diff options
| author | Seth Schoen <schoen@eff.org> | 2016-07-11 23:58:21 +0300 |
|---|---|---|
| committer | Seth Schoen <schoen@eff.org> | 2016-07-11 23:58:21 +0300 |
| commit | b48ddac5285572129937661e0e8291a329d3bb98 (patch) | |
| tree | bffc1f16f4663da9a73c44365e41be9bc9db931f /certbot-compatibility-test | |
| parent | 9431874c723ceb09c629bd8f5897e6f992c6f724 (diff) | |
Initial version of nginx parser roundtrip test
Diffstat (limited to 'certbot-compatibility-test')
203 files changed, 8263 insertions, 0 deletions
diff --git a/certbot-compatibility-test/nginx/README b/certbot-compatibility-test/nginx/README new file mode 100644 index 000000000..f32de2148 --- /dev/null +++ b/certbot-compatibility-test/nginx/README @@ -0,0 +1,27 @@ +Eventually there will also be a compatibility test here like the Apache one. + +Right now, this is data for the roundtrip test (checking that the parser +can parse each file and that the reserialized config file it generates is +identical to the original). + +If run in a virtualenv or otherwise so that certbot_nginx can be imported, +the roundtrip test can run as + +python roundtrip.py nginx-roundtrip-testdata + +It gives exit status 0 for success and 1 if at least one parse or roundtrip +failure occurred. + + +The directory nginx-roundtrip-testdata includes some config files that were +contributed to our project as well as most of the configs linked from + +https://www.nginx.com/resources/wiki/start/ + +Some exceptions that were skipped are + +https://www.nginx.com/resources/wiki/start/topics/recipes/moinmoin/ +https://www.nginx.com/resources/wiki/start/topics/examples/SSL-Offloader/ (not much nginx configuration) +https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/ (likewise) +https://www.nginx.com/resources/wiki/start/topics/examples/x-accel/ +https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/ diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 new file mode 100644 index 000000000..19dc49444 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10033 @@ -0,0 +1,34 @@ +upstream django_server_random18709.example.org { + server unix:/srv/http/random22194/live/website.sock; +} + +server { + listen 80; + server_name random18709.example.org; + + location /media/ { + alias /srv/http/random22194/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random18709.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random22194/live/access.log combined_plus; + error_log /var/log/nginx/random22194/live/error.log; +} + +server { + server_name www.random18709.example.org; + server_name random24607.example.org www.random24607.example.org; + return 301 http://random18709.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 new file mode 100644 index 000000000..fe95ac8dc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10571 @@ -0,0 +1,71 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 443; + server_name www.random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + + +server { + listen 443; + server_name random1413.example.org www.random1413.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random1413.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random1413.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 443; + server_name random25266.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random25266.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random25266.example.org.key; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} + +server { + listen 80; + server_name random1413.example.org www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + server_name random25266.example.org www.random25266.example.org; + server_name random26791.example.org www.random26791.example.org; + + location / { + return 301 https://www.random25266.example.org$request_uri; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 new file mode 100644 index 000000000..103b56009 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10591 @@ -0,0 +1,38 @@ +upstream django_server_random11921.example.org { + server unix:/srv/http/random9726/acceptance/website.sock; +} + +server { + listen 80; + server_name random11921.example.org www.random11921.example.org; + + if ($host != 'random11921.example.org') { + rewrite ^/(.*)$ http://random11921.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random9726/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random9726/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11921.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + error_page 502 503 504 /50x.html; + } + + location /50x.html { + root /usr/share/nginx/www/; + } + + access_log /var/log/nginx/random9726/acceptance/access.log combined_plus; + error_log /var/log/nginx/random9726/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 new file mode 100644 index 000000000..0f7c55762 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10920 @@ -0,0 +1,16 @@ +server { + listen 80 default; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random27802/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 new file mode 100644 index 000000000..a09605d03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-10947 @@ -0,0 +1,40 @@ +upstream django_server_acceptance.random8289.random17507.example.org { + server unix:/srv/http/random8289/acceptance/website.sock; +} + +server { + listen 80; + server_name random23045.example.org; + + location /media/ { + alias /srv/http/random8289/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptance.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random8289 acceptance'; + auth_basic_user_file /srv/http/random8289/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random8289/acceptance/access.log combined_plus; + error_log /var/log/nginx/random8289/acceptance/error.log; +} + +server { + server_name www.random23045.example.org; + return 301 http://random23045.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 new file mode 100644 index 000000000..8aceca7ca --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11018 @@ -0,0 +1,37 @@ +upstream django_server_random24036.example.org { + server unix:/srv/http/random1006/live/website.sock; +} + +server { + listen 80; + server_name random24036.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/live/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random24036.