From ac2ec3457df6b699916864f26a89a1cc6fcadd9d Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Tue, 5 Apr 2016 11:33:33 -0700 Subject: [PATCH 01/35] NcursesDisplay.menu: treat ESC as cancel Currently it will fire a weird traceback like: File "/home/ubuntu/letsencrypt/letsencrypt/plugins/selection.py", line 113, in choose_plugin code, index = disp.menu(question, opts, help_label="More Info") File "/home/ubuntu/letsencrypt/letsencrypt/display/util.py", line 129, in menu return code, int(index) - 1 ValueError: invalid literal for int() with base 10: '' --- letsencrypt/display/util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/display/util.py b/letsencrypt/display/util.py index 20c6be156..40dd00f8b 100644 --- a/letsencrypt/display/util.py +++ b/letsencrypt/display/util.py @@ -123,7 +123,7 @@ class NcursesDisplay(object): # pylint: disable=star-args code, index = self.dialog.menu(message, **menu_options) - if code == CANCEL: + if code == CANCEL or index == "": return code, -1 return code, int(index) - 1 From 8a28cb7352eb5d534e79cdd213ede8fd8283dedb Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 22 Jun 2016 15:50:21 -0700 Subject: [PATCH 02/35] Implement Brad's more systematic solution for this --- certbot/display/util.py | 33 ++++++++++++++++++++++-------- certbot/tests/display/util_test.py | 1 + 2 files changed, 25 insertions(+), 9 deletions(-) diff --git a/certbot/display/util.py b/certbot/display/util.py index 683dbc037..c998f78f3 100644 --- a/certbot/display/util.py +++ b/certbot/display/util.py @@ -29,7 +29,6 @@ CANCEL = "cancel" HELP = "help" """Display exit code when for when the user requests more help.""" - def _wrap_lines(msg): """Format lines nicely to 80 chars. @@ -51,6 +50,21 @@ def _wrap_lines(msg): return os.linesep.join(fixed_l) + +def _clean(dialog_result): + """Work around inconsistent return codes from python-dialog. + + :param tuple dialog_result: (code, result) + :returns: the argument but with unknown codes set to -1 (Error) + :rtype: tuple + """ + code, result = dialog_result + if code in (OK, HELP): + return dialog_result + else: + return (CANCEL, result) + + @zope.interface.implementer(interfaces.IDisplay) class NcursesDisplay(object): """Ncurses-based display.""" @@ -92,7 +106,7 @@ class NcursesDisplay(object): :param dict unused_kwargs: absorbs default / cli_args :returns: tuple of the form (`code`, `index`) where - `code` - int display exit code + `code` - display exit code `int` - index of the selected item :rtype: tuple @@ -111,7 +125,7 @@ class NcursesDisplay(object): # Can accept either tuples or just the actual choices if choices and isinstance(choices[0], tuple): # pylint: disable=star-args - code, selection = self.dialog.menu(message, **menu_options) + code, selection = _clean(self.dialog.menu(message, **menu_options)) # Return the selection index for i, choice in enumerate(choices): @@ -126,7 +140,7 @@ class NcursesDisplay(object): (str(i), choice) for i, choice in enumerate(choices, 1) ] # pylint: disable=star-args - code, index = self.dialog.menu(message, **menu_options) + code, index = _clean(self.dialog.menu(message, **menu_options)) if code == CANCEL or index == "": return code, -1 @@ -140,7 +154,7 @@ class NcursesDisplay(object): :param dict _kwargs: absorbs default / cli_args :returns: tuple of the form (`code`, `string`) where - `code` - int display exit code + `code` - display exit code `string` - input entered by the user """ @@ -148,7 +162,7 @@ class NcursesDisplay(object): # each section takes at least one line, plus extras if it's longer than self.width wordlines = [1 + (len(section) / self.width) for section in sections] height = 6 + sum(wordlines) + len(sections) - return self.dialog.inputbox(message, width=self.width, height=height) + return _clean(self.dialog.inputbox(message, width=self.width, height=height)) def yesno(self, message, yes_label="Yes", no_label="No", **unused_kwargs): """Display a Yes/No dialog box. @@ -164,6 +178,7 @@ class NcursesDisplay(object): :rtype: bool """ + assert OK == self.dialog.DIALOG_OK, "What kind of absurdity is this?" return self.dialog.DIALOG_OK == self.dialog.yesno( message, self.height, self.width, yes_label=yes_label, no_label=no_label) @@ -179,7 +194,7 @@ class NcursesDisplay(object): :returns: tuple of the form (`code`, `list_tags`) where - `code` - int display exit code + `code` - display exit code `list_tags` - list of str tags selected by the user """ @@ -193,7 +208,7 @@ class NcursesDisplay(object): :param str message: prompt to give the user :returns: tuple of the form (`code`, `string`) where - `code` - int display exit code + `code` - display exit code `string` - input entered by the user """ @@ -355,7 +370,7 @@ class FileDisplay(object): :param str message: prompt to give the user :returns: tuple of the form (`code`, `string`) where - `code` - int display exit code + `code` - display exit code `string` - input entered by the user """ diff --git a/certbot/tests/display/util_test.py b/certbot/tests/display/util_test.py index 4a38803d1..94338118d 100644 --- a/certbot/tests/display/util_test.py +++ b/certbot/tests/display/util_test.py @@ -96,6 +96,7 @@ class NcursesDisplayTest(unittest.TestCase): @mock.patch("certbot.display.util." "dialog.Dialog.inputbox") def test_input(self, mock_input): + mock_input.return_value = (mock.MagicMock(), mock.MagicMock()) self.displayer.input("message") self.assertEqual(mock_input.call_count, 1) From 23f0ccbc8ee7f03b094c96fd2f776919b4f72d7c Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Sat, 25 Jun 2016 12:22:45 -0700 Subject: [PATCH 03/35] Address review issues --- certbot/display/util.py | 21 ++++++++++++++++----- certbot/tests/display/util_test.py | 2 ++ 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/certbot/display/util.py b/certbot/display/util.py index c998f78f3..4e7d45741 100644 --- a/certbot/display/util.py +++ b/certbot/display/util.py @@ -1,4 +1,5 @@ """Certbot display.""" +import logging import os import textwrap @@ -9,6 +10,9 @@ from certbot import interfaces from certbot import errors from certbot.display import completer + +logger = logging.getLogger(__name__) + WIDTH = 72 HEIGHT = 20 @@ -29,6 +33,10 @@ CANCEL = "cancel" HELP = "help" """Display exit code when for when the user requests more help.""" +ESC = "esc" +"""Display exit code when the user hits Escape""" + + def _wrap_lines(msg): """Format lines nicely to 80 chars. @@ -52,7 +60,7 @@ def _wrap_lines(msg): def _clean(dialog_result): - """Work around inconsistent return codes from python-dialog. + """Treat sundy python-dialog return codes as CANCEL :param tuple dialog_result: (code, result) :returns: the argument but with unknown codes set to -1 (Error) @@ -61,7 +69,10 @@ def _clean(dialog_result): code, result = dialog_result if code in (OK, HELP): return dialog_result + elif code in (CANCEL, ESC): + return (CANCEL, result) else: + logger.info("Surprising dialog return code %s", code) return (CANCEL, result) @@ -199,8 +210,8 @@ class NcursesDisplay(object): """ choices = [(tag, "", default_status) for tag in tags] - return self.dialog.checklist( - message, width=self.width, height=self.height, choices=choices) + return _clean(self.dialog.checklist( + message, width=self.width, height=self.height, choices=choices)) def directory_select(self, message, **unused_kwargs): """Display a directory selection screen. @@ -213,9 +224,9 @@ class NcursesDisplay(object): """ root_directory = os.path.abspath(os.sep) - return self.dialog.dselect( + return _clean(self.dialog.dselect( filepath=root_directory, width=self.width, - height=self.height, help_button=True, title=message) + height=self.height, help_button=True, title=message)) @zope.interface.implementer(interfaces.IDisplay) diff --git a/certbot/tests/display/util_test.py b/certbot/tests/display/util_test.py index 94338118d..a6ced90ab 100644 --- a/certbot/tests/display/util_test.py +++ b/certbot/tests/display/util_test.py @@ -113,6 +113,7 @@ class NcursesDisplayTest(unittest.TestCase): @mock.patch("certbot.display.util." "dialog.Dialog.checklist") def test_checklist(self, mock_checklist): + mock_checklist.return_value = (mock.MagicMock(), mock.MagicMock()) self.displayer.checklist("message", TAGS) choices = [ @@ -126,6 +127,7 @@ class NcursesDisplayTest(unittest.TestCase): @mock.patch("certbot.display.util.dialog.Dialog.dselect") def test_directory_select(self, mock_dselect): + mock_dselect.return_value = (mock.MagicMock(), mock.MagicMock()) self.displayer.directory_select("message") self.assertEqual(mock_dselect.call_count, 1) From 8c3e443de9d26d0e722956107db8a36134c0134c Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 30 Jun 2016 15:07:28 -0700 Subject: [PATCH 04/35] First attempt at mitigating #3206 --- certbot-nginx/certbot_nginx/nginxparser.py | 31 +++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/certbot-nginx/certbot_nginx/nginxparser.py b/certbot-nginx/certbot_nginx/nginxparser.py index d6c352296..895c4f8a3 100644 --- a/certbot-nginx/certbot_nginx/nginxparser.py +++ b/certbot-nginx/certbot_nginx/nginxparser.py @@ -38,19 +38,42 @@ class RawNginxParser(object): assignment = space + key + Optional(space + value, default=None) + semicolon location_statement = space + Optional(modifier) + Optional(space + location + space) if_statement = space + Literal("if") + space + condition + space + map_statement = space + Literal("map") + space + nonspace + space + dollar_var + space + + # This is NOT an accurate way to parse nginx map entries; it's almost + # certianly too permissive and may be wrong in other ways, but it should + # preserve things correctly in mmmmost or all cases. + # - it sometimes splits the two tokens incorrectly eg + # '''"~Opera Mini" 1''' -> ['"~Opera', ' Mini" 1'] + # - I can neither prove nor disprove that it is corect wrt all escaped + # semicolon situations + # Addresses https://github.com/fatiherikli/nginxparser/issues/19 + + map_entry = space + nonspace + value + space + semicolon + map_block = Forward() + map_block << Group( + # key could for instance be "server" or "http", or "location" (in which case + # location_statement needs to have a non-empty location) + Group(map_statement).leaveWhitespace() + + left_bracket + + Group(ZeroOrMore(Group(comment | map_entry)) + space).leaveWhitespace() + + right_bracket) + + block = Forward() block << Group( # key could for instance be "server" or "http", or "location" (in which case # location_statement needs to have a non-empty location) - (Group(space + key + location_statement) ^ Group(if_statement) ^ - Group(map_statement)).leaveWhitespace() + + (Group(space + key + location_statement) ^ Group(if_statement)).leaveWhitespace() + left_bracket + - Group(ZeroOrMore(Group(comment | assignment) | block) + space).leaveWhitespace() + + Group(ZeroOrMore(Group(comment | assignment) | block | map_block) + space).leaveWhitespace() + right_bracket) - script = OneOrMore(Group(comment | assignment) ^ block) + space + stringEnd + + + script = OneOrMore(Group(comment | assignment) ^ block ^ map_block) + space + stringEnd script.parseWithTabs() def __init__(self, source): From db8ddac4e252780fb4015298b7cbe0388d340f10 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 30 Jun 2016 15:13:35 -0700 Subject: [PATCH 05/35] lint & tweak --- certbot-nginx/certbot_nginx/nginxparser.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/certbot-nginx/certbot_nginx/nginxparser.py b/certbot-nginx/certbot_nginx/nginxparser.py index 895c4f8a3..50ed41eb9 100644 --- a/certbot-nginx/certbot_nginx/nginxparser.py +++ b/certbot-nginx/certbot_nginx/nginxparser.py @@ -40,7 +40,6 @@ class RawNginxParser(object): if_statement = space + Literal("if") + space + condition + space map_statement = space + Literal("map") + space + nonspace + space + dollar_var + space - # This is NOT an accurate way to parse nginx map entries; it's almost # certianly too permissive and may be wrong in other ways, but it should # preserve things correctly in mmmmost or all cases. @@ -49,7 +48,6 @@ class RawNginxParser(object): # - I can neither prove nor disprove that it is corect wrt all escaped # semicolon situations # Addresses https://github.com/fatiherikli/nginxparser/issues/19 - map_entry = space + nonspace + value + space + semicolon map_block = Forward() map_block << Group( @@ -60,18 +58,14 @@ class RawNginxParser(object): Group(ZeroOrMore(Group(comment | map_entry)) + space).leaveWhitespace() + right_bracket) - block = Forward() - block << Group( # key could for instance be "server" or "http", or "location" (in which case # location_statement needs to have a non-empty location) (Group(space + key + location_statement) ^ Group(if_statement)).leaveWhitespace() + left_bracket + - Group(ZeroOrMore(Group(comment | assignment) | block | map_block) + space).leaveWhitespace() + - right_bracket) - - + Group(ZeroOrMore(Group(comment | assignment) | block | map_block) + space).leaveWhitespace() + + right_bracket) script = OneOrMore(Group(comment | assignment) ^ block ^ map_block) + space + stringEnd script.parseWithTabs() From be8f0bc53b657fdf3a104c355858c396f96eb6a0 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 30 Jun 2016 15:29:38 -0700 Subject: [PATCH 06/35] Do a better job of parsing map patterns --- certbot-nginx/certbot_nginx/nginxparser.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/certbot-nginx/certbot_nginx/nginxparser.py b/certbot-nginx/certbot_nginx/nginxparser.py index 50ed41eb9..0cc912515 100644 --- a/certbot-nginx/certbot_nginx/nginxparser.py +++ b/certbot-nginx/certbot_nginx/nginxparser.py @@ -27,6 +27,8 @@ class RawNginxParser(object): condition = Regex(r"\(.+\)") # Matches anything that is not a special character AND any chars in single # or double quotes + # All of these COULD be upgraded to something like + # https://stackoverflow.com/a/16130746 value = Regex(r"((\".*\")?(\'.*\')?[^\{\};,]?)+") location = CharsNotIn("{};," + string.whitespace) # modifier for location uri [ = | ~ | ~* | ^~ ] @@ -43,14 +45,13 @@ class RawNginxParser(object): # This is NOT an accurate way to parse nginx map entries; it's almost # certianly too permissive and may be wrong in other ways, but it should # preserve things correctly in mmmmost or all cases. - # - it sometimes splits the two tokens incorrectly eg - # '''"~Opera Mini" 1''' -> ['"~Opera', ' Mini" 1'] + # # - I can neither prove nor disprove that it is corect wrt all escaped # semicolon situations # Addresses https://github.com/fatiherikli/nginxparser/issues/19 - map_entry = space + nonspace + value + space + semicolon - map_block = Forward() - map_block << Group( + map_pattern = Regex(r'".*"') | Regex(r"'.*'") | nonspace + map_entry = space + map_pattern + space + value + space + semicolon + map_block = Group( # key could for instance be "server" or "http", or "location" (in which case # location_statement needs to have a non-empty location) Group(map_statement).leaveWhitespace() + From a9abc7b39e89ee26c116244e528d49931f922252 Mon Sep 17 00:00:00 2001 From: sagi Date: Fri, 1 Jul 2016 15:17:37 +0000 Subject: [PATCH 07/35] typo --- certbot-apache/certbot_apache/configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 89d602f5f..fdc0f37d8 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -874,7 +874,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if self._sift_line(line): if not sift: new_file.write( - "# Some rewrite rules in this file were " + "# Some rewrite rules in this file " "were disabled on your HTTPS site,\n" "# because they have the potential to " "create redirection loops.\n") From 15ba12ed4647990d8e72f244a682c00327493443 Mon Sep 17 00:00:00 2001 From: sagi Date: Fri, 1 Jul 2016 21:06:16 +0000 Subject: [PATCH 08/35] Parsing State Machine + some tests --- certbot-apache/certbot_apache/configurator.py | 64 ++++++++++++++++--- .../certbot_apache/tests/configurator_test.py | 11 ++-- 2 files changed, 61 insertions(+), 14 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index fdc0f37d8..23c7a0c29 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -819,7 +819,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): else: return non_ssl_vh_fp + self.conf("le_vhost_ext") - def _sift_line(self, line): + def _sift_rewrite_rule(self, line): """Decides whether a line should be copied to a SSL vhost. A canonical example of when sifting a line is required: @@ -861,7 +861,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): A new file is created on the filesystem. """ - # First register the creation so that it is properly removed if + # First register the creation so thatu it is properly removed if # configuration is rolled back self.reverter.register_file_creation(False, ssl_fp) sift = False @@ -870,18 +870,62 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): with open(avail_fp, "r") as orig_file: with open(ssl_fp, "w") as new_file: new_file.write("\n") + + comment = ("# Some rewrite rules in this file were " + "disabled on your HTTPS site,\n" + "# because they have the potential to create " + "redirection loops.\n") + for line in orig_file: - if self._sift_line(line): + A = line.lstrip().startswith("RewriteCond") + B = line.lstrip().startswith("RewriteRule") + + if not (A or B): + new_file.write(line) + continue + + # A RewriteRule that doesn't need filtering + if B and not self._sift_rewrite_rule(line): + new_file.write(line) + continue + + # A RewriteRule that does need filtering + if B and self._sift_rewrite_rule(line): if not sift: - new_file.write( - "# Some rewrite rules in this file " - "were disabled on your HTTPS site,\n" - "# because they have the potential to " - "create redirection loops.