Add integration tests for nginx plugin (#5441)

* Add a rewrite directive for the .well-known location so we don't hit existing rewrites * add comment * Add (nonexistent) document root so we don't use the default value * Add integration tests for nginx plugin * add a sleep 5 to test on travis * put sleep 5 in the right spot * test return status of grep respecting -e and note that we're actually not posix compliant * redelete newline
2026-01-26 07:41:33 +03:00 · 2018-03-27 17:33:48 -07:00
parent 669312d248
commit a779e06d47
2 changed files with 61 additions and 8 deletions
--- a/certbot-nginx/tests/boulder-integration.conf.sh
+++ b/certbot-nginx/tests/boulder-integration.conf.sh
@@ -49,9 +49,9 @@ http {

  server {
    # IPv4.
-    listen 5002;
+    listen 5002 $default_server;
    # IPv6.
-    listen [::]:5002 default ipv6only=on;
+    listen [::]:5002 $default_server;
    server_name nginx.wtf nginx2.wtf;

    root $root/webroot;
@@ -62,5 +62,36 @@ http {
      try_files \$uri \$uri/ /index.html;
    }
  }
+
+  server {
+    listen 5002;
+    listen [::]:5002;
+    server_name nginx3.wtf;
+
+    root $root/webroot;
+
+    location /.well-known/ {
+      return 404;
+    }
+
+    return 301 https://\$host\$request_uri;
+  }
+
+  server {
+    listen 8082;
+    listen [::]:8082;
+    server_name nginx4.wtf nginx5.wtf;
+  }
+
+  server {
+    listen 5002;
+    listen [::]:5002;
+    listen 5001 ssl;
+    listen [::]:5001 ssl;
+    if (\$scheme != "https") {
+      return 301 https://\$host\$request_uri;
+    }
+    server_name nginx6.wtf nginx7.wtf;
+  }
 }
 EOF
--- a/certbot-nginx/tests/boulder-integration.sh
+++ b/certbot-nginx/tests/boulder-integration.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -xe
+#!/bin/bash -xe
 # prerequisite: apt-get install --no-install-recommends nginx-light openssl

 . ./tests/integration/_common.sh
@@ -6,13 +6,15 @@
 export PATH="/usr/sbin:$PATH"  # /usr/sbin/nginx
 nginx_root="$root/nginx"
 mkdir $nginx_root
-original=$(root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh)
-nginx_conf="$nginx_root/nginx.conf"
-echo "$original" > $nginx_conf

+reload_nginx () {
+    original=$(root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh)
+    nginx_conf="$nginx_root/nginx.conf"
+    echo "$original" > $nginx_conf

-killall nginx || true
-nginx -c $nginx_root/nginx.conf
+    killall nginx || true
+    nginx -c $nginx_root/nginx.conf
+}

 certbot_test_nginx () {
    certbot_test \
@@ -32,10 +34,30 @@ test_deployment_and_rollback() {
    diff -q <(echo "$original") $nginx_conf
 }

+export default_server="default_server"
+reload_nginx
 certbot_test_nginx --domains nginx.wtf run
 test_deployment_and_rollback nginx.wtf
 certbot_test_nginx --domains nginx2.wtf --preferred-challenges http
 test_deployment_and_rollback nginx2.wtf
+# Overlapping location block and server-block-level return 301
+certbot_test_nginx --domains nginx3.wtf --preferred-challenges http
+test_deployment_and_rollback nginx3.wtf
+# No matching server block; default_server exists
+certbot_test_nginx --domains nginx4.wtf --preferred-challenges http
+test_deployment_and_rollback nginx4.wtf
+# No matching server block; default_server does not exist
+export default_server=""
+reload_nginx
+if nginx -c $nginx_root/nginx.conf -T 2>/dev/null | grep "default_server"; then
+    echo "Failed to remove default_server"
+    exit 1
+fi
+certbot_test_nginx --domains nginx5.wtf --preferred-challenges http
+test_deployment_and_rollback nginx5.wtf
+# Mutiple domains, mix of matching and not
+certbot_test_nginx --domains nginx6.wtf,nginx7.wtf --preferred-challenges http
+test_deployment_and_rollback nginx6.wtf

 # note: not reached if anything above fails, hence "killall" at the
 # top