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random1006/live/access.log combined_plus; + error_log /var/log/nginx/random1006/live/error.log; +} + +server { + server_name www.random24036.example.org; + server_name random32349.example.org www.random32349.example.org; + server_name random23794.example.org www.random23794.example.org; + rewrite ^ http://random24036.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 new file mode 100644 index 000000000..1d81e5b52 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11046 @@ -0,0 +1,36 @@ +upstream django_server_random25979.example.org { + server unix:/srv/http/random24211/internal/website.sock; +} + +server { + listen 80; + server_name random25979.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25979.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24211'; + auth_basic_user_file /srv/http/random24211/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24211/internal/access.log combined_plus; + error_log /var/log/nginx/random24211/internal/error.log; +} + +server { + server_name www.random25979.example.org; + rewrite ^ http://intern.random24211.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 new file mode 100644 index 000000000..0dc1af725 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11382 @@ -0,0 +1,29 @@ +server { + listen 80; + listen 7891; # User0 + listen 8080; # User1 + listen 8900; # User2 + listen 8912; # User3 + listen 3567; # User4 + + server_name random666.example.org www.random666.example.org; + + root /srv/http/random666.example.org; + index index.html index.htm; + + location /duif_assets/ { + try_files $uri $uri/ =404; + } + + location /index.html { + try_files $uri $uri/ =404; + } + + location / { + rewrite ^.+$ / break; + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random666.example.org/access.log combined_plus; + error_log /var/log/nginx/random666.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 new file mode 100644 index 000000000..13210b056 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1167 @@ -0,0 +1,38 @@ +upstream django_server_random23900.example.org { + server unix:/srv/http/random29467/acceptance/website.sock; +} + +server { + listen 80; + server_name random23900.example.org www.random23900.example.org; + + if ($host != 'random23900.example.org') { + rewrite ^/(.*)$ http://random23900.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random23900.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random29467 acceptance"; + auth_basic_user_file htpasswords/random29467_acceptance; + + } + + access_log /var/log/nginx/random29467/acceptance/access.log combined_plus; + error_log /var/log/nginx/random29467/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 new file mode 100644 index 000000000..8a8c90b7e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-11849 @@ -0,0 +1,36 @@ +upstream django_server_random3140.example.org { + server unix:/srv/http/random2912/live/website.sock; +} + +server { + listen 80; + server_name random3140.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random3140.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random2912/live/access.log combined_plus; + error_log /var/log/nginx/random2912/live/error.log; +} + +server { + server_name www.random3140.example.org; + server_name random28398.example.org; + server_name random23689.example.org www.random23689.example.org; + server_name random25863.example.org www.random25863.example.org; + + rewrite ^ http://random3140.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 new file mode 100644 index 000000000..9d74e2098 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12027 @@ -0,0 +1,29 @@ +upstream django_server_random6410.example.org { + server unix:/srv/http/random28641/live/website.sock; +} + +server { + listen 80; + server_name www.random6410.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/live/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6410.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random28641/live/access.log combined_plus; + error_log /var/log/nginx/random28641/live/error.log; +} + +server { + server_name random6410.example.org; + rewrite ^ http://www.random6410.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 new file mode 100644 index 000000000..17ba72db4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12235 @@ -0,0 +1,33 @@ +server { + server_name random18267.example.org; + gzip on; + gzip_min_length 2000; + gzip_proxied any; + gzip_types application/json; + + client_max_body_size 30M; + + root /srv/http/random23264/data; + + # Security + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + + # try serving docs and (md5/immutable) directly + location ~ \+(f|doc)/ { + try_files $uri @proxy_to_app; + } + location / { + # XXX how to tell nginx to just refer to @proxy_to_app here? + try_files /.lqkwje @proxy_to_app; + } + location @proxy_to_app { + proxy_pass http://random20604.example.org:4040; + proxy_set_header X-outside-url $scheme://$host; + proxy_set_header X-Real-IP $remote_addr; + } + + access_log /var/log/nginx/random23264/access.log combined_plus; + error_log /var/log/nginx/random23264/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 new file mode 100644 index 000000000..af5a22620 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-12649 @@ -0,0 +1,45 @@ +upstream django_server_random10305.example.org { + server unix:/srv/http/random23322/live/website.sock; +} + +server { + listen 80; + server_name random10305.example.org; + + location /media/ { + alias /srv/http/random23322/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random23322/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10305.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random23322/live/access.log combined_plus; + error_log /var/log/nginx/random23322/live/error.log; +} + +server { + listen 80; + + server_name random13399.example.org; + server_name www.random10305.example.org; + server_name random17958.example.org www.random17958.example.org; + server_name random15266.example.org www.random15266.example.org; + server_name random21296.example.org www.random21296.example.org; + server_name random5261.example.org www.random5261.example.org; + server_name random679.example.org www.random679.example.org; + server_name random31788.example.org www.random31788.example.org; + server_name random22704.example.org www.random22704.example.org; + server_name random17411.example.org www.random17411.example.org; + + return 301 http://random10305.