\n") + new_file.write(comment) sift = True new_file.write("# " + line) - else: - new_file.write(line) + continue + + # We save RewriteCond(s) and their corresponding + # RewriteRule in 'chunk'. + # We then decide whether we comment out the entire + # chunk based on its RewriteRule. + chunk = [] + if A: + chunk.append(line) + line = next(orig_file) + + # RewriteCond(s) must be followed by one RewriteRule + while not line.lstrip().startswith("RewriteRule"): + chunk.append(line) + line = next(orig_file) + + # Now, current line must start with a RewriteRule + chunk.append(line) + + if self._sift_rewrite_rule(line): + if not sift: + new_file.write(comment) + sift = True + + new_file.write(''.join( + ['# ' + l for l in chunk])) + continue + else: + new_file.write(''.join(chunk)) + continue + new_file.write("\n") except IOError: logger.fatal("Error writing/reading to file in make_vhost_ssl") diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index 9a034c3e0..5a8684c9a 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -1110,16 +1110,19 @@ class MultipleVhostsTest(util.ApacheTest): self.config._enable_redirect(self.vh_truth[1], "") self.assertEqual(len(self.config.vhosts), 9) - def test_sift_line(self): + def test_sift_rewrite_rule(self): # pylint: disable=protected-access small_quoted_target = "RewriteRule ^ \"http://\"" - self.assertFalse(self.config._sift_line(small_quoted_target)) + self.assertFalse(self.config._sift_rewrite_rule(small_quoted_target)) https_target = "RewriteRule ^ https://satoshi" - self.assertTrue(self.config._sift_line(https_target)) + self.assertTrue(self.config._sift_rewrite_rule(https_target)) normal_target = "RewriteRule ^/(.*) http://www.a.com:1234/$1 [L,R]" - self.assertFalse(self.config._sift_line(normal_target)) + self.assertFalse(self.config._sift_rewrite_rule(normal_target)) + + not_rewriterule = "NotRewriteRule ^ ..." + self.assertFalse(self.config._sift_rewrite_rule(not_rewriterule)) @mock.patch("certbot_apache.configurator.zope.component.getUtility") def test_make_vhost_ssl_with_existing_rewrite_rule(self, mock_get_utility): From 74593607803e67818ab23b0e3f7a772ee99bc417 Mon Sep 17 00:00:00 2001 From: sagi Date: Fri, 1 Jul 2016 22:08:37 +0000 Subject: [PATCH 09/35] Add more test cases --- .../certbot_apache/tests/configurator_test.py | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index 5a8684c9a..57c6a8009 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -1151,7 +1151,61 @@ class MultipleVhostsTest(util.ApacheTest): "[L,QSA,R=permanent]") self.assertTrue(commented_rewrite_rule in conf_text) mock_get_utility().add_message.assert_called_once_with(mock.ANY, + mock.ANY) + @mock.patch("certbot_apache.configurator.zope.component.getUtility") + def test_make_vhost_ssl_with_existing_rewrite_conds(self, mock_get_utility): + self.config.parser.modules.add("rewrite_module") + + http_vhost = self.vh_truth[0] + + self.config.parser.add_dir( + http_vhost.path, "RewriteEngine", "on") + + # Add a chunk that should not be commented out. + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{DOCUMENT_ROOT}/%{REQUEST_FILENAME}", "!-f"]) + self.config.parser.add_dir( + http_vhost.path, "RewriteRule", + ["^(.*)$", "b://u%{REQUEST_URI}", "[P,QSA,L]"]) + + # Add a chunk that should be commented out. + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{HTTPS}", "!=on"]) + self.config.parser.add_dir(http_vhost.path, + "RewriteCond", ["%{HTTPS}", "!^$"]) + self.config.parser.add_dir( + http_vhost.path, "RewriteRule", + ["^", + "https://%{SERVER_NAME}%{REQUEST_URI}", + "[L,QSA,R=permanent]"]) + + self.config.save() + + ssl_vhost = self.config.make_vhost_ssl(self.vh_truth[0]) + + conf_line_set = set(open(ssl_vhost.filep).read().splitlines()) + + not_commented_cond1 = ("RewriteCond " + "%{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f") + not_commented_rewrite_rule = ("RewriteRule " + "^(.*)$ b://u%{REQUEST_URI} [P,QSA,L]") + + commented_cond1 = "# RewriteCond %{HTTPS} !=on" + commented_cond2 = "# RewriteCond %{HTTPS} !^$" + commented_rewrite_rule = ("# RewriteRule ^ " + "https://%{SERVER_NAME}%{REQUEST_URI} " + "[L,QSA,R=permanent]") + + self.assertTrue(not_commented_cond1 in conf_line_set) + self.assertTrue(not_commented_rewrite_rule in conf_line_set) + + self.assertTrue(commented_cond1 in conf_line_set) + self.assertTrue(commented_cond2 in conf_line_set) + self.assertTrue(commented_rewrite_rule in conf_line_set) + mock_get_utility().add_message.assert_called_once_with(mock.ANY, + mock.ANY) + def get_achalls(self): """Return testing achallenges.""" From 0e9622322a89f8efbeb149d4ccf8cb33ddc19660 Mon Sep 17 00:00:00 2001 From: sagi Date: Fri, 1 Jul 2016 22:17:41 +0000 Subject: [PATCH 10/35] typo --- certbot-apache/certbot_apache/configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 23c7a0c29..0a24759dc 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -861,7 +861,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): A new file is created on the filesystem. """ - # First register the creation so thatu it is properly removed if + # First register the creation so that it is properly removed if # configuration is rolled back self.reverter.register_file_creation(False, ssl_fp) sift = False From 2cd4f6f008a9762db08f053084cbabd2d53c7384 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 5 Jul 2016 14:14:31 -0700 Subject: [PATCH 11/35] update FreeBSD package name --- docs/using.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/using.rst b/docs/using.rst index fb96bb853..806dfb340 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -429,7 +429,7 @@ Operating System Packages **FreeBSD** * Port: ``cd /usr/ports/security/py-certbot && make install clean`` - * Package: ``pkg install py27-letsencrypt`` + * Package: ``pkg install py27-certbot`` **OpenBSD** From fd35a1c724ae2d1501fc64ac6be945fb5c7b8786 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 6 Jul 2016 12:40:24 -0700 Subject: [PATCH 12/35] Explain why Apache [appears] not to be installed Would help debug #3244 --- certbot-apache/certbot_apache/configurator.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 89d602f5f..d1c2b7165 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -157,8 +157,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): raise errors.NoInstallationError("Problem in Augeas installation") # Verify Apache is installed - if not util.exe_exists(constants.os_constant("restart_cmd")[0]): - raise errors.NoInstallationError + restart_cmd = constants.os_constant("restart_cmd")[0] + if not util.exe_exists(restart_cmd): + raise errors.NoInstallationError( + 'Cannot find Apache install ({0} not in PATH)'.format(restart_cmd)) # Make sure configuration is valid self.config_test() From 4b84538c8c9c0bb852eb2874cf38cc144dbd3f0d Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 6 Jul 2016 12:57:16 -0700 Subject: [PATCH 13/35] Address review comments --- certbot/display/util.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/certbot/display/util.py b/certbot/display/util.py index 4e7d45741..39486b2bd 100644 --- a/certbot/display/util.py +++ b/certbot/display/util.py @@ -72,7 +72,7 @@ def _clean(dialog_result): elif code in (CANCEL, ESC): return (CANCEL, result) else: - logger.info("Surprising dialog return code %s", code) + logger.debug("Surprising dialog return code %s", code) return (CANCEL, result) @@ -83,6 +83,7 @@ class NcursesDisplay(object): def __init__(self, width=WIDTH, height=HEIGHT): super(NcursesDisplay, self).__init__() self.dialog = dialog.Dialog() + assert OK == self.dialog.DIALOG_OK, "What kind of absurdity is this?" self.width = width self.height = height @@ -189,7 +190,6 @@ class NcursesDisplay(object): :rtype: bool """ - assert OK == self.dialog.DIALOG_OK, "What kind of absurdity is this?" return self.dialog.DIALOG_OK == self.dialog.yesno( message, self.height, self.width, yes_label=yes_label, no_label=no_label) From 83857baf30bd6a25ce29612885666a3fdd30abf6 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 6 Jul 2016 13:25:52 -0700 Subject: [PATCH 14/35] Update / cleanup installer error message Closes: #1756 Updating since we landed #788 and have shipped Apache support almost everywhere --- certbot/plugins/selection.py | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/certbot/plugins/selection.py b/certbot/plugins/selection.py index ac509d779..1d7fa323f 100644 --- a/certbot/plugins/selection.py +++ b/certbot/plugins/selection.py @@ -260,14 +260,9 @@ def diagnose_configurator_problem(cfg_type, requested, plugins): "your existing configuration.\nThe error was: {1!r}" .format(requested, plugins[requested].problem)) elif cfg_type == "installer": - if os.path.exists("/etc/debian_version"): - # Debian... installers are at least possible - msg = ('No installers seem to be present and working on your system; ' - 'fix that or try running certbot with the "certonly" command') - else: - # XXX update this logic as we make progress on #788 and nginx support - msg = ('No installers are available on your OS yet; try running ' - '"letsencrypt-auto certonly" to get a cert you can install manually') + msg = ('No installer plugins seem to be present and working on your system; ' + 'fix that or try running certbot with the "certonly" command to obtain' + ' a certificate you can install manually') else: msg = "{0} could not be determined or is not installed".format(cfg_type) raise errors.PluginSelectionError(msg) From fd35e407ca221e145805cdb88d76dc8b094d4e2d Mon Sep 17 00:00:00 2001 From: Robert Buchholz Date: Thu, 7 Jul 2016 11:20:52 +0200 Subject: [PATCH 15/35] Reference certbot-auto in CLI help --- certbot/cli.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/certbot/cli.py b/certbot/cli.py index 35b3b74ae..470267029 100644 --- a/certbot/cli.py +++ b/certbot/cli.py @@ -721,10 +721,10 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False): # pylint: dis "(both can be renewed in parallel)") helpful.add( "automation", "--os-packages-only", action="store_true", - help="(letsencrypt-auto only) install OS package dependencies and then stop") + help="(certbot-auto only) install OS package dependencies and then stop") helpful.add( "automation", "--no-self-upgrade", action="store_true", - help="(letsencrypt-auto only) prevent the letsencrypt-auto script from" + help="(certbot-auto only) prevent the certbot-auto script from" " upgrading itself to newer released versions") helpful.add( "automation", "-q", "--quiet", dest="quiet", action="store_true", @@ -737,7 +737,7 @@ def prepare_and_parse_args(plugins, args, detect_defaults=False): # pylint: dis "really know what you're doing!") helpful.add( "testing", "--debug", action="store_true", - help="Show tracebacks in case of errors, and allow letsencrypt-auto " + help="Show tracebacks in case of errors, and allow certbot-auto " "execution on experimental platforms") helpful.add( "testing", "--no-verify-ssl", action="store_true", From 40449ed2747634ae77928cae45424e5031a66c5b Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 12:49:41 -0700 Subject: [PATCH 16/35] Add single _PERM_ERR_FMT string --- certbot/main.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/certbot/main.py b/certbot/main.py index be68d694e..8e47e736a 100644 --- a/certbot/main.py +++ b/certbot/main.py @@ -36,6 +36,12 @@ from certbot.display import util as display_util, ops as display_ops from certbot.plugins import disco as plugins_disco from certbot.plugins import selection as plug_sel + +_PERM_ERR_FMT = ("An error occurred while trying to create or modify {0}. To " + "run as non-root, set --config-dir, --logs-dir, and " + "--work-dir to writeable paths.") + + logger = logging.getLogger(__name__) From 9ae755ef4cf3f8f4978d7c5594d6d16ed835a1f5 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 12:53:09 -0700 Subject: [PATCH 17/35] simplify log file error handling --- certbot/main.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/certbot/main.py b/certbot/main.py index 8e47e736a..d3f90926a 100644 --- a/certbot/main.py +++ b/certbot/main.py @@ -2,7 +2,6 @@ from __future__ import print_function import atexit import dialog -import errno import functools import logging.handlers import os @@ -602,13 +601,8 @@ def setup_log_file_handler(config, logfile, fmt): try: handler = logging.handlers.RotatingFileHandler( log_file_path, maxBytes=2 ** 20, backupCount=10) - except IOError as e: - if e.errno == errno.EACCES: - msg = ("Access denied writing to {0}. To run as non-root, set " + - "--logs-dir, --config-dir, --work-dir to writable paths.") - raise errors.Error(msg.format(log_file_path)) - else: - raise + except IOError: + raise errors.Error(_PERM_ERR_FMT.format(log_file_path)) # rotate on each invocation, rollover only possible when maxBytes # is nonzero and backupCount is nonzero, so we set maxBytes as big # as possible not to overrun in single CLI invocation (1MB). From f3c6bac31065a200e1a2b79579c907279d48af1b Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 13:02:28 -0700 Subject: [PATCH 18/35] stop spacing out --- certbot/tests/main_test.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/certbot/tests/main_test.py b/certbot/tests/main_test.py index 66cba64a3..d044a50b7 100644 --- a/certbot/tests/main_test.py +++ b/certbot/tests/main_test.py @@ -1,10 +1,8 @@ """Tests for certbot.main.""" import unittest - import mock - from certbot import cli from certbot import configuration from certbot.plugins import disco as plugins_disco From 4f35f3fdf7e8631282d11d3c7a854770dd02dccf Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 13:07:49 -0700 Subject: [PATCH 19/35] Add SetupLogFileHandlerTest --- certbot/tests/main_test.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/certbot/tests/main_test.py b/certbot/tests/main_test.py index d044a50b7..5f6723bd7 100644 --- a/certbot/tests/main_test.py +++ b/certbot/tests/main_test.py @@ -1,10 +1,13 @@ """Tests for certbot.main.""" +import shutil +import tempfile import unittest import mock from certbot import cli from certbot import configuration +from certbot import errors from certbot.plugins import disco as plugins_disco @@ -42,5 +45,26 @@ class ObtainCertTest(unittest.TestCase): self.assertFalse(pause) +class SetupLogFileHandlerTest(unittest.TestCase): + """Tests for certbot.main.setup_log_file_handler.""" + + def setUp(self): + self.config = mock.Mock(spec_set=['logs_dir'], + logs_dir=tempfile.mkdtemp()) + + def tearDown(self): + shutil.rmtree(self.config.logs_dir) + + def _call(self, *args, **kwargs): + from certbot.main import setup_log_file_handler + return setup_log_file_handler(*args, **kwargs) + + @mock.patch('certbot.main.logging.handlers.RotatingFileHandler') + def test_ioerror(self, mock_handler): + mock_handler.side_effect = IOError + self.assertRaises(errors.Error, self._call, + self.config, "test.log", "%s") + + if __name__ == '__main__': unittest.main() # pragma: no cover From 754b7956b3003cc75b2b1a11e40d86a6bf6828f3 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 6 Jul 2016 15:49:22 -0700 Subject: [PATCH 20/35] Make the error even more informative --- certbot-apache/certbot_apache/configurator.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index d1c2b7165..0c95fe18e 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -159,8 +159,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): + logger.warn("Failed to find %s in PATH: %s", restart_cmd, os.environ["PATH"]) raise errors.NoInstallationError( - 'Cannot find Apache install ({0} not in PATH)'.format(restart_cmd)) + 'Cannot find Apache control command {0}'.format(restart_cmd)) # Make sure configuration is valid self.config_test() From a322f44f2b7c0ef0302de956ed068671cf4ef32f Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 7 Jul 2016 17:54:39 -0700 Subject: [PATCH 21/35] Implement PATH fallback for apachectl search --- certbot-apache/certbot_apache/configurator.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 0c95fe18e..c9a00a64e 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -159,9 +159,16 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): - logger.warn("Failed to find %s in PATH: %s", restart_cmd, os.environ["PATH"]) - raise errors.NoInstallationError( - 'Cannot find Apache control command {0}'.format(restart_cmd)) + # mitigate https://github.com/certbot/certbot/issues/1833 + logger.debug("Can't find %s, attempting PATH mitigation by adding " + "/usr/sbin/ and /usr/local/bin/", restart_cmd) + os.environ["PATH"] = os.pathsep.join((os.environ["PATH"], "/usr/sbin/", + "/usr/local/bin/")) + if not util.exe_exists(restart_cmd): + logger.warn("Failed to find %s in expanded PATH: %s", + restart_cmd, os.environ["PATH"]) + raise errors.NoInstallationError( + 'Cannot find Apache control command {0}'.format(restart_cmd)) # Make sure configuration is valid self.config_test() From cecac803a09c8c934f6fbe14bbe9204467d7174b Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Thu, 7 Jul 2016 18:17:45 -0700 Subject: [PATCH 22/35] Do this more cleanly --- certbot-apache/certbot_apache/configurator.py | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index c9a00a64e..329e62135 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -141,6 +141,20 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): return os.path.join(self.config.config_dir, constants.MOD_SSL_CONF_DEST) + def _path_surgery(self): + """Mitigate https://github.com/certbot/certbot/issues/1833""" + dirs = ("/usr/sbin/", "/usr/local/bin/", "/usr/local/sbin/") + path = os.environ["PATH"] + added = [] + for d in dirs: + if d not in path: + path += os.pathsep + d + added.append(d) + if any(added): + logger.debug("Can't find %s, attempting PATH mitigation by adding %s" + restart_cmd, os.pathsep.join(added)) + os.environ["PATH"] = path + def prepare(self): """Prepare the authenticator/installer. @@ -159,11 +173,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): - # mitigate https://github.com/certbot/certbot/issues/1833 - logger.debug("Can't find %s, attempting PATH mitigation by adding " - "/usr/sbin/ and /usr/local/bin/", restart_cmd) - os.environ["PATH"] = os.pathsep.join((os.environ["PATH"], "/usr/sbin/", - "/usr/local/bin/")) + self._path_surgery() if not util.exe_exists(restart_cmd): logger.warn("Failed to find %s in expanded PATH: %s", restart_cmd, os.environ["PATH"]) From 757a8ddae7c5ac1a8acd500cda9b1f7505fc4963 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Fri, 8 Jul 2016 00:37:52 -0700 Subject: [PATCH 23/35] Fixes & tests --- certbot-apache/certbot_apache/configurator.py | 20 +++++++++----- .../certbot_apache/tests/configurator_test.py | 26 +++++++++++++++++++ 2 files changed, 39 insertions(+), 7 