proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random26975/live/access.log;
+ error_log /var/log/nginx/random26975/live/error.log;
+}
+
+server {
+ server_name www.random4030.example.org;
+ return 301 http://random4030.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637
new file mode 100644
index 000000000..3ef549982
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637
@@ -0,0 +1,32 @@
+upstream django_server_random5890.example.org {
+ server unix:/srv/http/random4755/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random5890.example.org;
+
+ if ($host != 'random5890.example.org') {
+ rewrite ^/(.*)$ http://random5890.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random4755/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random4755/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random5890.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random4755/internal/access.log combined_plus;
+ error_log /var/log/nginx/random4755/internal/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758
new file mode 100644
index 000000000..f7cfb854c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758
@@ -0,0 +1,21 @@
+server {
+ listen 80 default_server;
+ #listen [::]:80 default_server ipv6only=on;
+ root /var/www/default/;
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ location ~ /\.ht {
+ deny all;
+ }
+
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+
+ access_log /var/log/nginx/access.log combined_plus;
+ error_log /var/log/nginx/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646
new file mode 100644
index 000000000..9328e2943
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646
@@ -0,0 +1,37 @@
+upstream django_server_random10783.example.org {
+ server unix:/srv/http/random4711/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random10783.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random4711/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random4711/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random10783.example.org;
+ include /etc/nginx/proxy_params;
+ proxy_read_timeout 4m;
+
+ satisfy any;
+ auth_basic 'acceptance for random4711';
+ auth_basic_user_file /srv/http/random4711/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random4711/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random4711/acceptance/error.log;
+}
+
+server {
+ server_name www.random10783.example.org;
+ rewrite ^ http://random10783.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728
new file mode 100644
index 000000000..fdef2900c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728
@@ -0,0 +1,5 @@
+server {
+ location =/ {
+ return 404;
+ }
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736
new file mode 100644
index 000000000..5f579971a
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736
@@ -0,0 +1,32 @@
+upstream django_server_random17112.example.org {
+ server unix:/srv/http/random29467/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random17112.example.org www.random17112.example.org;
+
+ if ($host != 'random17112.example.org') {
+ rewrite ^/(.*)$ http://random17112.example.org/$1 permanent;
+ }
+
+ location ^~ /media/ {
+ alias /srv/http/random29467/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random29467/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random17112.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random29467/live/access.log combined_plus;
+ error_log /var/log/nginx/random29467/live/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812
new file mode 100644
index 000000000..8e455eb9b
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812
@@ -0,0 +1,36 @@
+upstream django_server_random1296.example.org {
+ server unix:/srv/http/random2912/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random1296.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random2912/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random2912/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1296.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random2912';
+ auth_basic_user_file /srv/http/random2912/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random2912/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random2912/acceptance/error.log;
+}
+
+server {
+ server_name www.random1296.example.org;
+ rewrite ^ http://random1296.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050
new file mode 100644
index 000000000..3d0ac97ae
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050
@@ -0,0 +1,36 @@
+upstream django_server_random11685.example.org {
+ server unix:/srv/http/random4886/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random11685.example.org;
+
+ location /media/ {
+ alias /srv/http/random4886/internal/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random4886/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random11685.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random4886';
+ auth_basic_user_file /srv/http/random4886/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random4886/internal/access.log;
+ error_log /var/log/nginx/random4886/internal/error.log;
+}
+
+server {
+ server_name www.random11685.example.org;
+ return 301 http://random11685.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690
new file mode 100644
index 000000000..69bcb26c0
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690
@@ -0,0 +1,32 @@
+upstream django_server_random16112.example.org {
+ server unix:/srv/http/random24645/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random16112.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random24645/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random24645/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random16112.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random24645/live/access.log;
+ error_log /var/log/nginx/random24645/live/error.log;
+}
+
+server {
+ server_name www.random16112.example.org;
+ rewrite ^ http://random16112.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159
new file mode 100644
index 000000000..be6481eae
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159
@@ -0,0 +1,33 @@
+upstream django_server_random29198.example.org {
+ server unix:/srv/http/random28641/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random29198.example.org;
+
+ location ~ /static/(.*)$ {
+ alias /srv/http/random28641/acceptance/website/static/$1;
+ expires 7d;
+ }
+
+
+ location / {
+ proxy_pass http://django_server_random29198.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random28641';
+ auth_basic_user_file /srv/http/random28641/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random28641/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random28641/acceptance/error.log;
+}
+
+server {
+ server_name www.random29198.example.org;
+ rewrite ^ http://random29198.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951
new file mode 100644
index 000000000..683aa3226
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951
@@ -0,0 +1,67 @@
+server {
+ listen 80;
+ #listen [::]:80 default_server ipv6only=on;
+ root /var/www/random616_log/;
+ server_name random12800.example.org;
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+
+ # With php5-fpm:
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ location ~ /\.ht {
+ deny all;
+ }
+
+ location /nginx_status {
+ stub_status on;
+ access_log off;
+ allow 127.0.0.1;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random12543/access.log combined_plus;
+ error_log /var/log/nginx/random12543/error.log;
+}
+
+server {
+ listen 443 default_server;
+ #listen [::]:443 default_server ipv6only=on;
+ root /var/www/random616_log/;
+ server_name random12800.example.org;
+
+ # We created (will create) this SSL certificate ourselves, using our own CA. This way, we can control strictly which CA the XXX trusts.
