def test_700_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
# generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 443 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_702_010(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_700_032(self):
domain = self.test_domain
name1 = "server1." + domain
name2 = "server2.b" + domain # need a separate TLD to avoid rate limites
#
# generate 2 MDs and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_md([name2])
conf.add_vhost(name1)
conf.add_vhost(name2)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1])
TestEnv.check_md([name2])
assert TestEnv.await_completion([name1, name2])
TestEnv.check_md_complete(name2)
#
# check: SSL is running OK
cert1 = TestEnv.get_cert(name1)
assert name1 in cert1.get_san_list()
cert2 = TestEnv.get_cert(name2)
assert name2 in cert2.get_san_list()
#
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_vhost([name1, name2], docRoot="htdocs/a")
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1, name2])
assert TestEnv.await_completion([name1])
#
cert1b = TestEnv.get_cert(name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_500_110(self):
# test case: SSL-only domain, override headers generated by mod_md
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_require_ssl("permanent")
conf.add_md([name])
conf.add_vhost(name, port=TestEnv.HTTP_PORT)
conf.add_vhost(name)
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# test override HSTS header
conf._add_line(
' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"'
)
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers'][
'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload'
# test override Location header
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: default redirect by mod_md still works
expLocation = "https://%s/name.txt" % name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
assert r['http_headers']['Location'] == expLocation
# check: redirect as given by mod_alias
expLocation = "https://%s/a" % name
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r[
'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md
assert r['http_headers']['Location'] == expLocation
def test_500_111(self):
# test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf._add_line(" LogLevel alias:debug")
conf.add_vhost(name, port=TestEnv.HTTP_PORT)
conf.add_vhost(name)
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# setup: place redirect rules
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: redirects on HTTP
expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r['http_status'] == 302
assert r['http_headers']['Location'] == expLocation
r = TestEnv.get_meta(name, "/b", useHTTPS=False)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
# check: redirects on HTTPS
expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=True)
assert r['http_status'] == 302
assert r['http_headers'][
'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...'
r = TestEnv.get_meta(name, "/b", useHTTPS=True)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