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 329e62135..12cba34f1 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -141,9 +141,13 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): return os.path.join(self.config.config_dir, constants.MOD_SSL_CONF_DEST) - def _path_surgery(self): - """Mitigate https://github.com/certbot/certbot/issues/1833""" - dirs = ("/usr/sbin/", "/usr/local/bin/", "/usr/local/sbin/") + def _path_surgery(self, restart_cmd): + """Mitigate https://github.com/certbot/certbot/issues/1833 + + :returns: " expanded" if an expansion of the PATH occurred; + "" otherwise + """ + dirs = ("/usr/sbin", "/usr/local/bin", "/usr/local/sbin") path = os.environ["PATH"] added = [] for d in dirs: @@ -151,9 +155,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): path += os.pathsep + d added.append(d) if any(added): - logger.debug("Can't find %s, attempting PATH mitigation by adding %s" + logger.debug("Can't find %s, attempting PATH mitigation by adding %s", restart_cmd, os.pathsep.join(added)) os.environ["PATH"] = path + return " expanded" + return "" def prepare(self): """Prepare the authenticator/installer. @@ -173,10 +179,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): - self._path_surgery() + expanded = self._path_surgery(restart_cmd) if not util.exe_exists(restart_cmd): - logger.warn("Failed to find %s in expanded PATH: %s", - restart_cmd, os.environ["PATH"]) + logger.warn("Failed to find %s in %s PATH: %s", + restart_cmd, expanded, os.environ["PATH"]) raise errors.NoInstallationError( 'Cannot find Apache control command {0}'.format(restart_cmd)) diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index 9a034c3e0..d5139912e 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -86,6 +86,32 @@ class MultipleVhostsTest(util.ApacheTest): self.assertRaises( errors.NotSupportedError, self.config.prepare) + @mock.patch("certbot_apache.configurator.logger.debug") + def test_path_surgery(self, mock_debug): + # pylint: disable=protected-access + all_path = {"PATH": "/usr/local/bin:/bin/:/usr/sbin/:/usr/local/sbin/"} + with mock.patch.dict('os.environ', all_path): + self.config._path_surgery("thingy") + self.assertEquals(mock_debug.call_count, 0) + self.assertEquals(os.environ["PATH"], all_path["PATH"]) + no_path = {"PATH": "/tmp/"} + with mock.patch.dict('os.environ', no_path): + self.config._path_surgery("thingy") + self.assertEquals(mock_debug.call_count, 1) + self.assertTrue("/usr/local/bin" in os.environ["PATH"]) + self.assertTrue("/tmp" in os.environ["PATH"]) + + @mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas") + @mock.patch("certbot_apache.configurator.ApacheConfigurator._path_surgery") + @mock.patch("certbot_apache.configurator.logger.warn") + def test_no_install(self, mock_warn, mock_surgery, _init_augeas): + silly_path = {"PATH": "/tmp/nothingness2342"} + with mock.patch.dict('os.environ', silly_path): + self.assertRaises(errors.NoInstallationError, self.config.prepare) + self.assertEquals(mock_warn.call_count, 1) + self.assertEquals(mock_surgery.call_count, 1) + self.assertTrue("Failed to find" in mock_warn.call_args[0][0]) + def test_add_parser_arguments(self): # pylint: disable=no-self-use from certbot_apache.configurator import ApacheConfigurator # Weak test.. From 0bedeb449a239e79ccba3989c12ba07b3c93e363 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Fri, 8 Jul 2016 13:58:39 -0700 Subject: [PATCH 24/35] Refactor path_surgery into plugins.util so that nginx can call it --- certbot-apache/certbot_apache/configurator.py | 25 +----------- .../certbot_apache/tests/configurator_test.py | 38 ++++--------------- certbot/plugins/util.py | 30 +++++++++++++++ certbot/plugins/util_test.py | 24 ++++++++++++ 4 files changed, 64 insertions(+), 53 deletions(-) diff --git a/certbot-apache/certbot_apache/configurator.py b/certbot-apache/certbot_apache/configurator.py index 12cba34f1..74aab242e 100644 --- a/certbot-apache/certbot_apache/configurator.py +++ b/certbot-apache/certbot_apache/configurator.py @@ -18,6 +18,7 @@ from certbot import interfaces from certbot import util from certbot.plugins import common +from certbot.plugins.util import path_surgery from certbot_apache import augeas_configurator from certbot_apache import constants @@ -141,25 +142,6 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): return os.path.join(self.config.config_dir, constants.MOD_SSL_CONF_DEST) - def _path_surgery(self, restart_cmd): - """Mitigate https://github.com/certbot/certbot/issues/1833 - - :returns: " expanded" if an expansion of the PATH occurred; - "" otherwise - """ - dirs = ("/usr/sbin", "/usr/local/bin", "/usr/local/sbin") - path = os.environ["PATH"] - added = [] - for d in dirs: - if d not in path: - path += os.pathsep + d - added.append(d) - if any(added): - logger.debug("Can't find %s, attempting PATH mitigation by adding %s", - restart_cmd, os.pathsep.join(added)) - os.environ["PATH"] = path - return " expanded" - return "" def prepare(self): """Prepare the authenticator/installer. @@ -179,10 +161,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Verify Apache is installed restart_cmd = constants.os_constant("restart_cmd")[0] if not util.exe_exists(restart_cmd): - expanded = self._path_surgery(restart_cmd) - if not util.exe_exists(restart_cmd): - logger.warn("Failed to find %s in %s PATH: %s", - restart_cmd, expanded, os.environ["PATH"]) + if not path_surgery(restart_cmd): raise errors.NoInstallationError( 'Cannot find Apache control command {0}'.format(restart_cmd)) diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index d5139912e..eac16c7fe 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -49,11 +49,14 @@ class MultipleVhostsTest(util.ApacheTest): shutil.rmtree(self.config_dir) shutil.rmtree(self.work_dir) - @mock.patch("certbot_apache.configurator.util.exe_exists") - def test_prepare_no_install(self, mock_exe_exists): - mock_exe_exists.return_value = False - self.assertRaises( - errors.NoInstallationError, self.config.prepare) + @mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas") + @mock.patch("certbot_apache.configurator.path_surgery") + def test_prepare_no_install(self, mock_surgery, _init_augeas): + silly_path = {"PATH": "/tmp/nothingness2342"} + mock_surgery.return_value = False + with mock.patch.dict('os.environ', silly_path): + self.assertRaises(errors.NoInstallationError, self.config.prepare) + self.assertEquals(mock_surgery.call_count, 1) @mock.patch("certbot_apache.augeas_configurator.AugeasConfigurator.init_augeas") def test_prepare_no_augeas(self, mock_init_augeas): @@ -86,31 +89,6 @@ class MultipleVhostsTest(util.ApacheTest): self.assertRaises( errors.NotSupportedError, self.config.prepare) - @mock.patch("certbot_apache.configurator.logger.debug") - def test_path_surgery(self, mock_debug): - # pylint: disable=protected-access - all_path = {"PATH": "/usr/local/bin:/bin/:/usr/sbin/:/usr/local/sbin/"} - with mock.patch.dict('os.environ', all_path): - self.config._path_surgery("thingy") - self.assertEquals(mock_debug.call_count, 0) - self.assertEquals(os.environ["PATH"], all_path["PATH"]) - no_path = {"PATH": "/tmp/"} - with mock.patch.dict('os.environ', no_path): - self.config._path_surgery("thingy") - self.assertEquals(mock_debug.call_count, 1) - self.assertTrue("/usr/local/bin" in os.environ["PATH"]) - self.assertTrue("/tmp" in os.environ["PATH"]) - - @mock.patch("certbot_apache.configurator.ApacheConfigurator.init_augeas") - @mock.patch("certbot_apache.configurator.ApacheConfigurator._path_surgery") - @mock.patch("certbot_apache.configurator.logger.warn") - def test_no_install(self, mock_warn, mock_surgery, _init_augeas): - silly_path = {"PATH": "/tmp/nothingness2342"} - with mock.patch.dict('os.environ', silly_path): - self.assertRaises(errors.NoInstallationError, self.config.prepare) - self.assertEquals(mock_warn.call_count, 1) - self.assertEquals(mock_surgery.call_count, 1) - self.assertTrue("Failed to find" in mock_warn.call_args[0][0]) def test_add_parser_arguments(self): # pylint: disable=no-self-use from certbot_apache.configurator import ApacheConfigurator diff --git a/certbot/plugins/util.py b/certbot/plugins/util.py index 5fc98dff6..cdba88a87 100644 --- a/certbot/plugins/util.py +++ b/certbot/plugins/util.py @@ -1,15 +1,45 @@ """Plugin utilities.""" import logging +import os import socket import psutil import zope.component from certbot import interfaces +from certbot import util logger = logging.getLogger(__name__) +def path_surgery(restart_cmd): + """Attempt to perform PATH surgery to find restart_cmd + + Mitigates https://github.com/certbot/certbot/issues/1833 + + :param str restart_cmd: the command that is being searched for in the PATH + + :returns: True if the operation succeeded, False otherwise + """ + dirs = ("/usr/sbin", "/usr/local/bin", "/usr/local/sbin") + path = os.environ["PATH"] + added = [] + for d in dirs: + if d not in path: + path += os.pathsep + d + added.append(d) + + if any(added): + logger.debug("Can't find %s, attempting PATH mitigation by adding %s", + restart_cmd, os.pathsep.join(added)) + os.environ["PATH"] = path + + if util.exe_exists(restart_cmd): + return True + else: + expanded = " expanded" if any(added) else "" + logger.warn("Failed to find %s in%s PATH: %s", restart_cmd, expanded, path) + return False def already_listening(port, renewer=False): """Check if a process is already listening on the port. diff --git a/certbot/plugins/util_test.py b/certbot/plugins/util_test.py index 9bc8793c7..fa8b364d9 100644 --- a/certbot/plugins/util_test.py +++ b/certbot/plugins/util_test.py @@ -1,9 +1,33 @@ """Tests for certbot.plugins.util.""" +import os import unittest import mock import psutil +class PathSurgeryTest(unittest.TestCase): + """Tests for certbot.plugins.path_surgery.""" + + @mock.patch("certbot.plugins.util.logger.warn") + @mock.patch("certbot.plugins.util.logger.debug") + def test_path_surgery(self, mock_debug, mock_warn): + from certbot.plugins.util import path_surgery + all_path = {"PATH": "/usr/local/bin:/bin/:/usr/sbin/:/usr/local/sbin/"} + with mock.patch.dict('os.environ', all_path): + with mock.patch('certbot.util.exe_exists') as mock_exists: + mock_exists.return_value = True + self.assertEquals(path_surgery("eg"), True) + self.assertEquals(mock_debug.call_count, 0) + self.assertEquals(mock_warn.call_count, 0) + self.assertEquals(os.environ["PATH"], all_path["PATH"]) + no_path = {"PATH": "/tmp/"} + with mock.patch.dict('os.environ', no_path): + path_surgery("thingy") + self.assertEquals(mock_debug.call_count, 1) + self.assertEquals(mock_warn.call_count, 1) + self.assertTrue("Failed to find" in mock_warn.call_args[0][0]) + self.assertTrue("/usr/local/bin" in os.environ["PATH"]) + self.assertTrue("/tmp" in os.environ["PATH"]) class AlreadyListeningTest(unittest.TestCase): """Tests for certbot.plugins.already_listening.""" From 48b7c01a5925e476f6b4197fa34370cc07d97607 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 14:06:15 -0700 Subject: [PATCH 25/35] bring make_or_verify_dir docstring up to date --- certbot/util.py | 1 + 1 file changed, 1 insertion(+) diff --git a/certbot/util.py b/certbot/util.py index 301fc669b..2b40a0f2c 100644 --- a/certbot/util.py +++ b/certbot/util.py @@ -95,6 +95,7 @@ def make_or_verify_dir(directory, mode=0o755, uid=0, strict=False): :param str directory: Path to a directory. :param int mode: Directory mode. :param int uid: Directory owner. + :param bool strict: require directory to be owned by current user :raises .errors.Error: if a directory already exists, but has wrong permissions or owner From d7772217032235337405f8e4b62a9970f057a8fc Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 14:17:19 -0700 Subject: [PATCH 26/35] write make_or_verify_core_dir --- certbot/main.py | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/certbot/main.py b/certbot/main.py index d3f90926a..2a18aa528 100644 --- a/certbot/main.py +++ b/certbot/main.py @@ -702,6 +702,23 @@ def _handle_exception(exc_type, exc_value, trace, config): traceback.format_exception(exc_type, exc_value, trace))) +def make_or_verify_core_dir(directory, mode, uid, strict): + """Make sure directory exists with proper permissions. + + :param str directory: Path to a directory. + :param int mode: Directory mode. + :param int uid: Directory owner. + :param bool strict: require directory to be owned by current user + + :raises .errors.Error: if the directory cannot be made or verified + + """ + try: + util.make_or_verify_dir(directory, mode, uid, strict) + except OSError: + raise errors.Error(_PERM_ERR_FMT.format(directory)) + + def main(cli_args=sys.argv[1:]): """Command line argument parsing and main script execution.""" sys.excepthook = functools.partial(_handle_exception, config=None) @@ -712,16 +729,16 @@ def main(cli_args=sys.argv[1:]): config = configuration.NamespaceConfig(args) zope.component.provideUtility(config) - # Setup logging ASAP, otherwise "No handlers could be found for - # logger ..." TODO: this should be done before plugins discovery - for directory in config.config_dir, config.work_dir: - util.make_or_verify_dir( - directory, constants.CONFIG_DIRS_MODE, os.geteuid(), - "--strict-permissions" in cli_args) + make_or_verify_core_dir(config.config_dir, constants.CONFIG_DIRS_MODE, + os.geteuid(), config.strict_permissions) + make_or_verify_core_dir(config.work_dir, constants.CONFIG_DIRS_MODE, + os.geteuid(), config.strict_permissions) # TODO: logs might contain sensitive data such as contents of the # private key! #525 - util.make_or_verify_dir( - config.logs_dir, 0o700, os.geteuid(), "--strict-permissions" in cli_args) + make_or_verify_core_dir(config.logs_dir, 0o700, + os.geteuid(), config.strict_permissions) + # Setup logging ASAP, otherwise "No handlers could be found for + # logger ..." TODO: this should be done before plugins discovery setup_logging(config, _cli_log_handler, logfile='letsencrypt.log') cli.possible_deprecation_warning(config) From e598e907bdbfb69418e6909a5e0f8bc3eb1994e4 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 14:54:51 -0700 Subject: [PATCH 27/35] create MakeOrVerifyCoreDirTest --- certbot/tests/main_test.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/certbot/tests/main_test.py b/certbot/tests/main_test.py index 5f6723bd7..32df525f0 100644 --- a/certbot/tests/main_test.py +++ b/certbot/tests/main_test.py @@ -1,4 +1,5 @@ """Tests for certbot.main.""" +import os import shutil import tempfile import unittest @@ -66,5 +67,30 @@ class SetupLogFileHandlerTest(unittest.TestCase): self.config, "test.log", "%s") +class MakeOrVerifyCoreDirTest(unittest.TestCase): + """Tests for certbot.main.make_or_verify_core_dir.""" + + def setUp(self): + self.dir = tempfile.mkdtemp() + + def tearDown(self): + shutil.rmtree(self.dir) + + def _call(self, *args, **kwargs): + from certbot.main import make_or_verify_core_dir + return make_or_verify_core_dir(*args, **kwargs) + + def test_success(self): + new_dir = os.path.join(self.dir, 'new') + self._call(new_dir, 0o700, os.geteuid(), False) + self.assertTrue(os.path.exists(new_dir)) + + @mock.patch('certbot.main.util.make_or_verify_dir') + def test_failure(self, mock_make_or_verify): + mock_make_or_verify.side_effect = OSError + self.assertRaises(errors.Error, self._call, + self.dir, 0o700, os.geteuid(), False) + + if __name__ == '__main__': unittest.main() # pragma: no cover From 9372914c67e189c00a4f6c4143011811b4a617d9 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 8 Jul 2016 15:51:31 -0700 Subject: [PATCH 28/35] Improve error message --- certbot/main.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/certbot/main.py b/certbot/main.py index 2a18aa528..8bccc524d 100644 --- a/certbot/main.py +++ b/certbot/main.py @@ -36,9 +36,10 @@ from certbot.plugins import disco as plugins_disco from certbot.plugins import selection as plug_sel -_PERM_ERR_FMT = ("An error occurred while trying to create or modify {0}. To " - "run as non-root, set --config-dir, --logs-dir, and " - "--work-dir to writeable paths.") +_PERM_ERR_FMT = os.linesep.join(( + "The following error was encountered:", "{0}", + "If running as non-root, set --config-dir, " + "--logs-dir, and --work-dir to writeable paths.")) logger = logging.getLogger(__name__) @@ -601,8 +602,8 @@ def setup_log_file_handler(config, logfile, fmt): try: handler = logging.handlers.RotatingFileHandler( log_file_path, maxBytes=2 ** 20, backupCount=10) - except IOError: - raise errors.Error(_PERM_ERR_FMT.format(log_file_path)) + except IOError as error: + raise errors.Error(_PERM_ERR_FMT.format(error)) # rotate on each invocation, rollover only possible when maxBytes # is nonzero and backupCount is nonzero, so we set maxBytes as big # as possible not to overrun in single CLI invocation (1MB). @@ -715,8 +716,8 @@ def make_or_verify_core_dir(directory, mode, uid, strict): """ try: util.make_or_verify_dir(directory, mode, uid, strict) - except OSError: - raise errors.Error(_PERM_ERR_FMT.format(directory)) + except OSError as error: + raise errors.Error(_PERM_ERR_FMT.format(error)) def main(cli_args=sys.argv[1:]): From 68500cd4361bd0d07167c8f42a77adec3ac034f9 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Sat, 9 Jul 2016 15:13:09 -0700 Subject: [PATCH 29/35] Don't allow dollar_var to swalllow characters like "{" --- certbot-nginx/certbot_nginx/nginxparser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot-nginx/certbot_nginx/nginxparser.py b/certbot-nginx/certbot_nginx/nginxparser.py index 0cc912515..1859777d8 100644 --- a/certbot-nginx/certbot_nginx/nginxparser.py +++ b/certbot-nginx/certbot_nginx/nginxparser.py @@ -23,7 +23,7 @@ class RawNginxParser(object): right_bracket = space.leaveWhitespace() + Literal("}").suppress() semicolon = Literal(";").suppress() key = Word(alphanums + "_/+-.") - dollar_var = Combine(Literal('$') + nonspace) + dollar_var = Combine(Literal('$') + Regex(r"[^\{\};,\s]+")) condition = Regex(r"\(.