+ # See ytec #6244
+ # However, we're working on a fix for high SSL overhead. We're hoping to be able to keep the connections open between log POSTs, like SSL can.
+ ssl on;
+ ssl_certificate /etc/ssl/public/random12800.example.org.crt;
+ ssl_certificate_key /etc/ssl/private/random12800.example.org.key;
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+
+ # With php5-fpm:
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ location ~ /\.ht {
+ deny all;
+ }
+
+ access_log /var/log/nginx/random12543/access.log combined_plus;
+ error_log /var/log/nginx/random12543/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011
new file mode 100644
index 000000000..479edac5d
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011
@@ -0,0 +1,37 @@
+upstream django_server_random12785.example.org {
+ server unix:/srv/http/random14353/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random12785.example.org;
+
+ location /media/ {
+ alias /srv/http/random14353/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random14353/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random12785.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+
+ satisfy any;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random14353/live/access.log;
+ error_log /var/log/nginx/random14353/live/error.log;
+}
+
+server {
+ server_name www.random12785.example.org;
+ return 301 http://random12785.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571
new file mode 100644
index 000000000..84e44dd7c
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571
@@ -0,0 +1,31 @@
+upstream django_server_random7150.example.org {
+ server unix:/srv/http/random550/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random7150.example.org;
+
+ location /media/ {
+ alias /srv/http/random550/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random550/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random7150.example.org;
+ include /etc/nginx/django_proxy_params;
+ }
+
+ access_log /var/log/nginx/random550/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random550/acceptance/error.log;
+}
+
+server {
+ server_name www.random7150.example.org;
+ return 301 http://random7150.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900
new file mode 100644
index 000000000..648693cbc
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900
@@ -0,0 +1,33 @@
+upstream django_server_random31131.example.org {
+ server unix:/srv/http/random24334/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random31131.example.org;
+
+ location /media/ {
+ alias /srv/http/random24334/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random24334/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random31131.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random24334/internal/access.log combined_plus;
+ error_log /var/log/nginx/random24334/internal/error.log;
+}
+
+server {
+ server_name www.random31131.example.org;
+ return 301 http://random31131.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190
new file mode 100644
index 000000000..8c7738c03
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190
@@ -0,0 +1,4 @@
+server {
+ server_name www.random5115;
+ return 301 http://www.random10305.example.org;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279
new file mode 100644
index 000000000..16f4e5e9e
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279
@@ -0,0 +1,25 @@
+server {
+ listen 80;
+ root /home/admin/random19651_log/;
+ server_name random16339.example.org;
+
+ # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+ location ~ \.php$ {
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+
+ # With php5-fpm:
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ }
+
+ # deny access to .htaccess files, if Apache's document root
+ # concurs with nginx's one
+ location ~ /\.ht {
+ deny all;
+ }
+
+ access_log /var/log/nginx/random4235/access.log combined_plus;
+ error_log /var/log/nginx/random4235/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317
new file mode 100644
index 000000000..e9c986ff1
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317
@@ -0,0 +1,32 @@
+upstream django_server_random21989.example.org {
+ server unix:/srv/http/random28136/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random21989.example.org;
+
+ location ~ /static/(.*)$ {
+ alias /srv/http/random28136/acceptance/website/static/$1;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random21989.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'acceptance for random28136';
+ auth_basic_user_file /srv/http/random28136/acceptance/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random28136/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random28136/acceptance/error.log;
+}
+
+server {
+ server_name www.random21989.example.org;
+ rewrite ^ http://random21989.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438
new file mode 100644
index 000000000..66929620f
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438
@@ -0,0 +1,46 @@
+upstream django_server_random1769.example.org {
+ server unix:/srv/http/random7047/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random1769.example.org;
+
+ if ($host != 'random1769.example.org') {
+ rewrite ^/(.*)$ http://random1769.example.org/$1 permanent;
+ }
+
+ rewrite ^/(.*) https://$host:8444/$1;
+}
+
+server {
+ listen 8444;
+ server_name random1769.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random6822.example.org.crt;
+ ssl_certificate_key /etc/ssl/private/random6822.example.org.key;
+