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 new file mode 100644 index 000000000..d7a17f76e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-13577 @@ -0,0 +1,38 @@ +upstream django_server_random30837.example.org { + server unix:/srv/http/random30992/live/website.sock; +} + +server { + listen 80; + server_name www.random30837.example.org; + + location ^~ /media/ { + alias /srv/http/random30992/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random30992/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random30837.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random30992/live/access.log combined_plus; + error_log /var/log/nginx/random30992/live/error.log; +} + +server { + server_name random30837.example.org; + server_name random3263.example.org www.random3263.example.org; + server_name random6771.example.org www.random6771.example.org; + server_name random17696.example.org www.random17696.example.org; + server_name random7179.example.org www.random7179.example.org; + server_name random8127.example.org www.random8127.example.org; + + rewrite ^ http://www.random30837.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 new file mode 100644 index 000000000..ca9ca2f61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14402 @@ -0,0 +1,33 @@ +upstream django_server_random17705.example.org { + server unix:/srv/http/random8289/internal/website.sock; +} + +server { + listen 80; + server_name random17705.example.org; + + location /media/ { + alias /srv/http/random8289/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17705.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random8289/internal/access.log combined_plus; + error_log /var/log/nginx/random8289/internal/error.log; +} + +server { + server_name www.random17705.example.org; + return 301 http://random17705.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 new file mode 100644 index 000000000..7caf7b2a4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-14430 @@ -0,0 +1,54 @@ +upstream django_server_random17507.example.org { + server unix:/srv/http/random7740/live/website.sock; +} + +server { + listen 80; + server_name random17507.example.org; + + location ^~ /media/ { + alias /srv/http/random7740/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7740/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random7740/live/access.log combined_plus; + error_log /var/log/nginx/random7740/live/error.log; +} + +server { + server_name www.random17507.example.org; + server_name random31197.example.org www.random31197.example.org; + server_name random19579.example.org www.random19579.example.org; + server_name random16629.example.org www.random16629.example.org; + server_name random28363.example.org www.random28363.example.org; + server_name random30185.example.org www.random30185.example.org; + server_name random22326.example.org www.random22326.example.org; + server_name random3622.example.org www.random3622.example.org; + server_name random1463.example.org www.random1463.example.org; + server_name random23341.example.org www.random23341.example.org; + server_name random2214.example.org www.random2214.example.org; + server_name random22684.example.org www.random22684.example.org; + server_name random6606.example.org www.random6606.example.org; + server_name random29138.example.org www.random29138.example.org; + server_name random15109.example.org www.random15109.example.org; + server_name random8002.example.org www.random8002.example.org; + server_name random16836.example.org www.random16836.example.org; + server_name random22283.example.org www.random22283.example.org; + + location = /googleXXXXXXXXXXXXXXXX.html { + alias /srv/http/random7740/live/website/templates/googleXXXXXXXXXXXXXXXX.html; + } + + rewrite ^ http://random17507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 new file mode 100644 index 000000000..2b2689f09 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15141 @@ -0,0 +1,36 @@ +upstream django_server_acceptatie.random20374.nl { + server unix:/srv/http/random20374/acceptance/website.sock; +} + +server { + listen 80; + server_name random28586.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_acceptatie.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random20374'; + auth_basic_user_file /srv/http/random20374/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/acceptance/access.log combined_plus; + error_log /var/log/nginx/random20374/acceptance/error.log; +} + +server { + server_name www.random28586.example.org; + rewrite ^ http://random28586.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 new file mode 100644 index 000000000..b4f4bd61c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15270 @@ -0,0 +1,38 @@ +upstream django_server_random6822.example.org { + server unix:/srv/http/random7047/live/website.sock; +} + +server { + listen 8443; + server_name random6822.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location /media/ { + alias /srv/http/random7047/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random7047/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6822.example.org; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random7047/live/access.log combined_plus; + error_log /var/log/nginx/random7047/live/error.log; +} + +server { + listen 80; + server_name random6822.example.org; + + rewrite ^/(.*) https://random6822.example.org:8443/$1; +} + + diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 new file mode 100644 index 000000000..fa09bed93 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15291 @@ -0,0 +1,112 @@ +# You may add here your +# server { +# ... +# } +# statements for each of your virtual hosts to this file + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + root /usr/share/nginx/html; + index index.html index.htm; + + # Make site accessible from http://random20604.example.org/ + server_name random20604.example.org; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + # Uncomment to enable naxsi on this location + # include /etc/nginx/naxsi.rules + } + + # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests + #location /RequestDenied { + # proxy_pass http://127.0.0.1:8080; + #} + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + #error_page 500 502 503 504 /50x.html; + #location = /50x.html { + # root /usr/share/nginx/html; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # fastcgi_split_path_info ^(.