+\)") # Matches anything that is not a special character AND any chars in single # or double quotes From 9bc50d4a4761e6734389697b1cdff1c5339726d7 Mon Sep 17 00:00:00 2001 From: Blake Griffith Date: Mon, 11 Jul 2016 12:43:33 -0500 Subject: [PATCH 30/35] Try to fix travis-ci lint failure --- certbot-apache/certbot_apache/tests/configurator_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot-apache/certbot_apache/tests/configurator_test.py b/certbot-apache/certbot_apache/tests/configurator_test.py index 633757de4..99b1b8b74 100644 --- a/certbot-apache/certbot_apache/tests/configurator_test.py +++ b/certbot-apache/certbot_apache/tests/configurator_test.py @@ -1,4 +1,4 @@ -# pylint: disable=too-many-public-methods +# pylint: disable=too-many-public-methods,too-many-lines """Test for certbot_apache.configurator.""" import os import shutil From b48ddac5285572129937661e0e8291a329d3bb98 Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Mon, 11 Jul 2016 13:58:21 -0700 Subject: [PATCH 31/35] Initial version of nginx parser roundtrip test --- certbot-compatibility-test/nginx/README | 27 ++++ .../79-configs/site-10033 | 34 +++++ .../79-configs/site-10571 | 71 +++++++++ .../79-configs/site-10591 | 38 +++++ .../79-configs/site-10920 | 16 +++ .../79-configs/site-10947 | 40 ++++++ .../79-configs/site-11018 | 37 +++++ .../79-configs/site-11046 | 36 +++++ .../79-configs/site-11382 | 29 ++++ .../79-configs/site-1167 | 38 +++++ .../79-configs/site-11849 | 36 +++++ .../79-configs/site-12027 | 29 ++++ .../79-configs/site-12235 | 33 +++++ .../79-configs/site-12649 | 45 ++++++ .../79-configs/site-13577 | 38 +++++ .../79-configs/site-14402 | 33 +++++ .../79-configs/site-14430 | 54 +++++++ .../79-configs/site-15141 | 36 +++++ .../79-configs/site-15270 | 38 +++++ .../79-configs/site-15291 | 112 +++++++++++++++ .../79-configs/site-15456 | 39 +++++ .../79-configs/site-15497 | 35 +++++ .../79-configs/site-15852 | 38 +++++ .../79-configs/site-16345 | 34 +++++ .../79-configs/site-17175 | 14 ++ .../79-configs/site-17832 | 32 +++++ .../79-configs/site-17942 | 32 +++++ .../79-configs/site-18018 | 36 +++++ .../79-configs/site-18069 | 39 +++++ .../79-configs/site-19334 | 39 +++++ .../79-configs/site-19639 | 39 +++++ .../79-configs/site-1966 | 36 +++++ .../79-configs/site-19791 | 34 +++++ .../79-configs/site-19955 | 36 +++++ .../79-configs/site-21369 | 33 +++++ .../79-configs/site-21549 | 32 +++++ .../79-configs/site-230 | 33 +++++ .../79-configs/site-23325 | 74 ++++++++++ .../79-configs/site-23470 | 56 ++++++++ .../79-configs/site-23791 | 33 +++++ .../79-configs/site-23803 | 32 +++++ .../79-configs/site-23838 | 32 +++++ .../79-configs/site-24125 | 7 + .../79-configs/site-24193 | 62 ++++++++ .../79-configs/site-24213 | 36 +++++ .../79-configs/site-25480 | 32 +++++ .../79-configs/site-26195 | 26 ++++ .../79-configs/site-26221 | 32 +++++ .../79-configs/site-26637 | 32 +++++ .../79-configs/site-26758 | 21 +++ .../79-configs/site-27646 | 37 +++++ .../79-configs/site-27728 | 5 + .../79-configs/site-27736 | 32 +++++ .../79-configs/site-27812 | 36 +++++ .../79-configs/site-28050 | 36 +++++ .../79-configs/site-28690 | 32 +++++ .../79-configs/site-29159 | 33 +++++ .../79-configs/site-2951 | 67 +++++++++ .../79-configs/site-30011 | 37 +++++ .../79-configs/site-30571 | 31 ++++ .../79-configs/site-31900 | 33 +++++ .../79-configs/site-32190 | 4 + .../79-configs/site-32279 | 25 ++++ .../79-configs/site-32317 | 32 +++++ .../79-configs/site-32438 | 46 ++++++ .../79-configs/site-3483 | 32 +++++ .../79-configs/site-3507 | 44 ++++++ .../79-configs/site-3874 | 46 ++++++ .../79-configs/site-4035 | 31 ++++ .../79-configs/site-4143 | 33 +++++ .../79-configs/site-4264 | 12 ++ .../79-configs/site-5826 | 38 +++++ .../79-configs/site-5872 | 36 +++++ .../79-configs/site-6228 | 39 +++++ .../79-configs/site-7895 | 32 +++++ .../79-configs/site-8343 | 36 +++++ .../79-configs/site-8422 | 46 ++++++ .../79-configs/site-8637 | 40 ++++++ .../79-configs/site-8662 | 32 +++++ .../79-configs/site-9426 | 111 ++++++++++++++ .../activecolab/www.example.com.vhost | 44 ++++++ .../chive/chive-nginx-master/fastcgi.conf | 9 ++ .../chive/chive-nginx-master/fastcgi_params | 32 +++++ .../chive/chive-nginx-master/koi-utf | 109 ++++++++++++++ .../chive/chive-nginx-master/koi-win | 103 +++++++++++++ .../chive-nginx-master/map_https_fcgi.conf | 7 + .../chive/chive-nginx-master/mime.types | 77 ++++++++++ .../chive/chive-nginx-master/nginx.conf | 119 +++++++++++++++ .../chive-nginx-master/reverse_proxy.conf | 10 ++ .../sites-available/000-default | 19 +++ .../sites-available/chive.example.com.conf | 102 +++++++++++++ .../secure.chive.example.com.conf | 135 ++++++++++++++++++ .../upstream_phpapache.conf | 8 ++ .../chive-nginx-master/upstream_phpcgi.conf | 8 ++ .../chive/chive-nginx-master/win-utf | 126 ++++++++++++++++ .../cms-made-simple/nginx.conf | 17 +++ .../codeigniter/nginx-alt.conf | 25 ++++ .../codeigniter/nginx.conf | 22 +++ .../contao/sites-available/example.com.vhost | 41 ++++++ .../cs-cart/sites-available/example.com.vhost | 65 +++++++++ .../djangofastcgi/large.conf | 98 +++++++++++++ .../djangofastcgi/nginx.conf | 34 +++++ .../dokuwiki/dokuwiki.conf | 30 ++++ .../dokuwiki/drop.conf | 4 + .../dokuwiki/full.conf | 61 ++++++++ .../dokuwiki/nginx-no-ssl.conf | 29 ++++ .../dokuwiki/nginx.conf | 30 ++++ .../drupal/nginx.conf | 95 ++++++++++++ .../dynamic_ssi/nginx.conf | 39 +++++ .../nginx-roundtrip-testdata/elgg/nginx.conf | 84 +++++++++++ .../embeddedperlminifyjs/nginx.conf | 19 +++ .../embeddedperlsitemapsproxy/nginx.conf | 29 ++++ .../expressionengine/bad.conf | 24 ++++ .../expressionengine/better.conf | 24 ++++ .../expressionengine/yourpath.conf | 37 +++++ .../fastcgiexample/fastcgi.conf | 18 +++ .../fastcgiexample/nginx.conf | 6 + .../sites-available/www.example.com.vhost | 33 +++++ .../full-example/fastcgi.conf | 21 +++ .../full-example/mime.types | 48 +++++++ .../full-example/nginx.conf | 70 +++++++++ .../full-example/proxy.conf | 10 ++ .../fullexample2/nginx.conf | 126 ++++++++++++++++ .../nginx-roundtrip-testdata/geoip/nginx.conf | 9 ++ .../guide-to-nginx-ssl-spdy-hsts/nginx.conf | 120 ++++++++++++++++ .../hardwarelberrors/nginx.conf | 22 +++ .../sites-available/www.example.com.vhost | 66 +++++++++ .../nginx.conf | 39 +++++ .../nginx.conf | 27 ++++ .../imapproxyexample/nginx.conf | 38 +++++ .../imapproxyexample/proxy-example.conf | 20 +++ .../iphone-website-with-nginx/mobile.conf | 37 +++++ .../iphone-website-with-nginx/nginx.conf | 33 +++++ .../iredmail/iredadmin.conf | 31 ++++ .../iredmail/nginx.conf | 43 ++++++ .../javaservers/nginx.conf | 49 +++++++ .../joomla/nginx.conf | 39 +++++ .../likeapache/nginx.conf | 11 ++ .../loadbalanceexample/nginx.conf | 16 +++ .../mailman/nginx.conf | 37 +++++ .../mediawiki/nginx.conf | 44 ++++++ .../memcachepreload/sites-available/default | 12 ++ .../minio/sites-enabled/nginx.conf | 10 ++ .../nginx-roundtrip-testdata/mono/nginx.conf | 36 +++++ .../nginx-roundtrip-testdata/mybb/nginx.conf | 27 ++++ .../nonrootwebpath/nginx.conf | 7 + .../nginx-roundtrip-testdata/omeka/nginx.conf | 50 +++++++ .../oscommerce/nginx.conf | 50 +++++++ .../osticket/nginx.conf | 71 +++++++++ .../sites-available/www.example.com.vhost | 75 ++++++++++ .../sites-available/www.example.com.vhost | 66 +++++++++ .../php-fpm/default.conf | 9 ++ .../phpbb/nginx.sample.conf | 129 +++++++++++++++++ .../phpfastcgionwindows/nginx.conf | 8 ++ .../phpfcgi/fastcgi_params | 27 ++++ .../phpfcgi/nginx.conf | 10 ++ .../phplist/nginx.conf | 44 ++++++ .../nginx-roundtrip-testdata/piwik/nginx.conf | 70 +++++++++ .../pmwiki/nginx.conf | 39 +++++ .../sites-available/www.example.com.vhost | 75 ++++++++++ .../sites-available/www.example.com.vhost | 64 +++++++++ .../pylons/nginx.vhost.conf | 11 ++ .../pyrocms/drop.conf | 4 + .../pyrocms/fastcgi_params | 31 ++++ .../pyrocms/nginx.conf | 50 +++++++ .../qwebric/redirect.conf | 6 + .../qwebric/reverse-proxy.conf | 18 +++ .../sites-available/www.example.com.vhost | 46 ++++++ .../redmine/nginx.conf | 19 +++ .../reverseproxycachingexample/nginx.conf | 14 ++ .../sites-available/example.com.vhost.conf | 46 ++++++ .../nginx.conf | 20 +++ .../server_blocks/catchall.conf | 13 ++ .../server_blocks/two.conf | 17 +++ .../server_blocks/wildcard-subdomains.conf | 31 ++++ .../sites-available/www.example.com.vhost | 75 ++++++++++ .../sites-available/www.example.com.vhost | 53 +++++++ .../silverstripe/nginx.conf | 72 ++++++++++ .../simplecgi/nginx.conf | 26 ++++ .../sites-available/www.example.com.vhost | 78 ++++++++++ .../simplepythonfcgi/fastcgi.conf | 20 +++ .../simplepythonfcgi/nginx.conf | 17 +++ .../simplerubyfcgi/nginx.conf | 32 +++++ .../nginx-roundtrip-testdata/spip/nginx.conf | 24 ++++ .../sites-available/www.example.com.vhost | 39 +++++ .../symfony/nginx.conf | 54 +++++++ .../nginx-roundtrip-testdata/symfony/old.conf | 70 +++++++++ .../symfony/oldold.conf | 50 +++++++ .../sites-available/www.example.com.vhost | 89 ++++++++++++ .../sites-available/www.example.com.vhost | 91 ++++++++++++ .../wordpress-caching/no-cache.conf | 41 ++++++ .../wordpress-caching/supercache.conf | 74 ++++++++++ .../wordpress-caching/total-cache.conf | 41 ++++++ .../totalcache-enhanced.conf | 64 +++++++++ .../wordpress/multisite-subdir.conf | 47 ++++++ .../wordpress/multisite-subdomain.conf | 39 +++++ .../wordpress/nginx.conf | 43 ++++++ .../xenforo/nginx.conf | 18 +++ .../nginx-roundtrip-testdata/yii/nginx.conf | 42 ++++++ .../nginx-roundtrip-testdata/zend/nginx.conf | 16 +++ .../zenphoto/nginx.conf | 93 ++++++++++++ .../nginx-roundtrip-testdata/zope/nginx.conf | 18 +++ certbot-compatibility-test/nginx/roundtrip.py | 34 +++++ 203 files changed, 8263 insertions(+) create mode 100644 certbot-compatibility-test/nginx/README create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/secure.chive.example.com.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpapache.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/win-utf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cms-made-simple/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx-alt.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/contao/sites-available/example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cs-cart/sites-available/example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/large.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/dokuwiki.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/drop.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/full.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx-no-ssl.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/drupal/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dynamic_ssi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/elgg/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlminifyjs/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlsitemapsproxy/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/bad.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/better.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/yourpath.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/fastcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fengoffice/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/fastcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/mime.types create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/proxy.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fullexample2/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/geoip/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/guide-to-nginx-ssl-spdy-hsts/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/hardwarelberrors/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/icinga/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapacheperlscript/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapachephpscript/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/proxy-example.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/mobile.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/iredadmin.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/javaservers/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/joomla/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/likeapache/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/loadbalanceexample/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mailman/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mediawiki/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/memcachepreload/sites-available/default create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/minio/sites-enabled/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mono/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mybb/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/nonrootwebpath/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/omeka/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oscommerce/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/osticket/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/owncloud/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oxid-eshop/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/php-fpm/default.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpbb/nginx.sample.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfastcgionwindows/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/fastcgi_params create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phplist/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/piwik/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pmwiki/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/prestashop/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/processwire/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pylons/nginx.vhost.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/drop.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/fastcgi_params create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/redirect.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/reverse-proxy.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redaxo/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redmine/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/reverseproxycachingexample/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/roundcube/sites-available/example.com.vhost.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/separateerrorloggingpervirtualhost/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/catchall.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/two.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/wildcard-subdomains.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware4/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/silverstripe/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplecgi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplegroupware/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/fastcgi.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplerubyfcgi/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/spip/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/sugarcrm/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/old.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/oldold.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-4.6/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-6.2/sites-available/www.example.com.vhost create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/no-cache.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/supercache.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/total-cache.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/totalcache-enhanced.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdir.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdomain.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/xenforo/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/yii/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zend/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zenphoto/nginx.conf create mode 100644 certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zope/nginx.conf create mode 100644 certbot-compatibility-test/nginx/roundtrip.py diff --git a/certbot-compatibility-test/nginx/README b/certbot-compatibility-test/nginx/README new file mode 100644 index 000000000..f32de2148 --- /dev/null +++ b/certbot-compatibility-test/nginx/README @@ -0,0 +1,27 @@ +Eventually there will also be a compatibility test here like the Apache one. + +Right now, this is data for the roundtrip test (checking that the parser +can parse each file and that the reserialized config file it generates is +identical to the original). + +If run in a virtualenv or otherwise so that certbot_nginx can be imported, +the roundtrip test can run as + +python roundtrip.py nginx-roundtrip-testdata + +It gives exit status 0 for success and 1 if at least one parse or roundtrip +failure occurred. + + +The directory nginx-roundtrip-testdata includes some config files that were +contributed to our project as well as most of the configs linked from + +https://www.nginx.com/resources/wiki/start/ + +Some exceptions that were skipped are + +https://www.nginx.com/resources/wiki/start/topics/recipes/moinmoin/ +https://www.nginx.com/resources/wiki/start/topics/examples/SSL-Offloader/ (not much nginx configuration) +https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ (likewise) +https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/ +https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/ diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 new file mode 100644 index 000000000..19dc49444 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 @@ -0,0 +1,34 @@ +upstream django_server_random18709.example.org { + server unix:/srv/http/random22194/live/website.sock; +} + +server { + listen 80; + server_name random18709.example.org; + + location /media/ { + alias /srv/http/random22194/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random18709.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random22194/live/access.log combined_plus; + error_log /var/log/nginx/random22194/live/error.log; +} + +server { + server_name www.random18709.example.org; + server_name random24607.example.org www.random24607.example.org; + return 301 http://random18709.