+ location ^~ /media/ {
+ alias /srv/http/random7047/acceptance/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random7047/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1769.example.org;
+ include /etc/nginx/proxy_params;
+
+ #satisfy any;
+ #auth_basic 'acceptance for random7047';
+ #auth_basic_user_file /srv/http/random7047/acceptance/htpasswords;
+ #include /etc/nginx/allow_ytec_ips_params;
+ #deny all;
+ }
+
+ access_log /var/log/nginx/random7047/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random7047/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483
new file mode 100644
index 000000000..7a415c293
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483
@@ -0,0 +1,32 @@
+server {
+ listen 80;
+ server_name random9761.example.org;
+
+
+ location ~ /static/(.*)$ {
+ alias /srv/http/random14537/static_collected/$1;
+ expires 7d;
+ }
+
+ location ~ /media/(.*)$ {
+ alias /srv/http/random14537/dynamic/public/$1;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+
+
+ location / {
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $remote_addr;
+ proxy_set_header Host $host;
+ proxy_pass http://127.0.0.1:81;
+ proxy_connect_timeout 120;
+ proxy_read_timeout 120;
+ }
+
+ location ~ /\.ht {
+ deny all;
+ }
+
+ access_log /var/log/nginx/random14537/access.log combined_plus;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507
new file mode 100644
index 000000000..0fdca78d7
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507
@@ -0,0 +1,44 @@
+server {
+ listen 80;
+ server_name random3674.example.org www.random3674.example.org;
+
+ root /srv/http/random3674.example.org;
+ index index.html index.htm;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ access_log /var/log/nginx/random3674.example.org/access.log combined_plus;
+ error_log /var/log/nginx/random3674.example.org/error.log;
+}
+
+server {
+ listen 80;
+ server_name random27569.example.org www.random27569.example.org;
+
+ root /srv/http/random27569.example.org;
+ index index.html index.htm;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ access_log /var/log/nginx/random27569.example.org/access.log combined_plus;
+ error_log /var/log/nginx/random27569.example.org/error.log;
+}
+
+server {
+ listen 80;
+ server_name random11055.example.org www.random11055.example.org;
+
+ root /srv/http/random11055.example.org;
+ index index.html index.htm;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ access_log /var/log/nginx/random11055.example.org/access.log combined_plus;
+ error_log /var/log/nginx/random11055.example.org/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874
new file mode 100644
index 000000000..1180f2eb1
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874
@@ -0,0 +1,46 @@
+upstream django_server_random7267.example.org {
+ server unix:/srv/http/random24334/live/website.sock;
+}
+
+server {
+ listen 80;
+ listen 443 ssl;
+
+ server_name random7267.example.org;
+
+ ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7267.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random24334/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random24334/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random7267.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random24334/live/access.log combined_plus;
+ error_log /var/log/nginx/random24334/live/error.log;
+}
+
+server {
+ listen 80;
+ listen 443 ssl;
+
+ server_name www.random7267.example.org;
+
+ ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt;
+ ssl_certificate_key /etc/ssl/private/random7267.example.org.key;
+
+ return 301 http://random7267.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035
new file mode 100644
index 000000000..1a1deb96b
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035
@@ -0,0 +1,31 @@
+upstream django_server_random2104.example.org {
+ server unix:/srv/http/random28136/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name www.random2104.example.org;
+
+ location ~ /static/(.*)$ {
+ alias /srv/http/random28136/live/website/static/$1;
+ expires 7d;
+ }
+
+
+ location / {
+ proxy_pass http://django_server_random2104.example.org;
+ include /etc/nginx/proxy_params;
+ proxy_connect_timeout 240;
+ proxy_read_timeout 240;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random28136/live/access.log combined_plus;
+ error_log /var/log/nginx/random28136/live/error.log;
+}
+
+server {
+ server_name random2104.example.org;
+ rewrite ^ http://www.random2104.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143
new file mode 100644
index 000000000..add683007
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143
@@ -0,0 +1,33 @@
+upstream django_server_random24919.example.org {
+ server unix:/srv/http/random7831/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random24919.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random7831/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random7831/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random24919.example.org;
+ include /etc/nginx/proxy_params;
+
+ proxy_connect_timeout 240;
+ proxy_read_timeout 240;
+ }
+
+ access_log /var/log/nginx/random7831/live/access.log combined_plus;
+ error_log /var/log/nginx/random7831/live/error.log;
+}
+
+server {
+ server_name www.random24919.example.org;
+ rewrite ^ http://random24919.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264
new file mode 100644
index 000000000..ef347862f
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264
@@ -0,0 +1,12 @@
+# vhost created by moving from marauder, but there it was an apache vhost.