+\.php)(/.+)$; + # # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + # + # # With php5-cgi alone: + # fastcgi_pass 127.0.0.1:9000; + # # With php5-fpm: + # fastcgi_pass unix:/var/run/php5-fpm.sock; + # fastcgi_index index.php; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# another virtual host using mix of IP-, name-, and port-based configuration +# +#server { +# listen 8000; +# listen random20605.example.org:8080; +# server_name random20605.example.org alias another.alias; +# root html; +# index index.html index.htm; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + + +# HTTPS server +# +#server { +# listen 443; +# server_name random20604.example.org; +# +# root html; +# index index.html index.htm; +# +# ssl on; +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; +# +# ssl_session_timeout 5m; +# +# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; +# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; +# ssl_prefer_server_ciphers on; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 new file mode 100644 index 000000000..273694b51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15456 @@ -0,0 +1,39 @@ +upstream django_server_random29275.example.org { + server unix:/srv/http/random14353/internal/website.sock; +} + +server { + listen 80; + server_name random29275.example.org; + + location /media/ { + alias /srv/http/random14353/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29275.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'internal for random14353'; + auth_basic_user_file /srv/http/random14353/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/internal/access.log; + error_log /var/log/nginx/random14353/internal/error.log; +} + +server { + server_name www.random29275.example.org; + return 301 http://random29275.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 new file mode 100644 index 000000000..86a8980d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15497 @@ -0,0 +1,35 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random29227/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location /media/ { + alias /srv/http/random29227/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random29227/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29227/live/access.log combined_plus; + error_log /var/log/nginx/random29227/live/error.log; +} +server { + server_name random5297.example.org www.random5297.example.org; + server_name random17050.example.org www.random17050.example.org; + server_name www.random16112.example.org; + + return 301 http://random16112.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 new file mode 100644 index 000000000..32b88c62f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-15852 @@ -0,0 +1,38 @@ +upstream django_server_random7474.example.org { + server unix:/srv/http/random4886/acceptance/website.sock; +} + +server { + listen 80; + server_name random7474.example.org; + + location /media/ { + alias /srv/http/random4886/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7474.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random4886'; + auth_basic_user_file /srv/http/random4886/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + client_max_body_size 20m; + + access_log /var/log/nginx/random4886/acceptance/access.log; + error_log /var/log/nginx/random4886/acceptance/error.log; +} + +server { + server_name www.random7474.example.org; + return 301 http://random7474.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 new file mode 100644 index 000000000..ac8ce609c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-16345 @@ -0,0 +1,34 @@ +upstream django_server_random25713.example.org { + server unix:/srv/http/random24922/live/website.sock; +} + +server { + listen 80; + server_name random25713.example.org; + + location /media/ { + alias /srv/http/random24922/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random24922/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25713.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24922/live/access.log; + error_log /var/log/nginx/random24922/live/error.log; +} + +server { + server_name www.random25713.example.org; + return 301 http://random25713.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 new file mode 100644 index 000000000..e733a70ed --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17175 @@ -0,0 +1,14 @@ +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + index index.html index.htm; + root /srv/http/random11461/countdown/; + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 new file mode 100644 index 000000000..4a0967de8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17832 @@ -0,0 +1,32 @@ +upstream django_server_random6430.example.org { + server unix:/srv/http/random550/internal/website.sock; +} + +server { + listen 80; + server_name random6430.example.org; + + location /media/ { + alias /srv/http/random550/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6430.example.org; + include /etc/nginx/django_proxy_params; + + } + + access_log /var/log/nginx/random550/internal/access.log combined_plus; + error_log /var/log/nginx/random550/internal/error.log; +} + +server { + server_name www.random6430.example.org; + return 301 http://random6430.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 new file mode 100644 index 000000000..a3b10eed6 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-17942 @@ -0,0 +1,32 @@ +upstream django_server_random25647.example.org { + server unix:/srv/http/random11461/live/website.sock; +} + +server { + listen 80; + server_name random25647.example.org www.random25647.example.org random10963.example.org www.random10963.example.org; + + if ($host != 'random25647.example.org') { + rewrite ^/(.*)$ http://random25647.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random11461/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random11461/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25647.