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 new file mode 100644 index 000000000..fe95ac8dc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 @@ -0,0 +1,71 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 443; + server_name www.random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + + +server { + listen 443; + server_name random1413.example.org www.random1413.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random1413.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random1413.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 443; + server_name random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 80; + server_name random1413.example.org www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + server_name random25266.example.org www.random25266.example.org; + server_name random26791.example.org www.random26791.example.org; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 new file mode 100644 index 000000000..103b56009 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 @@ -0,0 +1,38 @@ +upstream django_server_random11921.example.org { + server unix:/srv/http/random9726/acceptance/website.sock; +} + +server { + listen 80; + server_name random11921.example.org www.random11921.example.org; + + if ($host != 'random11921.example.org') { + rewrite ^/(.*)$ http://random11921.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random9726/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random9726/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11921.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + error_page 502 503 504 /50x.html; + } + + location /50x.html { + root /usr/share/nginx/www/; + } + + access_log /var/log/nginx/random9726/acceptance/access.log combined_plus; + error_log /var/log/nginx/random9726/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 new file mode 100644 index 000000000..0f7c55762 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 @@ -0,0 +1,16 @@ +server { + listen 80 default; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random27802/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 new file mode 100644 index 000000000..a09605d03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 @@ -0,0 +1,40 @@ +upstream django_server_acceptance.random8289.random17507.example.org { + server unix:/srv/http/random8289/acceptance/website.sock; +} + +server { + listen 80; + server_name random23045.example.org; + + location /media/ { + alias /srv/http/random8289/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptance.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random8289 acceptance'; + auth_basic_user_file /srv/http/random8289/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random8289/acceptance/access.log combined_plus; + error_log /var/log/nginx/random8289/acceptance/error.log; +} + +server { + server_name www.random23045.example.org; + return 301 http://random23045.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 new file mode 100644 index 000000000..8aceca7ca --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 @@ -0,0 +1,37 @@ +upstream django_server_random24036.example.org { + server unix:/srv/http/random1006/live/website.sock; +} + +server { + listen 80; + server_name random24036.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/live/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random24036.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random1006/live/access.log combined_plus; + error_log /var/log/nginx/random1006/live/error.log; +} + +server { + server_name www.random24036.example.org; + server_name random32349.example.org www.random32349.example.org; + server_name random23794.example.org www.random23794.example.org; + rewrite ^ http://random24036.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 new file mode 100644 index 000000000..1d81e5b52 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 @@ -0,0 +1,36 @@ +upstream django_server_random25979.example.org { + server unix:/srv/http/random24211/internal/website.sock; +} + +server { + listen 80; + server_name random25979.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25979.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24211'; + auth_basic_user_file /srv/http/random24211/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24211/internal/access.log combined_plus; + error_log /var/log/nginx/random24211/internal/error.log; +} + +server { + server_name www.random25979.example.org; + rewrite ^ http://intern.random24211.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 new file mode 100644 index 000000000..0dc1af725 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 @@ -0,0 +1,29 @@ +server { + listen 80; + listen 7891; # User0 + listen 8080; # User1 + listen 8900; # User2 + listen 8912; # User3 + listen 3567; # User4 + + server_name random666.example.org www.random666.example.org; + + root /srv/http/random666.example.org; + index index.html index.htm; + + location /duif_assets/ { + try_files $uri $uri/ =404; + } + + location /index.html { + try_files $uri $uri/ =404; + } + + location / { + rewrite ^.+$ / break; + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random666.example.org/access.log combined_plus; + error_log /var/log/nginx/random666.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 new file mode 100644 index 000000000..13210b056 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 @@ -0,0 +1,38 @@ +upstream django_server_random23900.example.org { + server unix:/srv/http/random29467/acceptance/website.sock; +} + +server { + listen 80; + server_name random23900.example.org www.random23900.example.org; + + if ($host != 'random23900.example.org') { + rewrite ^/(.*)$ http://random23900.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random23900.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random29467 acceptance"; + auth_basic_user_file htpasswords/random29467_acceptance; + + } + + access_log /var/log/nginx/random29467/acceptance/access.log combined_plus; + error_log /var/log/nginx/random29467/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 new file mode 100644 index 000000000..8a8c90b7e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 @@ -0,0 +1,36 @@ +upstream django_server_random3140.example.org { + server unix:/srv/http/random2912/live/website.sock; +} + +server { + listen 80; + server_name random3140.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random3140.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random2912/live/access.log combined_plus; + error_log /var/log/nginx/random2912/live/error.log; +} + +server { + server_name www.random3140.example.org; + server_name random28398.example.org; + server_name random23689.example.org www.random23689.example.org; + server_name random25863.example.org www.random25863.example.org; + + rewrite ^ http://random3140.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 new file mode 100644 index 000000000..9d74e2098 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 @@ -0,0 +1,29 @@ +upstream django_server_random6410.example.org { + server unix:/srv/http/random28641/live/website.sock; +} + +server { + listen 80; + server_name www.random6410.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/live/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6410.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random28641/live/access.log combined_plus; + error_log /var/log/nginx/random28641/live/error.log; +} + +server { + server_name random6410.example.org; + rewrite ^ http://www.random6410.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 new file mode 100644 index 000000000..17ba72db4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 @@ -0,0 +1,33 @@ +server { + server_name random18267.example.org; + gzip on; + gzip_min_length 2000; + gzip_proxied any; + gzip_types application/json; + + client_max_body_size 30M; + + root /srv/http/random23264/data; + + # Security + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + + # try serving docs and (md5/immutable) directly + location ~ \+(f|doc)/ { + try_files $uri @proxy_to_app; + } + location / { + # XXX how to tell nginx to just refer to @proxy_to_app here? + try_files /.lqkwje @proxy_to_app; + } + location @proxy_to_app { + proxy_pass http://random20604.example.org:4040; + proxy_set_header X-outside-url $scheme://$host; + proxy_set_header X-Real-IP $remote_addr; + } + + access_log /var/log/nginx/random23264/access.log combined_plus; + error_log /var/log/nginx/random23264/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 new file mode 100644 index 000000000..af5a22620 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 @@ -0,0 +1,45 @@ +upstream django_server_random10305.example.org { + server unix:/srv/http/random23322/live/website.sock; +} + +server { + listen 80; + server_name random10305.example.org; + + location /media/ { + alias /srv/http/random23322/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random23322/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10305.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random23322/live/access.log combined_plus; + error_log /var/log/nginx/random23322/live/error.log; +} + +server { + listen 80; + + server_name random13399.example.org; + server_name www.random10305.example.org; + server_name random17958.example.org www.random17958.example.org; + server_name random15266.example.org www.random15266.example.org; + server_name random21296.example.org www.random21296.example.org; + server_name random5261.example.org www.random5261.example.org; + server_name random679.example.org www.random679.example.org; + server_name random31788.example.org www.random31788.example.org; + server_name random22704.example.org www.random22704.example.org; + server_name random17411.example.org www.random17411.example.org; + + return 301 http://random10305.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 new file mode 100644 index 000000000..d7a17f76e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 @@ -0,0 +1,38 @@ +upstream django_server_random30837.example.org { + server unix:/srv/http/random30992/live/website.sock; +} + +server { + listen 80; + server_name www.random30837.example.org; + + location ^~ /media/ { + alias /srv/http/random30992/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random30992/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random30837.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random30992/live/access.log combined_plus; + error_log /var/log/nginx/random30992/live/error.log; +} + +server { + server_name random30837.example.org; + server_name random3263.example.org www.random3263.example.org; + server_name random6771.example.org www.random6771.example.org; + server_name random17696.example.org www.random17696.example.org; + server_name random7179.example.org www.random7179.example.org; + server_name random8127.example.org www.random8127.example.org; + + rewrite ^ http://www.random30837.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 new file mode 100644 index 000000000..ca9ca2f61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 @@ -0,0 +1,33 @@ +upstream django_server_random17705.example.org { + server unix:/srv/http/random8289/internal/website.sock; +} + +server { + listen 80; + server_name random17705.example.org; + + location /media/ { + alias /srv/http/random8289/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17705.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random8289/internal/access.log combined_plus; + error_log /var/log/nginx/random8289/internal/error.log; +} + +server { + server_name www.random17705.example.org; + return 301 http://random17705.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 new file mode 100644 index 000000000..7caf7b2a4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 @@ -0,0 +1,54 @@ +upstream django_server_random17507.example.org { + server unix:/srv/http/random7740/live/website.sock; +} + +server { + listen 80; + server_name random17507.example.org; + + location ^~ /media/ { + alias /srv/http/random7740/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7740/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random7740/live/access.log combined_plus; + error_log /var/log/nginx/random7740/live/error.log; +} + +server { + server_name www.random17507.example.org; + server_name random31197.example.org www.random31197.example.org; + server_name random19579.example.org www.random19579.example.org; + server_name random16629.example.org www.random16629.example.org; + server_name random28363.example.org www.random28363.example.org; + server_name random30185.example.org www.random30185.example.org; + server_name random22326.example.org www.random22326.example.org; + server_name random3622.example.org www.random3622.example.org; + server_name random1463.example.org www.random1463.example.org; + server_name random23341.example.org www.random23341.example.org; + server_name random2214.example.org www.random2214.example.org; + server_name random22684.example.org www.random22684.example.org; + server_name random6606.example.org www.random6606.example.org; + server_name random29138.example.org www.random29138.example.org; + server_name random15109.example.org www.random15109.example.org; + server_name random8002.example.org www.random8002.example.org; + server_name random16836.example.org www.random16836.example.org; + server_name random22283.example.org www.random22283.example.org; + + location = /googleXXXXXXXXXXXXXXXX.html { + alias /srv/http/random7740/live/website/templates/googleXXXXXXXXXXXXXXXX.html; + } + + rewrite ^ http://random17507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 new file mode 100644 index 000000000..2b2689f09 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 @@ -0,0 +1,36 @@ +upstream django_server_acceptatie.random20374.nl { + server unix:/srv/http/random20374/acceptance/website.sock; +} + +server { + listen 80; + server_name random28586.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptatie.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random20374'; + auth_basic_user_file /srv/http/random20374/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/acceptance/access.log combined_plus; + error_log /var/log/nginx/random20374/acceptance/error.log; +} + +server { + server_name www.random28586.example.org; + rewrite ^ http://random28586.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 new file mode 100644 index 000000000..b4f4bd61c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 @@ -0,0 +1,38 @@ +upstream django_server_random6822.example.org { + server unix:/srv/http/random7047/live/website.sock; +} + +server { + listen 8443; + server_name random6822.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location /media/ { + alias /srv/http/random7047/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random7047/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6822.example.org; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random7047/live/access.log combined_plus; + error_log /var/log/nginx/random7047/live/error.log; +} + +server { + listen 80; + server_name random6822.example.org; + + rewrite ^/(.*) https://random6822.example.org:8443/$1; +} + + diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 new file mode 100644 index 000000000..fa09bed93 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 @@ -0,0 +1,112 @@ +# You may add here your +# server { +# ... +# } +# statements for each of your virtual hosts to this file + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + root /usr/share/nginx/html; + index index.html index.htm; + + # Make site accessible from http://random20604.example.org/ + server_name random20604.example.org; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + # Uncomment to enable naxsi on this location + # include /etc/nginx/naxsi.rules + } + + # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests + #location /RequestDenied { + # proxy_pass http://127.0.0.1:8080; + #} + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + #error_page 500 502 503 504 /50x.html; + #location = /50x.html { + # root /usr/share/nginx/html; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + # + # # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php5-fpm: + # fastcgi_pass unix:/var/run/php5-fpm.sock; + # fastcgi_index index.php; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# another virtual host using mix of IP-, name-, and port-based configuration +# +#server { +# listen 8000; +# listen random20605.example.org:8080; +# server_name random20605.example.org alias another.alias; +# root html; +# index index.html index.htm; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + + +# HTTPS server +# +#server { +# listen 443; +# server_name random20604.example.org; +# +# root html; +# index index.html index.htm; +# +# ssl on; +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; +# +# ssl_session_timeout 5m; +# +# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; +# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; +# ssl_prefer_server_ciphers on; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 new file mode 100644 index 000000000..273694b51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 @@ -0,0 +1,39 @@ +upstream django_server_random29275.example.org { + server unix:/srv/http/random14353/internal/website.sock; +} + +server { + listen 80; + server_name random29275.example.org; + + location /media/ { + alias /srv/http/random14353/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29275.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'internal for random14353'; + auth_basic_user_file /srv/http/random14353/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/internal/access.log; + error_log /var/log/nginx/random14353/internal/error.log; +} + +server { + server_name www.random29275.example.org; + return 301 http://random29275.