+
+server {
+ listen 80;
+ server_name random3080.example.org www.random3080.example.org random26833.example.org www.random26833.example.org;
+
+ root /srv/http/random10391.example.org/;
+
+ if ($request_uri != '/googleYYYYYYYYYYYYYYYY.html') {
+ rewrite ^ http://random10305.example.org/ permanent;
+ }
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826
new file mode 100644
index 000000000..bcfc662b2
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826
@@ -0,0 +1,38 @@
+upstream django_server_random1107.example.org {
+ server unix:/srv/http/random4755/acceptance/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random1107.example.org www.random1107.example.org;
+
+ if ($host != 'random1107.example.org') {
+ rewrite ^/(.*)$ http://random1107.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random4755/acceptance/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random4755/acceptance/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random1107.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ satisfy any;
+ allow 89.188.25.162;
+ auth_basic "random4755 acceptance";
+ auth_basic_user_file htpasswords/random4755_acceptance;
+
+ }
+
+ access_log /var/log/nginx/random4755/acceptance/access.log combined_plus;
+ error_log /var/log/nginx/random4755/acceptance/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872
new file mode 100644
index 000000000..fe41f9872
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872
@@ -0,0 +1,36 @@
+upstream django_server_random8404.example.org {
+ server unix:/srv/http/random1006/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random8404.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random1006/internal/website/static/;
+ expires 7d;
+ }
+ #location ^~ /static/ {
+ # alias /srv/http/random1006/internal/website/static/;
+ # expires 7d;
+ #}
+
+ location / {
+ proxy_pass http://django_server_random8404.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random1006';
+ auth_basic_user_file /srv/http/random1006/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random1006/internal/access.log combined_plus;
+ error_log /var/log/nginx/random1006/internal/error.log;
+}
+
+server {
+ server_name www.random8404.example.org;
+ rewrite ^ http://random8404.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228
new file mode 100644
index 000000000..d5c157e88
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228
@@ -0,0 +1,39 @@
+upstream django_server_random15255_intern {
+ server unix:/srv/http/random15255/intern/website.sock fail_timeout=5;
+}
+
+server {
+ listen 80;
+ server_name random11459.example.org www.random11459.example.org;
+
+ if ($host != 'random11459.example.org') {
+ rewrite ^/(.*)$ http://random11459.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random15255/internal/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random15255/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random15255_intern;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+
+ satisfy any;
+ auth_basic 'random191 internal';
+ auth_basic_user_file /srv/http/random15255/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random15255/internal/access.log combined_plus;
+ error_log /var/log/nginx/random15255/internal/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895
new file mode 100644
index 000000000..4a49ea47e
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895
@@ -0,0 +1,32 @@
+upstream django_server_random20084.example.org {
+ server unix:/srv/http/random1540/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random3969.example.org www.random20084.example.org random20084.example.org;
+
+ if ($host != 'www.random20084.example.org') {
+ rewrite ^/(.*)$ http://www.random20084.example.org/$1 permanent;
+ }
+
+ location /media/ {
+ alias /srv/http/random1540/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random1540/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random20084.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+
+ access_log /var/log/nginx/random1540/live/access.log combined_plus;
+ error_log /var/log/nginx/random1540/live/error.log;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343
new file mode 100644
index 000000000..9e0d39d47
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343
@@ -0,0 +1,36 @@
+upstream django_server_random29577.example.org {
+ server unix:/srv/http/random24645/internal/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random29577.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random24645/internal/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random24645/internal/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random29577.example.org;
+ include /etc/nginx/proxy_params;
+
+ satisfy any;
+ auth_basic 'internal for random24645';
+ auth_basic_user_file /srv/http/random24645/internal/htpasswords;
+ include /etc/nginx/allow_ytec_ips_params;
+ deny all;
+ }
+
+ access_log /var/log/nginx/random24645/internal/access.log;
+ error_log /var/log/nginx/random24645/internal/error.log;
+}
+
+server {
+ server_name www.random29577.example.org;
+ rewrite ^ http://random29577.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422
new file mode 100644
index 000000000..c3b979b4e
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422
@@ -0,0 +1,46 @@
+upstream django_server_random25771.example.org {
+ server unix:/srv/http/random4711/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random25771.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random4711/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random4711/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random25771.example.org;
+ include /etc/nginx/proxy_params;
+ proxy_read_timeout 4m;
+
+ # You can configure access rules here
+ }
+
+ client_max_body_size 25m;
+
+ access_log /var/log/nginx/random4711/live/access.log combined_plus;
+ error_log /var/log/nginx/random4711/live/error.log;
+}
+
+server {
+ server_name www.random25771.example.org;
+ server_name *.random17707.example.org;
+ server_name *.random22274.example.org;
+ server_name *.random26333.example.org;
+ server_name *.random10742.example.org;
+ server_name *.random8297.example.org;
+ server_name *.random18250.example.org;
+ server_name *.random30184.example.org;
+ server_name *.random27005.example.org;
+ server_name *.random12286.example.org;
+ server_name *.random28076.example.org;
+ server_name *.random26194.example.org;
+ rewrite ^ http://random25771.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637
new file mode 100644
index 000000000..91e31bbfd
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637
@@ -0,0 +1,40 @@
+upstream django_server_random27891.example.org {
+ server unix:/srv/http/random6344/live/website.sock;
+}
+
+server {
+ listen 443;
+ server_name random27891.example.org;
+
+ ssl on;
+ ssl_certificate /etc/ssl/public/random27891.example.org.bundle.crt;
+ ssl_certificate_key /etc/ssl/private/random27891.example.org.key;
+
+ location /media/ {
+ alias /srv/http/random6344/live/dynamic/public/;
+ expires 7d;
+ include upload_folder_security_params;
+ }
+ location /static/ {
+ alias /srv/http/random6344/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random27891.example.org;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ }
+
+ access_log /var/log/nginx/random6344/live/access.log combined_plus;
+ error_log /var/log/nginx/random6344/live/error.log;
+}
+
+server {
+ listen 80;
+ server_name random27891.example.org;
+
+ return 301 https://random27891.example.org$request_uri;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662
new file mode 100644
index 000000000..3fe9c4011
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662
@@ -0,0 +1,32 @@
+upstream django_server_random27507.example.org {
+ server unix:/srv/http/random24211/live/website.sock;
+}
+
+server {
+ listen 80;
+ server_name random27507.example.org;
+
+ location ^~ /media/ {
+ alias /srv/http/random24211/live/dynamic/public/;
+ expires 7d;
+ }
+ location ^~ /static/ {
+ alias /srv/http/random24211/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random27507.example.org;
+ include /etc/nginx/proxy_params;
+
+ # You can configure access rules here
+ }
+
+ access_log /var/log/nginx/random24211/live/access.log combined_plus;
+ error_log /var/log/nginx/random24211/live/error.log;
+}
+
+server {
+ server_name www.random27507.example.org;
+ rewrite ^ http://random27507.example.org$request_uri permanent;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426
new file mode 100644
index 000000000..90dad9601
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426
@@ -0,0 +1,111 @@
+upstream django_server_random20374.nl {
+ server unix:/srv/http/random20374/live/website.sock;
+}
+
+server {
+ listen 80;
+
+ # Main domain
+ server_name random9123.example.org;
+
+ # So called mini-sites, resulting in landing pages for Google.
