def test_manual_https(preserve_config): ssl_dir = "/etc/tljh-ssl-test" key = ssl_dir + "/ssl.key" cert = ssl_dir + "/ssl.cert" os.makedirs(ssl_dir, exist_ok=True) os.chmod(ssl_dir, 0o600) # generate key and cert check_call([ "openssl", "req", "-nodes", "-newkey", "rsa:2048", "-keyout", key, "-x509", "-days", "1", "-out", cert, "-subj", "/CN=tljh.jupyer.org", ]) set_config_value(CONFIG_FILE, "https.enabled", True) set_config_value(CONFIG_FILE, "https.tls.key", key) set_config_value(CONFIG_FILE, "https.tls.cert", cert) reload_component("proxy") for i in range(10): time.sleep(i) try: server_cert = ssl.get_server_certificate(("127.0.0.1", 443)) except Exception as e: print(e) else: break with open(cert) as f: file_cert = f.read() # verify that our certificate was loaded by traefik assert server_cert == file_cert # verify that we can still connect to the hub resp = send_request(url="https://127.0.0.1/hub/api", max_sleep=10, validate_cert=False) assert resp.code == 200 # cleanup shutil.rmtree(ssl_dir) set_config_value(CONFIG_FILE, "https.enabled", False) reload_component("proxy")
def test_manual_ssl_config(tljh_dir): state_dir = config.STATE_DIR config.set_config_value(config.CONFIG_FILE, "https.enabled", True) config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key") config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert") traefik.ensure_traefik_config(str(state_dir)) traefik_toml = os.path.join(state_dir, "traefik.toml") with open(traefik_toml) as f: toml_cfg = f.read() # print config for debugging on failure print(config.CONFIG_FILE) print(toml_cfg) cfg = toml.loads(toml_cfg) assert cfg["defaultEntryPoints"] == ["http", "https"] assert "acme" not in cfg assert cfg["entryPoints"] == { "http": { "address": ":80", "redirect": { "entryPoint": "https" } }, "https": { "address": ":443", "backend": "jupyterhub", "tls": { "certificates": [{ "certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key" }] }, }, }
def test_letsencrypt_config(tljh_dir): state_dir = config.STATE_DIR config.set_config_value(config.CONFIG_FILE, "https.enabled", True) config.set_config_value(config.CONFIG_FILE, "https.letsencrypt.email", "*****@*****.**") config.set_config_value(config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]) traefik.ensure_traefik_config(str(state_dir)) traefik_toml = os.path.join(state_dir, "traefik.toml") with open(traefik_toml) as f: toml_cfg = f.read() # print config for debugging on failure print(config.CONFIG_FILE) print(toml_cfg) cfg = toml.loads(toml_cfg) assert cfg["defaultEntryPoints"] == ["http", "https"] assert "acme" in cfg assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1 # runtime generated entry, value not testable cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""] assert cfg["entryPoints"] == { "http": { "address": ":80", "redirect": { "entryPoint": "https" } }, "https": { "address": ":443", "tls": { "minVersion": "VersionTLS12" } }, "auth_api": { "address": "127.0.0.1:8099", "auth": { "basic": { "users": [""] } }, "whiteList": { "sourceRange": ["127.0.0.1"] }, }, } assert cfg["acme"] == { "email": "*****@*****.**", "storage": "acme.json", "entryPoint": "https", "httpChallenge": { "entryPoint": "http" }, "domains": [{ "main": "testing.jovyan.org" }], }
def test_manual_ssl_config(tljh_dir): state_dir = config.STATE_DIR config.set_config_value(config.CONFIG_FILE, "https.enabled", True) config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key") config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert") traefik.ensure_traefik_config(str(state_dir)) traefik_toml = os.path.join(state_dir, "traefik.toml") with open(traefik_toml) as f: toml_cfg = f.read() # print config for debugging on failure print(config.CONFIG_FILE) print(toml_cfg) cfg = toml.loads(toml_cfg) assert cfg["defaultEntryPoints"] == ["http", "https"] assert "acme" not in cfg assert len(cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"]) == 1 # runtime generated entry, value not testable cfg["entryPoints"]["auth_api"]["auth"]["basic"]["users"] = [""] assert cfg["entryPoints"] == { "http": { "address": ":80", "redirect": { "entryPoint": "https" } }, "https": { "address": ":443", "tls": { "minVersion": "VersionTLS12", "certificates": [{ "certFile": "/path/to/ssl.cert", "keyFile": "/path/to/ssl.key" }], }, }, "auth_api": { "address": "127.0.0.1:8099", "auth": { "basic": { "users": [""] } }, "whiteList": { "sourceRange": ["127.0.0.1"] }, }, }
def test_letsencrypt_config(tljh_dir): state_dir = config.STATE_DIR config.set_config_value(config.CONFIG_FILE, "https.enabled", True) config.set_config_value(config.CONFIG_FILE, "https.letsencrypt.email", "*****@*****.**") config.set_config_value(config.CONFIG_FILE, "https.letsencrypt.domains", ["testing.jovyan.org"]) traefik.ensure_traefik_config(str(state_dir)) traefik_toml = os.path.join(state_dir, "traefik.toml") with open(traefik_toml) as f: toml_cfg = f.read() # print config for debugging on failure print(config.CONFIG_FILE) print(toml_cfg) cfg = toml.loads(toml_cfg) assert cfg["defaultEntryPoints"] == ["http", "https"] assert "acme" in cfg assert cfg["entryPoints"] == { "http": { "address": ":80", "redirect": { "entryPoint": "https" } }, "https": { "address": ":443", "backend": "jupyterhub", "tls": {} }, } assert cfg["acme"] == { "email": "*****@*****.**", "storage": "acme.json", "entryPoint": "https", "httpChallenge": { "entryPoint": "http" }, "domains": [{ "main": "testing.jovyan.org" }], }