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 new file mode 100644 index 000000000..86a8980d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 @@ -0,0 +1,35 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random29227/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location /media/ { + alias /srv/http/random29227/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random29227/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29227/live/access.log combined_plus; + error_log /var/log/nginx/random29227/live/error.log; +} +server { + server_name random5297.example.org www.random5297.example.org; + server_name random17050.example.org www.random17050.example.org; + server_name www.random16112.example.org; + + return 301 http://random16112.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 new file mode 100644 index 000000000..32b88c62f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 @@ -0,0 +1,38 @@ +upstream django_server_random7474.example.org { + server unix:/srv/http/random4886/acceptance/website.sock; +} + +server { + listen 80; + server_name random7474.example.org; + + location /media/ { + alias /srv/http/random4886/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7474.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random4886'; + auth_basic_user_file /srv/http/random4886/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + client_max_body_size 20m; + + access_log /var/log/nginx/random4886/acceptance/access.log; + error_log /var/log/nginx/random4886/acceptance/error.log; +} + +server { + server_name www.random7474.example.org; + return 301 http://random7474.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 new file mode 100644 index 000000000..ac8ce609c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 @@ -0,0 +1,34 @@ +upstream django_server_random25713.example.org { + server unix:/srv/http/random24922/live/website.sock; +} + +server { + listen 80; + server_name random25713.example.org; + + location /media/ { + alias /srv/http/random24922/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random24922/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25713.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24922/live/access.log; + error_log /var/log/nginx/random24922/live/error.log; +} + +server { + server_name www.random25713.example.org; + return 301 http://random25713.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 new file mode 100644 index 000000000..e733a70ed --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 @@ -0,0 +1,14 @@ +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + index index.html index.htm; + root /srv/http/random11461/countdown/; + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 new file mode 100644 index 000000000..4a0967de8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 @@ -0,0 +1,32 @@ +upstream django_server_random6430.example.org { + server unix:/srv/http/random550/internal/website.sock; +} + +server { + listen 80; + server_name random6430.example.org; + + location /media/ { + alias /srv/http/random550/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6430.example.org; + include /etc/nginx/django_proxy_params; + + } + + access_log /var/log/nginx/random550/internal/access.log combined_plus; + error_log /var/log/nginx/random550/internal/error.log; +} + +server { + server_name www.random6430.example.org; + return 301 http://random6430.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 new file mode 100644 index 000000000..a3b10eed6 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 @@ -0,0 +1,32 @@ +upstream django_server_random25647.example.org { + server unix:/srv/http/random11461/live/website.sock; +} + +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random11461/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random11461/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25647.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 new file mode 100644 index 000000000..63b68d6ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 @@ -0,0 +1,36 @@ +upstream django_server_intern.random20374.nl { + server unix:/srv/http/random20374/internal/website.sock; +} + +server { + listen 80; + server_name random23818.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_intern.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random20374'; + auth_basic_user_file /srv/http/random20374/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/internal/access.log combined_plus; + error_log /var/log/nginx/random20374/internal/error.log; +} + +server { + server_name www.random23818.example.org; + rewrite ^ http://random23818.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 new file mode 100644 index 000000000..d6d4e5bea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 @@ -0,0 +1,39 @@ +upstream django_server_random7949.example.org { + server unix:/srv/http/random1006/acceptance/website.sock; +} + +server { + listen 80; + server_name random7949.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/acceptance/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random7949.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random1006'; + auth_basic_user_file /srv/http/random1006/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/acceptance/access.log combined_plus; + error_log /var/log/nginx/random1006/acceptance/error.log; +} + +server { + server_name www.random7949.example.org; + rewrite ^ http://random7949.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 new file mode 100644 index 000000000..2609e2080 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 @@ -0,0 +1,39 @@ +upstream django_server_random1515.example.org { + server unix:/srv/http/random15255/acceptance/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random1515.example.org www.random1515.example.org; + + if ($host != 'random1515.example.org') { + rewrite ^/(.*)$ http://random1515.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1515.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 acceptance'; + auth_basic_user_file /srv/http/random15255/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/acceptance/access.log combined_plus; + error_log /var/log/nginx/random15255/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 new file mode 100644 index 000000000..617472e0d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 @@ -0,0 +1,39 @@ +upstream django_server_live.random8289.random17507.example.org { + server unix:/srv/http/random8289/live/website.sock; +} + +server { + listen 443; + server_name random23886.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random23886.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random23886.example.org.key; + + location /media/ { + alias /srv/http/random8289/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_live.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random8289/live/access.log combined_plus; + error_log /var/log/nginx/random8289/live/error.log; +} + +server { + listen 80; + server_name random23886.example.org; + return 301 https://random23886.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 new file mode 100644 index 000000000..41aaef04d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 @@ -0,0 +1,36 @@ +upstream django_server_random31523.example.org { + server unix:/srv/http/random16722.example.org/internal/website.sock; +} + +server { + listen 80; + server_name random31523.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31523.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random16722.example.org'; + auth_basic_user_file /srv/http/random16722.example.org/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random16722.example.org/internal/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/internal/error.log; +} + +server { + server_name www.random31523.example.org; + rewrite ^ http://random31523.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 new file mode 100644 index 000000000..6e3112ad8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 @@ -0,0 +1,34 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 80; + server_name random1413.example.org; + + location ^~ /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + +server { + server_name www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + rewrite ^ http://random1413.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 new file mode 100644 index 000000000..20d718409 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 @@ -0,0 +1,36 @@ +upstream django_server_random9619.example.org { + server unix:/srv/http/random28641/internal/website.sock; +} + +server { + listen 80; + server_name random9619.example.org; + + location ^~ /media/ { + alias /srv/http/random28641/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random28641/internal/website/static/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random9619.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random28641'; + auth_basic_user_file /srv/http/random28641/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/internal/access.log combined_plus; + error_log /var/log/nginx/random28641/internal/error.log; +} + +server { + server_name www.random9619.example.org; + rewrite ^ http://random9619.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 new file mode 100644 index 000000000..5650efb4c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 @@ -0,0 +1,33 @@ +upstream django_server_random31758.example.org { + server unix:/srv/http/random21623/internal/website.sock; +} + +server { + listen 80; + server_name random31758.example.org www.random31758.example.org; + + if ($host != 'random31758.example.org') { + rewrite ^/(.*)$ http://random31758.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random21623/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31758.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/internal/access.log combined_plus; + error_log /var/log/nginx/random21623/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 new file mode 100644 index 000000000..85576da76 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 @@ -0,0 +1,32 @@ +upstream django_server_random1688.example.org { + server unix:/srv/http/random6470/acceptance/website.sock; +} + +server { + listen 80; + server_name random5078.example.org random1688.example.org www.random1688.example.org; + + if ($host != 'random5078.example.org') { + rewrite ^/(.*)$ http://random5078.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random6470/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random6470/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1688.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random6470/acceptance/access.log combined_plus; + error_log /var/log/nginx/random6470/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 new file mode 100644 index 000000000..00d1d2b0b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 @@ -0,0 +1,33 @@ +upstream django_server_random22746.example.org { + server unix:/srv/http/random6344/internal/website.sock; +} + +server { + listen 80; + server_name random22746.example.org; + + if ($host != 'random22746.example.org') { + rewrite ^/(.*)$ http://random22746.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random6344/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22746.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/internal/access.log combined_plus; + error_log /var/log/nginx/random6344/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 new file mode 100644 index 000000000..5b91f0eaf --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 @@ -0,0 +1,74 @@ +upstream django_server_random15255_live { + server unix:/srv/http/random15255/live/website.sock fail_timeout=5; +} + +server { + listen 443; + server_name random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + location /media/ { + alias /srv/http/random15255/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + + location /static/ { + alias /srv/http/random15255/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_live; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random15255/live/access.log combined_plus; + error_log /var/log/nginx/random15255/live/error.log; +} + +server { + listen 80; + server_name random7381.example.org www.random7381.example.org; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 8445; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 1000; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 443; + server_name www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 new file mode 100644 index 000000000..4f78b645b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 @@ -0,0 +1,56 @@ +upstream django_server_random27579.example.org { + server unix:/srv/http/random21623/live/website.sock; +} + +server { + listen 443; + server_name random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + location /media/ { + alias /srv/http/random21623/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27579.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/live/access.log combined_plus; + error_log /var/log/nginx/random21623/live/error.log; +} + +server { + listen 443; + server_name www.random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + return 301 https://random27579.example.org$request_uri; +} + +server { + listen 80; + + server_name random27579.example.org www.random27579.example.org random11512.example.org; + server_name random18003.example.org www.random18003.example.org; + server_name random26730.example.org www.random26730.example.org; + server_name random3968.example.org www.random3968.example.org; + server_name random11925.example.org www.random11925.example.org; + + return 301 https://random27579.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 new file mode 100644 index 000000000..25933cebb --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 @@ -0,0 +1,33 @@ +upstream django_server_random31057.example.org { + server unix:/srv/http/random22194/acceptance/website.sock; +} + +server { + listen 80; + server_name random31057.example.org www.random31057.example.org; + + if ($host != 'random31057.example.org') { + rewrite ^/(.*)$ http://random31057.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random22194/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31057.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 120; + } + + access_log /var/log/nginx/random22194/acceptance/access.log combined_plus; + error_log /var/log/nginx/random22194/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 new file mode 100644 index 000000000..9db2c07f5 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 @@ -0,0 +1,32 @@ +upstream django_server_random16722.example.org { + server unix:/srv/http/random16722.example.org/live/website.sock; +} + +server { + listen 80; + server_name random16722.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16722.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random16722.example.org/live/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/live/error.log; +} + +server { + server_name www.random16722.example.org; + rewrite ^ http://random16722.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 new file mode 100644 index 000000000..7bd3f2778 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 @@ -0,0 +1,32 @@ +upstream django_server_random14388.example.org { + server unix:/srv/http/random4886/live/website.sock; +} + +server { + listen 80; + server_name random14388.example.org; + + location /media/ { + alias /srv/http/random4886/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random14388.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random4886/live/access.log; + error_log /var/log/nginx/random4886/live/error.log; +} + +server { + server_name www.random14388.example.org; + return 301 http://random14388.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 new file mode 100644 index 000000000..f7efda324 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 @@ -0,0 +1,7 @@ +server { + listen 80; + server_name random14996.example.org; + + root /srv/http/random23392/; + index index.html; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 new file mode 100644 index 000000000..1d2b7ec83 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 @@ -0,0 +1,62 @@ +upstream django_server_random6177.example.org { + server unix:/srv/http/random550/live/website.sock; +} + +server { + listen 443 ssl; + server_name random2179.example.org; + + ssl_certificate /etc/ssl/public/random2179.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random2179.example.org.key; + + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access.log combined_plus; + error_log /var/log/nginx/random550/live/error.log; +} + +server { + listen 80; + server_name random2179.example.org; + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + #location = / { + # return 301 https://random2179.example.org$request_uri; + #} + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access_http.log combined_plus; + error_log /var/log/nginx/random550/live/error_http.log; +} + +server { + server_name random6177.example.org www.random6177.example.org; + return 301 http://random2179.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 new file mode 100644 index 000000000..b23aeae19 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 @@ -0,0 +1,36 @@ +upstream django_server_random22047.example.org { + server unix:/srv/http/random26975/acceptance/website.sock; +} + +server { + listen 80; + server_name random22047.example.org; + + location /media/ { + alias /srv/http/random26975/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22047.example.org; + include /etc/nginx/django_proxy_params; + + satisfy any; + auth_basic 'acceptance for random26975'; + auth_basic_user_file /srv/http/random26975/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random26975/acceptance/access.log; + error_log /var/log/nginx/random26975/acceptance/error.log; +} + +server { + server_name www.random22047.example.org; + return 301 http://random22047.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 new file mode 100644 index 000000000..7628d27d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 @@ -0,0 +1,32 @@ +upstream django_server_random6193.example.org { + server unix:/srv/http/random4755/live/website.sock; +} + +server { + listen 80; + server_name random6193.example.org www.random6193.example.org; + + if ($host != 'random6193.example.org') { + rewrite ^/(.