+ server_name random16942.example.org;
+ server_name random23560.example.org;
+ server_name random17636.example.org;
+ server_name random13969.example.org;
+ server_name random4892.example.org;
+ server_name random24240.example.org;
+ server_name random25863.example.org;
+ server_name random26503.example.org;
+ server_name random5090.example.org;
+ server_name random1856.example.org;
+ server_name random2911.example.org;
+ server_name random16405.example.org;
+
+ location /media/ {
+ alias /srv/http/random20374/live/dynamic/public/;
+ expires 7d;
+ }
+ location /static/ {
+ alias /srv/http/random20374/live/static_collected/;
+ expires 7d;
+ }
+
+ location / {
+ proxy_pass http://django_server_random20374.nl;
+ include /etc/nginx/proxy_params;
+ }
+
+ access_log /var/log/nginx/random20374/live/access.log combined_plus;
+ error_log /var/log/nginx/random20374/live/error.log;
+}
+
+server {
+ server_name www.random9123.example.org;
+ return 301 $scheme://random9123.example.org$request_uri;
+}
+
+server {
+ server_name www.random1825.example.org random1825.example.org;
+ return 301 $scheme://random9123.example.org$request_uri;
+}
+
+server {
+ server_name www.random16942.example.org;
+ return 301 $scheme://random16942.example.org;
+}
+
+server {
+ server_name www.random23560.example.org;
+ return 301 $scheme://random23560.example.org;
+}
+
+server {
+ server_name www.random17636.example.org;
+ return 301 $scheme://random17636.example.org;
+}
+
+server {
+ server_name www.random13969.example.org;
+ return 301 $scheme://random13969.example.org;
+}
+
+server {
+ server_name www.random4892.example.org;
+ return 301 $scheme://random4892.example.org;
+}
+
+server {
+ server_name www.random24240.example.org;
+ return 301 $scheme://random24240.example.org;
+}
+
+server {
+ server_name www.random25863.example.org;
+ return 301 $scheme://random25863.example.org;
+}
+
+server {
+ server_name www.random26503.example.org;
+ return 301 $scheme://random26503.example.org;
+}
+
+server {
+ server_name www.random5090.example.org;
+ return 301 $scheme://random5090.example.org;
+}
+
+server {
+ server_name www.random1856.example.org;
+ return 301 $scheme://random1856.example.org;
+}
+
+server {
+ server_name www.random2911.example.org;
+ return 301 $scheme://random2911.example.org;
+}
+
+server {
+ server_name www.random16405.example.org;
+ return 301 $scheme://random16405.example.org;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost
new file mode 100644
index 000000000..71344abea
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost
@@ -0,0 +1,44 @@
+server {
+ listen 80;
+ server_name www.example.com example.com;
+ root /var/www/www.example.com/web;
+
+ if ($http_host != "www.example.com") {
+ rewrite ^ http://www.example.com$request_uri permanent;
+ }
+
+ index index.php index.html;
+
+ location = /favicon.ico {
+ log_not_found off;
+ access_log off;
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+ location ~ /\. {
+ deny all;
+ access_log off;
+ log_not_found off;
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php?path_info=$uri&$args;
+ access_log off;
+ expires max;
+ }
+
+ location ~ \.php$ {
+ try_files $uri =404;
+ include /etc/nginx/fastcgi_params;
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_intercept_errors on;
+ }
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf
new file mode 100644
index 000000000..b3ca02f92
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/anothermapcase/nginx.conf
@@ -0,0 +1,3 @@
+map $uri $blogname{
+ ~^(?P/[^/]+/)files/(.*) $blogpath ;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf
new file mode 100644
index 000000000..056987136
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf
@@ -0,0 +1,9 @@
+#-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+### fastcgi configuration.
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+include fastcgi_params;
+fastcgi_buffers 256 4k;
+fastcgi_intercept_errors on;
+## allow 4 hrs - pass timeout responsibility to upstrea
+fastcgi_read_timeout 14400;
+fastcgi_index index.php;
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params
new file mode 100644
index 000000000..4a7f26920
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params
@@ -0,0 +1,32 @@
+# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
+### fastcgi parameters.
