* flip challenge preference in Nginx
* Fix Nginx tests
* Flip challenge preference in Apache
* Flip challenge preference in standalone
* update changelog
* continue to run with tls-sni in integration tests for coverage
* feat(nginx): add and test new parsing abstractions
* chore(nginx parser): fix mypy and address small comments
* chore(nginx parser): clean up by removing context object
* fix integration test and lint
Stop caching the results of ipv6_info in http01.py. A call to choose_vhosts might change the ipv6 results of later calls. Add tests for this and default_listen_addresses more broadly.
Previously, Nginx did not allow `${` to start a variable name. Now it's allowed to. This means we'll be more permissible than Nginx when people are on older versions of Nginx, but it's unlikely anyone was relying on this to fail in the first place, so that's probably ok.
This makes errors more useful when Nginx can't be found or when Nginx's
configuration can't be found. Previously, a generic
`NoInstallationError` isn't descriptive enough to explain _what_ wasn't
installed or what failed without going digging into the source code.
* Exclude one-time use parameters. Fixes#6118
* Fix error.
* Delete items inplace, rather than creating new list.
* Fix stupid mistake.
* Use .index() for stability.
* Try previous idea while resetting the index.
* Shorter comment for pylint.
* More readable approach
* Fix whitespace
* Use greater than or equal to in requirements.
This changes the existing requirements using strictly greater than to greater
than or equal to so that they're more conventional.
* Use >= for certbot-postfix.
Despite it previously saying 'certbot>0.23.0', certbot-postfix/local-oldest-requirements.txt was pinned to 0.23.0 so let's just use certbot>=0.23.0.
See https://github.com/certbot/website/pull/348#issuecomment-399257703.
```
$ certbot --help all | grep -C 3 nginx-server-root
nginx:
Nginx Web Server plugin - Alpha
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
```
```
$ CERTBOT_DOCS=1 certbot --help all | grep -C 3 nginx-server-root
nginx:
Nginx Web Server plugin - Alpha
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx or
/usr/local/etc/nginx)
--nginx-ctl NGINX_CTL
```
* Show both possible Nginx default server root values in docs
* add test
* check that exactly one server root is in the default
* use default magic
* automatically select among default vhosts if we have a port preference
* ports should be strings in the nginx plugin
* clarify port vs preferred_port behavior by adding allow_port_mismatch flag
* update all instances of default_vhosts to all_default_vhosts
* require port
* port should never be None in _get_default_vhost
* Remove unneeded sys import.
Once upon a time we needed this in some of these setup.py files because we were
using sys in the file, but we aren't anymore so let's remove the import.
* use setuptools instead of distutils
* Remove unsupported pylint disable options
* star-args removed in Pylint 1.4.3
* abstract-class-little-used removed in Pylint 1.4.3
* Fixes new lint errors
* Copy dummy-variable-rgx expression to new ignored-argument-names expression to ignore unused funtion arguments
* Notable changes
* Refactor to satisfy Pylint no-else-return warning
* Fix Pylint inconsistent-return-statements warning
* Refactor to satisfy consider-iterating-dictionary
* Remove methods with only super call to satisfy useless-super-delegation
* Refactor too-many-nested-statements where possible
* Suppress type checked errors where member is dynamically added (notably derived from josepy.JSONObjectWithFields)
* Remove None default of func parameter for ExitHandler and ErrorHandler
Resolves#5973
* Adds type checking for certbot-nginx
* First pass at type annotation in certbot-nginx
* Ensure linting is disabled for timing imports
* Makes container types specific per PR comments
* Removes unnecessary lint option
* Add a rewrite directive for the .well-known location so we don't hit existing rewrites
* add comment
* Add (nonexistent) document root so we don't use the default value
* Add integration tests for nginx plugin
* add a sleep 5 to test on travis
* put sleep 5 in the right spot
* test return status of grep respecting -e and note that we're actually not posix compliant
* redelete newline
* rename delete_default to remove_singleton_listen_params
* update docstring
* add documentation to obj.py
* add test for remove duplicate ipv6only
* Remove ipv6only=on from duplicated vhosts
* add test to make sure ipv6only=on is not erroneously removed
* test default detection
* Allow 'default' along with 'default_server' in Nginx
* Test that default gets written out as default_server in canonical string
* remove superfulous parens
* Refactor _add_directive to separate functions
* UnspacedList isn't idempotent
* refactor parser in add_server_directives and update_or_add_server_directives
* update parser tests
* remove replace=False and add to update_or_add for replace=True in configurator
* remove replace=False and add to update_or_add for replace=True in http01
* update documentation
* fixes#4919 openresty_support
* making the regex more general
* reformatting warning to pass lint
* Fix string formatting in logging function
* Fix LE_AUTO_VERSION
* feat(nginx plugin): add HSTS enhancement
* chore(nginx): factor out block-splitting code from redirect & hsts enhancements!