*)$ http://random6193.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6193.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/live/access.log combined_plus; + error_log /var/log/nginx/random4755/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 new file mode 100644 index 000000000..232935a51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 @@ -0,0 +1,26 @@ +server { + listen 80; + server_name www.random25446.example.org random25446.example.org; + + if ($host != 'random25446.example.org') { + rewrite ^/(.*)$ http://random25446.example.org/$1 permanent; + } + + location ^~ /media { + alias /srv/http/random17476/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static { + alias /srv/http/random17476/internal/static_collected/; + expires 7d; + } + + location / { + include fastcgi_params; + fastcgi_pass unix:/srv/http/random17476/internal/website.sock; + } + + access_log /var/log/nginx/random17476/internal/access.log combined_plus; + error_log /var/log/nginx/random17476/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 new file mode 100644 index 000000000..8e5893d61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 @@ -0,0 +1,32 @@ +upstream django_server_random4030.example.org { + server unix:/srv/http/random26975/live/website.sock; +} + +server { + listen 80; + server_name random4030.example.org; + + location /media/ { + alias /srv/http/random26975/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random4030.example.org; + include /etc/nginx/django_proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random26975/live/access.log; + error_log /var/log/nginx/random26975/live/error.log; +} + +server { + server_name www.random4030.example.org; + return 301 http://random4030.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 new file mode 100644 index 000000000..3ef549982 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 @@ -0,0 +1,32 @@ +upstream django_server_random5890.example.org { + server unix:/srv/http/random4755/internal/website.sock; +} + +server { + listen 80; + server_name random5890.example.org; + + if ($host != 'random5890.example.org') { + rewrite ^/(.*)$ http://random5890.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random5890.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/internal/access.log combined_plus; + error_log /var/log/nginx/random4755/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 new file mode 100644 index 000000000..f7cfb854c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 @@ -0,0 +1,21 @@ +server { + listen 80 default_server; + #listen [::]:80 default_server ipv6only=on; + root /var/www/default/; + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/access.log combined_plus; + error_log /var/log/nginx/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 new file mode 100644 index 000000000..9328e2943 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 @@ -0,0 +1,37 @@ +upstream django_server_random10783.example.org { + server unix:/srv/http/random4711/acceptance/website.sock; +} + +server { + listen 80; + server_name random10783.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10783.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + satisfy any; + auth_basic 'acceptance for random4711'; + auth_basic_user_file /srv/http/random4711/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4711/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4711/acceptance/error.log; +} + +server { + server_name www.random10783.example.org; + rewrite ^ http://random10783.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 new file mode 100644 index 000000000..fdef2900c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 @@ -0,0 +1,5 @@ +server { + location =/ { + return 404; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 new file mode 100644 index 000000000..5f579971a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 @@ -0,0 +1,32 @@ +upstream django_server_random17112.example.org { + server unix:/srv/http/random29467/live/website.sock; +} + +server { + listen 80; + server_name random17112.example.org www.random17112.example.org; + + if ($host != 'random17112.example.org') { + rewrite ^/(.*)$ http://random17112.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29467/live/access.log combined_plus; + error_log /var/log/nginx/random29467/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 new file mode 100644 index 000000000..8e455eb9b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 @@ -0,0 +1,36 @@ +upstream django_server_random1296.example.org { + server unix:/srv/http/random2912/acceptance/website.sock; +} + +server { + listen 80; + server_name random1296.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1296.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random2912'; + auth_basic_user_file /srv/http/random2912/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random2912/acceptance/access.log combined_plus; + error_log /var/log/nginx/random2912/acceptance/error.log; +} + +server { + server_name www.random1296.example.org; + rewrite ^ http://random1296.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 new file mode 100644 index 000000000..3d0ac97ae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 @@ -0,0 +1,36 @@ +upstream django_server_random11685.example.org { + server unix:/srv/http/random4886/internal/website.sock; +} + +server { + listen 80; + server_name random11685.example.org; + + location /media/ { + alias /srv/http/random4886/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11685.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random4886'; + auth_basic_user_file /srv/http/random4886/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4886/internal/access.log; + error_log /var/log/nginx/random4886/internal/error.log; +} + +server { + server_name www.random11685.example.org; + return 301 http://random11685.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 new file mode 100644 index 000000000..69bcb26c0 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 @@ -0,0 +1,32 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random24645/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24645/live/access.log; + error_log /var/log/nginx/random24645/live/error.log; +} + +server { + server_name www.random16112.example.org; + rewrite ^ http://random16112.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 new file mode 100644 index 000000000..be6481eae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 @@ -0,0 +1,33 @@ +upstream django_server_random29198.example.org { + server unix:/srv/http/random28641/acceptance/website.sock; +} + +server { + listen 80; + server_name random29198.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/acceptance/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random29198.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28641'; + auth_basic_user_file /srv/http/random28641/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28641/acceptance/error.log; +} + +server { + server_name www.random29198.example.org; + rewrite ^ http://random29198.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 new file mode 100644 index 000000000..683aa3226 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 @@ -0,0 +1,67 @@ +server { + listen 80; + #listen [::]:80 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} + +server { + listen 443 default_server; + #listen [::]:443 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # We created (will create) this SSL certificate ourselves, using our own CA. This way, we can control strictly which CA the XXX trusts. + # See ytec #6244 + # However, we're working on a fix for high SSL overhead. We're hoping to be able to keep the connections open between log POSTs, like SSL can. + ssl on; + ssl_certificate /etc/ssl/public/random12800.example.org.crt; + ssl_certificate_key /etc/ssl/private/random12800.example.org.key; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 new file mode 100644 index 000000000..479edac5d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 @@ -0,0 +1,37 @@ +upstream django_server_random12785.example.org { + server unix:/srv/http/random14353/live/website.sock; +} + +server { + listen 80; + server_name random12785.example.org; + + location /media/ { + alias /srv/http/random14353/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random12785.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/live/access.log; + error_log /var/log/nginx/random14353/live/error.log; +} + +server { + server_name www.random12785.example.org; + return 301 http://random12785.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 new file mode 100644 index 000000000..84e44dd7c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 @@ -0,0 +1,31 @@ +upstream django_server_random7150.example.org { + server unix:/srv/http/random550/acceptance/website.sock; +} + +server { + listen 80; + server_name random7150.example.org; + + location /media/ { + alias /srv/http/random550/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7150.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/acceptance/access.log combined_plus; + error_log /var/log/nginx/random550/acceptance/error.log; +} + +server { + server_name www.random7150.example.org; + return 301 http://random7150.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 new file mode 100644 index 000000000..648693cbc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 @@ -0,0 +1,33 @@ +upstream django_server_random31131.example.org { + server unix:/srv/http/random24334/internal/website.sock; +} + +server { + listen 80; + server_name random31131.example.org; + + location /media/ { + alias /srv/http/random24334/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31131.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random24334/internal/access.log combined_plus; + error_log /var/log/nginx/random24334/internal/error.log; +} + +server { + server_name www.random31131.example.org; + return 301 http://random31131.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 new file mode 100644 index 000000000..8c7738c03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 @@ -0,0 +1,4 @@ +server { + server_name www.random5115; + return 301 http://www.random10305.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 new file mode 100644 index 000000000..16f4e5e9e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 @@ -0,0 +1,25 @@ +server { + listen 80; + root /home/admin/random19651_log/; + server_name random16339.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random4235/access.log combined_plus; + error_log /var/log/nginx/random4235/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 new file mode 100644 index 000000000..e9c986ff1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 @@ -0,0 +1,32 @@ +upstream django_server_random21989.example.org { + server unix:/srv/http/random28136/acceptance/website.sock; +} + +server { + listen 80; + server_name random21989.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/acceptance/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random21989.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28136'; + auth_basic_user_file /srv/http/random28136/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28136/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28136/acceptance/error.log; +} + +server { + server_name www.random21989.example.org; + rewrite ^ http://random21989.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 new file mode 100644 index 000000000..66929620f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 @@ -0,0 +1,46 @@ +upstream django_server_random1769.example.org { + server unix:/srv/http/random7047/acceptance/website.sock; +} + +server { + listen 80; + server_name random1769.example.org; + + if ($host != 'random1769.example.org') { + rewrite ^/(.*)$ http://random1769.example.org/$1 permanent; + } + + rewrite ^/(.*) https://$host:8444/$1; +} + +server { + listen 8444; + server_name random1769.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location ^~ /media/ { + alias /srv/http/random7047/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7047/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1769.example.org; + include /etc/nginx/proxy_params; + + #satisfy any; + #auth_basic 'acceptance for random7047'; + #auth_basic_user_file /srv/http/random7047/acceptance/htpasswords; + #include /etc/nginx/allow_ytec_ips_params; + #deny all; + } + + access_log /var/log/nginx/random7047/acceptance/access.log combined_plus; + error_log /var/log/nginx/random7047/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 new file mode 100644 index 000000000..7a415c293 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 @@ -0,0 +1,32 @@ +server { + listen 80; + server_name random9761.example.org; + + + location ~ /static/(.*)$ { + alias /srv/http/random14537/static_collected/$1; + expires 7d; + } + + location ~ /media/(.*)$ { + alias /srv/http/random14537/dynamic/public/$1; + expires 7d; + include upload_folder_security_params; + } + + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + proxy_connect_timeout 120; + proxy_read_timeout 120; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random14537/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 new file mode 100644 index 000000000..0fdca78d7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 @@ -0,0 +1,44 @@ +server { + listen 80; + server_name random3674.example.org www.random3674.example.org; + + root /srv/http/random3674.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random3674.example.org/access.log combined_plus; + error_log /var/log/nginx/random3674.example.org/error.log; +} + +server { + listen 80; + server_name random27569.example.org www.random27569.example.org; + + root /srv/http/random27569.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random27569.example.org/access.log combined_plus; + error_log /var/log/nginx/random27569.example.org/error.log; +} + +server { + listen 80; + server_name random11055.example.org www.random11055.example.org; + + root /srv/http/random11055.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random11055.example.org/access.log combined_plus; + error_log /var/log/nginx/random11055.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 new file mode 100644 index 000000000..1180f2eb1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 @@ -0,0 +1,46 @@ +upstream django_server_random7267.example.org { + server unix:/srv/http/random24334/live/website.sock; +} + +server { + listen 80; + listen 443 ssl; + + server_name random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + location /media/ { + alias /srv/http/random24334/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7267.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random24334/live/access.log combined_plus; + error_log /var/log/nginx/random24334/live/error.log; +} + +server { + listen 80; + listen 443 ssl; + + server_name www.random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + return 301 http://random7267.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 new file mode 100644 index 000000000..1a1deb96b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 @@ -0,0 +1,31 @@ +upstream django_server_random2104.example.org { + server unix:/srv/http/random28136/live/website.sock; +} + +server { + listen 80; + server_name www.random2104.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/live/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random2104.example.org; + include /etc/nginx/proxy_params; + proxy_connect_timeout 240; + proxy_read_timeout 240; + + # You can configure access rules here + } + + access_log /var/log/nginx/random28136/live/access.log combined_plus; + error_log /var/log/nginx/random28136/live/error.log; +} + +server { + server_name random2104.example.org; + rewrite ^ http://www.random2104.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 new file mode 100644 index 000000000..add683007 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 @@ -0,0 +1,33 @@ +upstream django_server_random24919.example.org { + server unix:/srv/http/random7831/live/website.sock; +} + +server { + listen 80; + server_name random24919.example.org; + + location ^~ /media/ { + alias /srv/http/random7831/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7831/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random24919.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random7831/live/access.log combined_plus; + error_log /var/log/nginx/random7831/live/error.log; +} + +server { + server_name www.random24919.example.org; + rewrite ^ http://random24919.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 new file mode 100644 index 000000000..ef347862f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 @@ -0,0 +1,12 @@ +# vhost created by moving from marauder, but there it was an apache vhost. + +server { + listen 80; + server_name random3080.example.org www.random3080.example.org random26833.example.org www.random26833.example.org; + + root /srv/http/random10391.example.org/; + + if ($request_uri != '/googleYYYYYYYYYYYYYYYY.html') { + rewrite ^ http://random10305.example.org/ permanent; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 new file mode 100644 index 000000000..bcfc662b2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 @@ -0,0 +1,38 @@ +upstream django_server_random1107.example.org { + server unix:/srv/http/random4755/acceptance/website.sock; +} + +server { + listen 80; + server_name random1107.example.org www.random1107.example.org; + + if ($host != 'random1107.example.org') { + rewrite ^/(.*)$ http://random1107.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1107.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random4755 acceptance"; + auth_basic_user_file htpasswords/random4755_acceptance; + + } + + access_log /var/log/nginx/random4755/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4755/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 new file mode 100644 index 000000000..fe41f9872 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 @@ -0,0 +1,36 @@ +upstream django_server_random8404.example.org { + server unix:/srv/http/random1006/internal/website.sock; +} + +server { + listen 80; + server_name random8404.example.org; + + location ^~ /media/ { + alias /srv/http/random1006/internal/website/static/; + expires 7d; + } + #location ^~ /static/ { + # alias /srv/http/random1006/internal/website/static/; + # expires 7d; + #} + + location / { + proxy_pass http://django_server_random8404.