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
+## PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
+## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or
+## later. The if_not_empty flag was introduced in 1.1.11. See:
+## http://nginx.org/en/CHANGES. If using a version that doesn't
+## support this comment out the line below.
+fastcgi_param HTTPS $https if_not_empty;
+## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above.
+#fastcgi_param HTTPS $https
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf
new file mode 100644
index 000000000..e7974ff6a
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf
@@ -0,0 +1,109 @@
+
+# This map is not a full koi8-r <> utf8 map: it does not contain
+# box-drawing and some other characters. Besides this map contains
+# several koi8-u and Byelorussian letters which are not in koi8-r.
+# If you need a full and standard map, use contrib/unicode2nginx/koi-utf
+# map instead.
+
+charset_map koi8-r utf-8 {
+
+ 80 E282AC ; # euro
+
+ 95 E280A2 ; # bullet
+
+ 9A C2A0 ; #
+
+ 9E C2B7 ; # ·
+
+ A3 D191 ; # small yo
+ A4 D194 ; # small Ukrainian ye
+
+ A6 D196 ; # small Ukrainian i
+ A7 D197 ; # small Ukrainian yi
+
+ AD D291 ; # small Ukrainian soft g
+ AE D19E ; # small Byelorussian short u
+
+ B0 C2B0 ; # °
+
+ B3 D081 ; # capital YO
+ B4 D084 ; # capital Ukrainian YE
+
+ B6 D086 ; # capital Ukrainian I
+ B7 D087 ; # capital Ukrainian YI
+
+ B9 E28496 ; # numero sign
+
+ BD D290 ; # capital Ukrainian soft G
+ BE D18E ; # capital Byelorussian short U
+
+ BF C2A9 ; # (C)
+
+ C0 D18E ; # small yu
+ C1 D0B0 ; # small a
+ C2 D0B1 ; # small b
+ C3 D186 ; # small ts
+ C4 D0B4 ; # small d
+ C5 D0B5 ; # small ye
+ C6 D184 ; # small f
+ C7 D0B3 ; # small g
+ C8 D185 ; # small kh
+ C9 D0B8 ; # small i
+ CA D0B9 ; # small j
+ CB D0BA ; # small k
+ CC D0BB ; # small l
+ CD D0BC ; # small m
+ CE D0BD ; # small n
+ CF D0BE ; # small o
+
+ D0 D0BF ; # small p
+ D1 D18F ; # small ya
+ D2 D180 ; # small r
+ D3 D181 ; # small s
+ D4 D182 ; # small t
+ D5 D183 ; # small u
+ D6 D0B6 ; # small zh
+ D7 D0B2 ; # small v
+ D8 D18C ; # small soft sign
+ D9 D18B ; # small y
+ DA D0B7 ; # small z
+ DB D188 ; # small sh
+ DC D18D ; # small e
+ DD D189 ; # small shch
+ DE D187 ; # small ch
+ DF D18A ; # small hard sign
+
+ E0 D0AE ; # capital YU
+ E1 D090 ; # capital A
+ E2 D091 ; # capital B
+ E3 D0A6 ; # capital TS
+ E4 D094 ; # capital D
+ E5 D095 ; # capital YE
+ E6 D0A4 ; # capital F
+ E7 D093 ; # capital G
+ E8 D0A5 ; # capital KH
+ E9 D098 ; # capital I
+ EA D099 ; # capital J
+ EB D09A ; # capital K
+ EC D09B ; # capital L
+ ED D09C ; # capital M
+ EE D09D ; # capital N
+ EF D09E ; # capital O
+
+ F0 D09F ; # capital P
+ F1 D0AF ; # capital YA
+ F2 D0A0 ; # capital R
+ F3 D0A1 ; # capital S
+ F4 D0A2 ; # capital T
+ F5 D0A3 ; # capital U
+ F6 D096 ; # capital ZH
+ F7 D092 ; # capital V
+ F8 D0AC ; # capital soft sign
+ F9 D0AB ; # capital Y
+ FA D097 ; # capital Z
+ FB D0A8 ; # capital SH
+ FC D0AD ; # capital E
+ FD D0A9 ; # capital SHCH
+ FE D0A7 ; # capital CH
+ FF D0AA ; # capital hard sign
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win
new file mode 100644
index 000000000..72afabe89
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win
@@ -0,0 +1,103 @@
+
+charset_map koi8-r windows-1251 {
+
+ 80 88 ; # euro
+
+ 95 95 ; # bullet
+
+ 9A A0 ; #
+
+ 9E B7 ; # ·
+
+ A3 B8 ; # small yo
+ A4 BA ; # small Ukrainian ye
+
+ A6 B3 ; # small Ukrainian i
+ A7 BF ; # small Ukrainian yi
+
+ AD B4 ; # small Ukrainian soft g
+ AE A2 ; # small Byelorussian short u
+
+ B0 B0 ; # °
+
+ B3 A8 ; # capital YO
+ B4 AA ; # capital Ukrainian YE
+
+ B6 B2 ; # capital Ukrainian I
+ B7 AF ; # capital Ukrainian YI
+
+ B9 B9 ; # numero sign
+
+ BD A5 ; # capital Ukrainian soft G
+ BE A1 ; # capital Byelorussian short U
+
+ BF A9 ; # (C)
+
+ C0 FE ; # small yu
+ C1 E0 ; # small a
+ C2 E1 ; # small b
+ C3 F6 ; # small ts
+ C4 E4 ; # small d
+ C5 E5 ; # small ye
+ C6 F4 ; # small f
+ C7 E3 ; # small g
+ C8 F5 ; # small kh
+ C9 E8 ; # small i
+ CA E9 ; # small j
+ CB EA ; # small k
+ CC EB ; # small l
+ CD EC ; # small m
+ CE ED ; # small n
+ CF EE ; # small o
+
+ D0 EF ; # small p
+ D1 FF ; # small ya
+ D2 F0 ; # small r
+ D3 F1 ; # small s
