From f0b6ba072f8be832d02ad7c8d0ca349891b1bb7f Mon Sep 17 00:00:00 2001 From: alexzorin Date: Fri, 27 Jan 2023 14:44:17 +1100 Subject: [PATCH] certbot-ci: boulder only supports port 80 for http-01 (#9548) * certbot-ci: boulder will now only supports port 80 for http-01 * forgot to actually use the http_01_port argument * print the port the proxy listens on * try allow binding to privileged ports --- .azure-pipelines/templates/steps/tox-steps.yml | 1 + .../utils/acme_server.py | 18 ++++++++++-------- .../utils/constants.py | 1 + 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.azure-pipelines/templates/steps/tox-steps.yml b/.azure-pipelines/templates/steps/tox-steps.yml index a85e1519a..ae8a2c56b 100644 --- a/.azure-pipelines/templates/steps/tox-steps.yml +++ b/.azure-pipelines/templates/steps/tox-steps.yml @@ -21,6 +21,7 @@ steps: nginx-light \ openssl sudo systemctl stop nginx + sudo sysctl net.ipv4.ip_unprivileged_port_start=0 condition: startswith(variables['IMAGE_NAME'], 'ubuntu') displayName: Install Linux dependencies - task: UsePythonVersion@0 diff --git a/certbot-ci/certbot_integration_tests/utils/acme_server.py b/certbot-ci/certbot_integration_tests/utils/acme_server.py index ecd7fe778..b75c412d5 100755 --- a/certbot-ci/certbot_integration_tests/utils/acme_server.py +++ b/certbot-ci/certbot_integration_tests/utils/acme_server.py @@ -44,7 +44,7 @@ class ACMEServer: """ def __init__(self, acme_server: str, nodes: List[str], http_proxy: bool = True, stdout: bool = False, dns_server: Optional[str] = None, - http_01_port: int = DEFAULT_HTTP_01_PORT) -> None: + http_01_port: Optional[int] = None) -> None: """ Create an ACMEServer instance. :param str acme_server: the type of acme server used (boulder-v2 or pebble) @@ -63,12 +63,14 @@ class ACMEServer: self._processes: List[subprocess.Popen] = [] self._stdout = sys.stdout if stdout else open(os.devnull, 'w') # pylint: disable=consider-using-with self._dns_server = dns_server - self._http_01_port = http_01_port self._preterminate_cmds_args: List[Tuple[Tuple[Any, ...], Dict[str, Any]]] = [] - if http_01_port != DEFAULT_HTTP_01_PORT: - if self._acme_type != 'pebble' or self._proxy: - raise ValueError('setting http_01_port is not currently supported ' - 'with boulder or the HTTP proxy') + self._http_01_port = BOULDER_HTTP_01_PORT if self._acme_type == 'boulder' \ + else DEFAULT_HTTP_01_PORT + if http_01_port: + if (self._acme_type == 'pebble' and self._proxy) or self._acme_type == 'boulder': + raise ValueError('Setting http_01_port is not currently supported when ' + 'using Boulder or the HTTP proxy') + self._http_01_port = http_01_port def start(self) -> None: """Start the test stack""" @@ -236,11 +238,11 @@ class ACMEServer: def _prepare_http_proxy(self) -> None: """Configure and launch an HTTP proxy""" - print('=> Configuring the HTTP proxy...') + print(f'=> Configuring the HTTP proxy on port {self._http_01_port}...') http_port_map = cast(Dict[str, int], self.acme_xdist['http_port']) mapping = {r'.+\.{0}\.wtf'.format(node): 'http://127.0.0.1:{0}'.format(port) for node, port in http_port_map.items()} - command = [sys.executable, proxy.__file__, str(DEFAULT_HTTP_01_PORT), json.dumps(mapping)] + command = [sys.executable, proxy.__file__, str(self._http_01_port), json.dumps(mapping)] self._launch_process(command) print('=> Finished configuring the HTTP proxy.') diff --git a/certbot-ci/certbot_integration_tests/utils/constants.py b/certbot-ci/certbot_integration_tests/utils/constants.py index ce0cd91d5..5aabe379a 100644 --- a/certbot-ci/certbot_integration_tests/utils/constants.py +++ b/certbot-ci/certbot_integration_tests/utils/constants.py @@ -1,5 +1,6 @@ """Some useful constants to use throughout certbot-ci integration tests""" DEFAULT_HTTP_01_PORT = 5002 +BOULDER_HTTP_01_PORT = 80 TLS_ALPN_01_PORT = 5001 CHALLTESTSRV_PORT = 8055 BOULDER_V2_CHALLTESTSRV_URL = f'http://10.77.77.77:{CHALLTESTSRV_PORT}'