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random1006'; + auth_basic_user_file /srv/http/random1006/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/internal/access.log combined_plus; + error_log /var/log/nginx/random1006/internal/error.log; +} + +server { + server_name www.random8404.example.org; + rewrite ^ http://random8404.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 new file mode 100644 index 000000000..d5c157e88 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 @@ -0,0 +1,39 @@ +upstream django_server_random15255_intern { + server unix:/srv/http/random15255/intern/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random11459.example.org www.random11459.example.org; + + if ($host != 'random11459.example.org') { + rewrite ^/(.*)$ http://random11459.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_intern; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 internal'; + auth_basic_user_file /srv/http/random15255/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/internal/access.log combined_plus; + error_log /var/log/nginx/random15255/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 new file mode 100644 index 000000000..4a49ea47e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 @@ -0,0 +1,32 @@ +upstream django_server_random20084.example.org { + server unix:/srv/http/random1540/live/website.sock; +} + +server { + listen 80; + server_name random3969.example.org www.random20084.example.org random20084.example.org; + + if ($host != 'www.random20084.example.org') { + rewrite ^/(.*)$ http://www.random20084.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random1540/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random1540/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20084.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random1540/live/access.log combined_plus; + error_log /var/log/nginx/random1540/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 new file mode 100644 index 000000000..9e0d39d47 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 @@ -0,0 +1,36 @@ +upstream django_server_random29577.example.org { + server unix:/srv/http/random24645/internal/website.sock; +} + +server { + listen 80; + server_name random29577.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29577.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24645'; + auth_basic_user_file /srv/http/random24645/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24645/internal/access.log; + error_log /var/log/nginx/random24645/internal/error.log; +} + +server { + server_name www.random29577.example.org; + rewrite ^ http://random29577.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 new file mode 100644 index 000000000..c3b979b4e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 @@ -0,0 +1,46 @@ +upstream django_server_random25771.example.org { + server unix:/srv/http/random4711/live/website.sock; +} + +server { + listen 80; + server_name random25771.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25771.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + # You can configure access rules here + } + + client_max_body_size 25m; + + access_log /var/log/nginx/random4711/live/access.log combined_plus; + error_log /var/log/nginx/random4711/live/error.log; +} + +server { + server_name www.random25771.example.org; + server_name *.random17707.example.org; + server_name *.random22274.example.org; + server_name *.random26333.example.org; + server_name *.random10742.example.org; + server_name *.random8297.example.org; + server_name *.random18250.example.org; + server_name *.random30184.example.org; + server_name *.random27005.example.org; + server_name *.random12286.example.org; + server_name *.random28076.example.org; + server_name *.random26194.example.org; + rewrite ^ http://random25771.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 new file mode 100644 index 000000000..91e31bbfd --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 @@ -0,0 +1,40 @@ +upstream django_server_random27891.example.org { + server unix:/srv/http/random6344/live/website.sock; +} + +server { + listen 443; + server_name random27891.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27891.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27891.example.org.key; + + location /media/ { + alias /srv/http/random6344/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27891.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/live/access.log combined_plus; + error_log /var/log/nginx/random6344/live/error.log; +} + +server { + listen 80; + server_name random27891.example.org; + + return 301 https://random27891.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 new file mode 100644 index 000000000..3fe9c4011 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 @@ -0,0 +1,32 @@ +upstream django_server_random27507.example.org { + server unix:/srv/http/random24211/live/website.sock; +} + +server { + listen 80; + server_name random27507.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24211/live/access.log combined_plus; + error_log /var/log/nginx/random24211/live/error.log; +} + +server { + server_name www.random27507.example.org; + rewrite ^ http://random27507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 new file mode 100644 index 000000000..90dad9601 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 @@ -0,0 +1,111 @@ +upstream django_server_random20374.nl { + server unix:/srv/http/random20374/live/website.sock; +} + +server { + listen 80; + + # Main domain + server_name random9123.example.org; + + # So called mini-sites, resulting in landing pages for Google. + server_name random16942.example.org; + server_name random23560.example.org; + server_name random17636.example.org; + server_name random13969.example.org; + server_name random4892.example.org; + server_name random24240.example.org; + server_name random25863.example.org; + server_name random26503.example.org; + server_name random5090.example.org; + server_name random1856.example.org; + server_name random2911.example.org; + server_name random16405.example.org; + + location /media/ { + alias /srv/http/random20374/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random20374/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20374.nl; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random20374/live/access.log combined_plus; + error_log /var/log/nginx/random20374/live/error.log; +} + +server { + server_name www.random9123.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random1825.example.org random1825.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random16942.example.org; + return 301 $scheme://random16942.example.org; +} + +server { + server_name www.random23560.example.org; + return 301 $scheme://random23560.example.org; +} + +server { + server_name www.random17636.example.org; + return 301 $scheme://random17636.example.org; +} + +server { + server_name www.random13969.example.org; + return 301 $scheme://random13969.example.org; +} + +server { + server_name www.random4892.example.org; + return 301 $scheme://random4892.example.org; +} + +server { + server_name www.random24240.example.org; + return 301 $scheme://random24240.example.org; +} + +server { + server_name www.random25863.example.org; + return 301 $scheme://random25863.example.org; +} + +server { + server_name www.random26503.example.org; + return 301 $scheme://random26503.example.org; +} + +server { + server_name www.random5090.example.org; + return 301 $scheme://random5090.example.org; +} + +server { + server_name www.random1856.example.org; + return 301 $scheme://random1856.example.org; +} + +server { + server_name www.random2911.example.org; + return 301 $scheme://random2911.example.org; +} + +server { + server_name www.random16405.example.org; + return 301 $scheme://random16405.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost new file mode 100644 index 000000000..71344abea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost @@ -0,0 +1,44 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location / { + try_files $uri $uri/ /index.php?path_info=$uri&$args; + access_log off; + expires max; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf new file mode 100644 index 000000000..056987136 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf @@ -0,0 +1,9 @@ +#-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### fastcgi configuration. +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +include fastcgi_params; +fastcgi_buffers 256 4k; +fastcgi_intercept_errors on; +## allow 4 hrs - pass timeout responsibility to upstrea +fastcgi_read_timeout 14400; +fastcgi_index index.php; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params new file mode 100644 index 000000000..4a7f26920 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params @@ -0,0 +1,32 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### fastcgi parameters. +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + +## PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; +## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or +## later. The if_not_empty flag was introduced in 1.1.11. See: +## http://nginx.org/en/CHANGES. If using a version that doesn't +## support this comment out the line below. +fastcgi_param HTTPS $https if_not_empty; +## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above. +#fastcgi_param HTTPS $https diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf new file mode 100644 index 000000000..e7974ff6a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; #   + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win new file mode 100644 index 000000000..72afabe89 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; #   + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf new file mode 100644 index 000000000..a8d62223a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf @@ -0,0 +1,7 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### Implement the $https_if_not_empty variable for Nginx versions below 1.1.11. + +map $scheme $https { + default ''; + https on; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types new file mode 100644 index 000000000..618b8f8e7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types @@ -0,0 +1,77 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-current-dictionary: american -*- +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/atom+xml atom; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.wap.xhtml+xml xhtml; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + + # Mime types for web fonts. Stolen from here: + # http://seconddrawer.com.au/blog/ in part. + application/x-font-ttf ttf; + font/opentype otf; + application/vnd.ms-fontobject eot; + application/x-woff woff; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf new file mode 100644 index 000000000..22ad4c317 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf @@ -0,0 +1,119 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +user www-data; +worker_processes 4; + +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; + ## epoll is preferred on 2.6 Linux + ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll + use epoll; + ## Accept as many connections as possible. + multi_accept on; +} + +http { + ## MIME types. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## FastCGI. + include /etc/nginx/fastcgi.conf; + + ## Default log and error files. + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## Use sendfile() syscall to speed up I/O operations and speed up + ## static file serving. + sendfile on; + ## Handling of IPs in proxied and load balancing situations. + set_real_ip_from 0.0.0.0/32; # all addresses get a real IP. + real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy + + ## Define a zone for limiting the number of simultaneous + ## connections nginx accepts. 1m means 32000 simultaneous + ## sessions. We need to define for each server the limit_conn + ## value refering to this or other zones. + ## ** This syntax requires nginx version >= + ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older + ## ** version then use the limit_zone directive below + ## ** instead. Comment out this + ## ** one if not using nginx version >= 1.1.8. + limit_conn_zone $binary_remote_addr zone=arbeit:10m; + + ## Timeouts. + client_body_timeout 60; + client_header_timeout 60; + keepalive_timeout 10 10; + send_timeout 60; + + ## Reset lingering timed out connections. Deflect DDoS. + reset_timedout_connection on; + + ## Body size. + client_max_body_size 10m; + + ## TCP options. + tcp_nodelay on; + tcp_nopush on; + + ## Compression. + gzip on; + gzip_buffers 16 8k; + gzip_comp_level 1; + gzip_http_version 1.1; + gzip_min_length 10; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf; + gzip_vary on; + gzip_proxied any; # Compression for all requests. + ## No need for regexps. See + ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable + gzip_disable "msie6"; + + ## Serve already compressed files directly, bypassing on-the-fly + ## compression. + gzip_static on; + + ## Hide the Nginx version number. + server_tokens off; + + ## Use a SSL/TLS cache for SSL session resume. This needs to be + ## here (in this context, for session resumption to work. See this + ## thread on the Nginx mailing list: + ## http://nginx.org/pipermail/nginx/2010-November/023736.html. + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + ## For the filefield_nginx_progress module to work. From the + ## README. Reserve 1MB under the name 'uploads' to track uploads. + upload_progress uploads 1m; + + ## Enable clickjacking protection in modern browsers. Available in + ## IE8 also. See + ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header + add_header X-Frame-Options sameorigin; + + ## Include the upstream servers for PHP FastCGI handling config. + include upstream_phpcgi.conf; + + ## If using Nginx version >= 1.1.11 then there's a $https variable + ## that has the value 'on' if the used scheme is https and '' if not. + ## See: http://trac.nginx.org/nginx/changeset/4380/nginx + ## http://trac.nginx.org/nginx/changeset/4333/nginx and + ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a + ## previous version then uncomment out the line below. + #include map_https_fcgi.conf; + + ## Include the upstream servers for Apache handling the PHP + ## processes. In this case Nginx functions as a reverse proxy. + #include reverse_proxy.conf; + #include upstream_phpapache.conf; + + ## Include all vhosts. + include /etc/nginx/sites-enabled/*; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf new file mode 100644 index 000000000..ee0faadd7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf @@ -0,0 +1,10 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- + +### Configuration for reverse proxy. Passing the necessary headers to +### the backend. Nginx doesn't tunnel the connection, it opens a new +### one. Hence whe need to send these headers to the backend so that +### the client(s) IP is available to them. The host is also sent. + +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header Host $http_host; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default new file mode 100644 index 000000000..9dbaa44ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default @@ -0,0 +1,19 @@ +# -*-mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Block all illegal host headers. Taken from a discussion on nginx +### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following +### a suggestion by Maxim Dounin. Also suggested in +### http://nginx.org/en/docs/http/request_processing.html. +server { + listen [::]:80 default_server; + # Uncomment the line below and comment the above if you're + # running a Nginx version less than 0.8.20. + # listen [::]:80 default; + + # Accept redirects based on the value of the Host header. If + # there's no valid vhost configuration file with a + # corresponding server_name directive then signal an error and + # fail silently. See: + # http://wiki.nginx.org/NginxHttpCoreModule#server_name_in_redirect + server_name_in_redirect off; + return 444; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf new file mode 100644 index 000000000..e77024456 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf @@ -0,0 +1,102 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Nginx configuration for Chive. + +server { + ## This is to avoid the spurious if for sub-domain name + ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name. + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + server_name www.chive.example.com; + + return 301 $scheme://chive.example.com$request_uri; + +} # server domain rewrite. + +server { + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + limit_conn arbeit 32; + server_name chive.example.com; + + ## Parameterization using hostname of access and log filenames. + access_log /var/log/nginx/chive.example.com_access.log; + error_log /var/log/nginx/chive.example.com_error.log; + + root /var/www/sites/chive.example.com; + index index.php index.html; + + ## Support for favicon. Return a 204 (No Content) if the favicon + ## doesn't exist. + location = /favicon.ico { + try_files /favicon.ico =204; + } + + ## The main location is accessed using Basic Auth. + location / { + ## Access is restricted. + auth_basic "Restricted Access"; # auth realm + auth_basic_user_file .htpasswd-users; # htpasswd file + + ## Use PATH_INFO for translating the requests to the + ## FastCGI. This config follows Igor's suggestion here: + ## http://forum.nginx.org/read.php?2,124378,124582. + ## This is preferable to using: + ## fastcgi_split_path_info ^(.+\.php)(.*)$ + ## It saves one regex in the location. Hence it's faster. + location ~ ^(?