+ D4 F2 ; # small t
+ D5 F3 ; # small u
+ D6 E6 ; # small zh
+ D7 E2 ; # small v
+ D8 FC ; # small soft sign
+ D9 FB ; # small y
+ DA E7 ; # small z
+ DB F8 ; # small sh
+ DC FD ; # small e
+ DD F9 ; # small shch
+ DE F7 ; # small ch
+ DF FA ; # small hard sign
+
+ E0 DE ; # capital YU
+ E1 C0 ; # capital A
+ E2 C1 ; # capital B
+ E3 D6 ; # capital TS
+ E4 C4 ; # capital D
+ E5 C5 ; # capital YE
+ E6 D4 ; # capital F
+ E7 C3 ; # capital G
+ E8 D5 ; # capital KH
+ E9 C8 ; # capital I
+ EA C9 ; # capital J
+ EB CA ; # capital K
+ EC CB ; # capital L
+ ED CC ; # capital M
+ EE CD ; # capital N
+ EF CE ; # capital O
+
+ F0 CF ; # capital P
+ F1 DF ; # capital YA
+ F2 D0 ; # capital R
+ F3 D1 ; # capital S
+ F4 D2 ; # capital T
+ F5 D3 ; # capital U
+ F6 C6 ; # capital ZH
+ F7 C2 ; # capital V
+ F8 DC ; # capital soft sign
+ F9 DB ; # capital Y
+ FA C7 ; # capital Z
+ FB D8 ; # capital SH
+ FC DD ; # capital E
+ FD D9 ; # capital SHCH
+ FE D7 ; # capital CH
+ FF DA ; # capital hard sign
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf
new file mode 100644
index 000000000..a8d62223a
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf
@@ -0,0 +1,7 @@
+# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*-
+### Implement the $https_if_not_empty variable for Nginx versions below 1.1.11.
+
+map $scheme $https {
+ default '';
+ https on;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types
new file mode 100644
index 000000000..618b8f8e7
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types
@@ -0,0 +1,77 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-current-dictionary: american -*-
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml rss;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/x-javascript js;
+ application/atom+xml atom;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+ image/svg+xml svg svgz;
+
+ application/java-archive jar war ear;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.wap.wmlc wmlc;
+ application/vnd.wap.xhtml+xml xhtml;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/zip zip;
+
+ # Mime types for web fonts. Stolen from here:
+ # http://seconddrawer.com.au/blog/ in part.
+ application/x-font-ttf ttf;
+ font/opentype otf;
+ application/vnd.ms-fontobject eot;
+ application/x-woff woff;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/x-flv flv;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf
new file mode 100644
index 000000000..22ad4c317
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf
@@ -0,0 +1,119 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+user www-data;
+worker_processes 4;
+
+error_log /var/log/nginx/error.log;
+pid /var/run/nginx.pid;
+
+worker_rlimit_nofile 8192;
+
+events {
+ worker_connections 4096;
+ ## epoll is preferred on 2.6 Linux
+ ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll
+ use epoll;
+ ## Accept as many connections as possible.
+ multi_accept on;
+}
+
+http {
+ ## MIME types.
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ## FastCGI.
+ include /etc/nginx/fastcgi.conf;
+
+ ## Default log and error files.
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ ## Use sendfile() syscall to speed up I/O operations and speed up
+ ## static file serving.
+ sendfile on;
+ ## Handling of IPs in proxied and load balancing situations.
+ set_real_ip_from 0.0.0.0/32; # all addresses get a real IP.
+ real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy
+
+ ## Define a zone for limiting the number of simultaneous
+ ## connections nginx accepts. 1m means 32000 simultaneous
+ ## sessions. We need to define for each server the limit_conn
+ ## value refering to this or other zones.
+ ## ** This syntax requires nginx version >=
+ ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older
+ ## ** version then use the limit_zone directive below
+ ## ** instead. Comment out this
+ ## ** one if not using nginx version >= 1.1.8.
+ limit_conn_zone $binary_remote_addr zone=arbeit:10m;
+
+ ## Timeouts.
+ client_body_timeout 60;
+ client_header_timeout 60;
+ keepalive_timeout 10 10;
+ send_timeout 60;
+
+ ## Reset lingering timed out connections. Deflect DDoS.
+ reset_timedout_connection on;
+
+ ## Body size.
+ client_max_body_size 10m;
+
+ ## TCP options.