* chore(nginx): merge fixes
* address comments
* fix linter: remove a space
* fix(config): remove SSL directives in HTTP block after block split, and remove_directive removes 'Managed by certbot' comment
* chore(nginx-hsts): Move added SSL directives to a constant on Configurator class
* fix(nginx-hsts): rebase on wildcard cert changes
Fixes#5490.
There's a lot of possibilities discussed in #5490, but I'll try and explain what I actually did here as succinctly as I can. Unfortunately, there's a fair bit to explain. My goal was to break lockstep and give us tests to ensure the minimum specified versions are correct without taking the time now to refactor our whole test setup.
To handle specifying each package's minimum acme/certbot version, I added a requirements file to each package. This won't actually be included in the shipped package (because it's not in the MANIFEST).
After creating these files and modifying tools/pip_install.sh to use them, I created a separate tox env for most packages (I kept the DNS plugins together for convenience). The reason this is necessary is because we currently use a single environment for each plugin, but if we used this approach for these tests we'd hit issues due to different installed plugins requiring different versions of acme/certbot. There's a lot more discussion about this in #5490 if you're interested in this piece. I unfortunately wasted a lot of time trying to remove the boilerplate this approach causes in tox.ini, but to do this I think we need negations described at complex factor conditions which hasn't made it into a tox release yet.
The biggest missing piece here is how to make sure the oldest versions that are currently pinned to master get updated. Currently, they'll stay pinned that way without manual intervention and won't be properly testing the oldest version. I think we should solve this during the larger test/repo refactoring after the release because the tests are using the correct values now and I don't see a simple way around the problem.
Once this lands, I'm planning on updating the test-everything tests to do integration tests with the "oldest" versions here.
* break lockstep between packages
* Use per package requirements files
* add local oldest requirements files
* update tox.ini
* work with dev0 versions
* Install requirements in separate step.
* don't error when we don't have requirements
* install latest packages in editable mode
* Update .travis.yml
* Add reminder comments
* move dev to requirements
* request acme[dev]
* Update pip_install documentation
* support wildcards for deploy_cert
* support wildcards for enhance
* redirect enhance and some tests
* update tests
* add display_ops and display_repr
* update display_ops_test and errors found
* say server block
* match redirects properly
* functional code
* start adding tests and lint errors
* add configurator tests
* lint
* change message to be generic to installation and enhancement
* remove _wildcard_domain
* take selecting vhosts out of loop
* remove extra newline
* filter wildcard vhosts by port
* lint
* don't filter by domain
* [^.]+
* lint
* make vhost hashable
* one more tuple
* Drop support for EOL Python 2.6
* Use more helpful assertIn/NotIn instead of assertTrue/False
* Drop support for EOL Python 3.3
* Remove redundant Python 3.3 code
* Restore code for RHEL 6 and virtualenv for Py2.7
* Revert pipstrap.py to upstream
* Merge py26_packages and non_py26_packages into all_packages
* Revert changes to *-auto in root
* Update by calling letsencrypt-auto-source/build.py
* Revert permissions for pipstrap.py
* wrap redirect in if host matches
* return 404 if we've created a new block
* change domain matching to exact match
* insert new redirect directive at the top
* add a redirect block to the top if it doesn't already exist, even if there's an existing redirect
* fix obj tests
* remove active parameter
* update tests
* add back spaces
* move imports
* remove unused code
* only when using http01, only match default_server by port
* import errors
* put back in the code that creates a dummy block, but only when we can't find anything else
* get http01 challenge working
* support multiple challenge types in configurator.py
* update existing nginx tests
* lint
* refactor NginxHttp01 and NginxTlsSni01 to both now inherit from NginxChallengePerformer
* remove TODO
* challenges_test tests with both tlssni01 and http01
* Make challenges.py more abstract to make lint happier
* add pylint disables to the tests to make pylint happier about the inheritance and abstraction situation
* no need to cover raise NotImplementedError() lines