+ tcp_nodelay on;
+ tcp_nopush on;
+
+ ## Compression.
+ gzip on;
+ gzip_buffers 16 8k;
+ gzip_comp_level 1;
+ gzip_http_version 1.1;
+ gzip_min_length 10;
+ gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
+ gzip_vary on;
+ gzip_proxied any; # Compression for all requests.
+ ## No need for regexps. See
+ ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable
+ gzip_disable "msie6";
+
+ ## Serve already compressed files directly, bypassing on-the-fly
+ ## compression.
+ gzip_static on;
+
+ ## Hide the Nginx version number.
+ server_tokens off;
+
+ ## Use a SSL/TLS cache for SSL session resume. This needs to be
+ ## here (in this context, for session resumption to work. See this
+ ## thread on the Nginx mailing list:
+ ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 10m;
+
+ ## For the filefield_nginx_progress module to work. From the
+ ## README. Reserve 1MB under the name 'uploads' to track uploads.
+ upload_progress uploads 1m;
+
+ ## Enable clickjacking protection in modern browsers. Available in
+ ## IE8 also. See
+ ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header
+ add_header X-Frame-Options sameorigin;
+
+ ## Include the upstream servers for PHP FastCGI handling config.
+ include upstream_phpcgi.conf;
+
+ ## If using Nginx version >= 1.1.11 then there's a $https variable
+ ## that has the value 'on' if the used scheme is https and '' if not.
+ ## See: http://trac.nginx.org/nginx/changeset/4380/nginx
+ ## http://trac.nginx.org/nginx/changeset/4333/nginx and
+ ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a
+ ## previous version then uncomment out the line below.
+ #include map_https_fcgi.conf;
+
+ ## Include the upstream servers for Apache handling the PHP
+ ## processes. In this case Nginx functions as a reverse proxy.
+ #include reverse_proxy.conf;
+ #include upstream_phpapache.conf;
+
+ ## Include all vhosts.
+ include /etc/nginx/sites-enabled/*;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf
new file mode 100644
index 000000000..ee0faadd7
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf
@@ -0,0 +1,10 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+
+### Configuration for reverse proxy. Passing the necessary headers to
+### the backend. Nginx doesn't tunnel the connection, it opens a new
+### one. Hence whe need to send these headers to the backend so that
+### the client(s) IP is available to them. The host is also sent.
+
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header Host $http_host;
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default
new file mode 100644
index 000000000..9dbaa44ff
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default
@@ -0,0 +1,19 @@
+# -*-mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+### Block all illegal host headers. Taken from a discussion on nginx
+### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following
+### a suggestion by Maxim Dounin. Also suggested in
+### http://nginx.org/en/docs/http/request_processing.html.
+server {
+ listen [::]:80 default_server;
+ # Uncomment the line below and comment the above if you're
+ # running a Nginx version less than 0.8.20.
+ # listen [::]:80 default;
+
+ # Accept redirects based on the value of the Host header. If
+ # there's no valid vhost configuration file with a
+ # corresponding server_name directive then signal an error and
+ # fail silently. See:
+ # http://wiki.nginx.org/NginxHttpCoreModule#server_name_in_redirect
+ server_name_in_redirect off;
+ return 444;
+}
diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf
new file mode 100644
index 000000000..e77024456
--- /dev/null
+++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf
@@ -0,0 +1,102 @@
+# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*-
+### Nginx configuration for Chive.
+
+server {
+ ## This is to avoid the spurious if for sub-domain name
+ ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name.
+ listen 80; # IPv4
+
+ ## Replace the IPv6 address by your own address. The address below
+ ## was stolen from the wikipedia page on IPv6.
+ listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on;
+
+ server_name www.chive.example.com;
+
+ return 301 $scheme://chive.example.com$request_uri;
+
+} # server domain rewrite.
+
+server {
+ listen 80; # IPv4
+
+ ## Replace the IPv6 address by your own address. The address below
+ ## was stolen from the wikipedia page on IPv6.
+ listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on;
+
+ limit_conn arbeit 32;
+ server_name chive.example.com;
+
+ ## Parameterization using hostname of access and log filenames.
+ access_log /var/log/nginx/chive.example.com_access.log;
+ error_log /var/log/nginx/chive.example.com_error.log;
+
+ root /var/www/sites/chive.example.com;
+ index index.php index.html;
+
+ ## Support for favicon. Return a 204 (No Content) if the favicon
+ ## doesn't exist.
+ location = /favicon.ico {
+ try_files /favicon.ico =204;
+ }
+
+ ## The main location is accessed using Basic Auth.
+ location / {
+ ## Access is restricted.
+ auth_basic "Restricted Access"; # auth realm
+ auth_basic_user_file .htpasswd-users; # htpasswd file
+
+ ## Use PATH_INFO for translating the requests to the
+ ## FastCGI. This config follows Igor's suggestion here:
+ ## http://forum.nginx.org/read.php?2,124378,124582.
+ ## This is preferable to using:
+ ## fastcgi_split_path_info ^(.+\.php)(.*)$
+ ## It saves one regex in the location. Hence it's faster.
+ location ~ ^(?