* python3 compatibility
* test that http01 perform is called
* only remove ssl from addresses during http01
* Initialize addrs_to_add
* Change Nginx http01 to modify server block so the site doesn't stop serving while getting a cert
* pass existing unit tests
* rename sni --> http01 in unit tests
* lint
* fix configurator test
* select an http block instead of https
* properly test for port number
* use domains that have matching addresses
* remove debugger
* remove access_log and error_log cruft that wasn't being executed
* continue to return None from choose_redirect_vhost when create_if_no_match is False
* add nginx integration test
* create_new_vhost_from_default --> duplicate_vhost
* add source_path property
* set source path for duplicated vhost
* change around logic of where making ssl happens
* don't add listen 80 to newly created ssl block
* cache vhosts list
* remove source path
* add redirect block if we created a new server block
* Remove listen directives when making server block ssl
* Reset vhost cache on parser load
* flip connected pointer direction for finding newly made server block to match previous redirect search constraints
* also test for new redirect block styles
* fix contains_list and test redirect blocks
* update lint, parser, and obj tests
* reset new vhost (fixing previous bug) and move removing default from addrs under if statement
* reuse and update newly created ssl server block when appropriate, and update unit tests
* append newly created server blocks to file instead of inserting directly after, so we don't have to update other vhosts' paths
* add coverage for NO_IF_REDIRECT_COMMENT_BLOCK
* add coverage for parser load calls
* replace some double quotes with single quotes
* replace backslash continuations with parentheses
* update docstrings
* switch to only creating a new block on redirect enhancement, including removing the get_vhosts cache
* update configurator tests
* update obj test
* switch delete_default default for duplicate_vhost
The reason for this PR is many bug fixes in the nginx plugin for changes we haven't released yet are included in #5220 which may not make our next release. If it doesn't, we will (mostly) revert the nginx plugin back to its previous state to avoid releasing these bugs and will revert this PR after the release.
* Revert "Nginx IPv6 support (#5178)"
This reverts commit 68e37b03c8.
* Revert "Fix bug that stopped nginx from finding new server block for redirect (#5198)"
This reverts commit e2ab940ac0.
* Revert "Nginx creates a vhost block if no matching block is found (#5153)"
This reverts commit 95a7d45856.
* Use pipstrap to install a good version of pip
* Use pytest in cb-auto tests
* Remove nose usage in auto_test.py
* remove nose dev dep
* use pytest in test_tests
* Use pytest in tox
* Update dev dependency pinnings
* remove nose multiprocess lines
* Use pytest for coverage
* Use older py and pytest for old python versions
* Add test for Error.__str__
* pin pytest in oldest test
* Fix tests for DNS-DO plugin on py26
* Work around bug for Python 3.3
* Clarify dockerfile comments
* Nginx IPv6 support
* Test and lint fixes
* IPv6 tests to Nginx plugin
* Make ipv6_info() port aware
* Named tuple values for readability
* Lint fix
* Requested changes
* Allow authentication if there's no appropriate vhost
* Update test
* add flag to suppress raising error if no match is found
* Allow installation if there's no appropriate vhost
* remove traceback
* make new vhost ssl
* Fix existing bugs in nginxparser.py and obj.py
* Switch isinstance(x, str) to isinstance(x, six.string_types) in the Nginx plugin
* remove unused import
* remove unneeded custom copy from Addr
* Add docstring for create_new_vhost_from_default
* add test for create_new_vhost_from_default
* add configurator tests and leave finding the first server block for another PR
* don't assume order from a set
* address multiple default_server problem
* don't add vhosts twice
* update unit tests
* update docstring
* Add logger.info message for using default address in tlssni01 auth
* Rename plugins.common.install_ssl_options_conf to plugins.common.install_version_controlled_file
* Install ssl_dhparams file
* Add installation test
* Add ssl_dhparam option when making a server block ssl
* add install_ssl_dhparams to Installer common plugin class
* Remove redundant code and tests
* update MANIFEST.in
* Add installer class
* Add wrapped reverter methods to common.Installer.
* Use Installer class in Apache plugin
* Use Installer class in Nginx plugin
* Don't create reverter in Apache and Nginx plugins