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random11461/live/access.log combined_plus; + error_log /var/log/nginx/random11461/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 new file mode 100644 index 000000000..63b68d6ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18018 @@ -0,0 +1,36 @@ +upstream django_server_intern.random20374.nl { + server unix:/srv/http/random20374/internal/website.sock; +} + +server { + listen 80; + server_name random23818.example.org; + + location ^~ /media/ { + alias /srv/http/random20374/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random20374/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_intern.random20374.nl; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random20374'; + auth_basic_user_file /srv/http/random20374/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random20374/internal/access.log combined_plus; + error_log /var/log/nginx/random20374/internal/error.log; +} + +server { + server_name www.random23818.example.org; + rewrite ^ http://random23818.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 new file mode 100644 index 000000000..d6d4e5bea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-18069 @@ -0,0 +1,39 @@ +upstream django_server_random7949.example.org { + server unix:/srv/http/random1006/acceptance/website.sock; +} + +server { + listen 80; + server_name random7949.example.org; + gzip on; + gzip_http_version 1.0; + gzip_types *; + gzip_vary on; + gzip_proxied any; + + location ~ /media/(.*)$ { + alias /srv/http/random1006/acceptance/website/static/$1; + expires 7d; + gzip on; + } + + + location / { + proxy_pass http://django_server_random7949.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random1006'; + auth_basic_user_file /srv/http/random1006/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/acceptance/access.log combined_plus; + error_log /var/log/nginx/random1006/acceptance/error.log; +} + +server { + server_name www.random7949.example.org; + rewrite ^ http://random7949.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 new file mode 100644 index 000000000..2609e2080 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19334 @@ -0,0 +1,39 @@ +upstream django_server_random1515.example.org { + server unix:/srv/http/random15255/acceptance/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random1515.example.org www.random1515.example.org; + + if ($host != 'random1515.example.org') { + rewrite ^/(.*)$ http://random1515.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1515.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 acceptance'; + auth_basic_user_file /srv/http/random15255/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/acceptance/access.log combined_plus; + error_log /var/log/nginx/random15255/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 new file mode 100644 index 000000000..617472e0d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19639 @@ -0,0 +1,39 @@ +upstream django_server_live.random8289.random17507.example.org { + server unix:/srv/http/random8289/live/website.sock; +} + +server { + listen 443; + server_name random23886.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random23886.example.org.complete-bundle.crt; + ssl_certificate_key /etc/ssl/private/random23886.example.org.key; + + location /media/ { + alias /srv/http/random8289/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random8289/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_live.random8289.random17507.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random8289/live/access.log combined_plus; + error_log /var/log/nginx/random8289/live/error.log; +} + +server { + listen 80; + server_name random23886.example.org; + return 301 https://random23886.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 new file mode 100644 index 000000000..41aaef04d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-1966 @@ -0,0 +1,36 @@ +upstream django_server_random31523.example.org { + server unix:/srv/http/random16722.example.org/internal/website.sock; +} + +server { + listen 80; + server_name random31523.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31523.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random16722.example.org'; + auth_basic_user_file /srv/http/random16722.example.org/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random16722.example.org/internal/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/internal/error.log; +} + +server { + server_name www.random31523.example.org; + rewrite ^ http://random31523.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 new file mode 100644 index 000000000..6e3112ad8 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19791 @@ -0,0 +1,34 @@ +upstream django_server_random1413.example.org { + server unix:/srv/http/random25151/live/website.sock; +} + +server { + listen 80; + server_name random1413.example.org; + + location ^~ /media/ { + alias /srv/http/random25151/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random25151/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1413.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random25151/live/access.log combined_plus; + error_log /var/log/nginx/random25151/live/error.log; +} + +server { + server_name www.random1413.example.org; + server_name random28524.example.org www.random28524.example.org; + rewrite ^ http://random1413.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 new file mode 100644 index 000000000..20d718409 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-19955 @@ -0,0 +1,36 @@ +upstream django_server_random9619.example.org { + server unix:/srv/http/random28641/internal/website.sock; +} + +server { + listen 80; + server_name random9619.example.org; + + location ^~ /media/ { + alias /srv/http/random28641/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random28641/internal/website/static/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random9619.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random28641'; + auth_basic_user_file /srv/http/random28641/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/internal/access.log combined_plus; + error_log /var/log/nginx/random28641/internal/error.log; +} + +server { + server_name www.random9619.example.org; + rewrite ^ http://random9619.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 new file mode 100644 index 000000000..5650efb4c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21369 @@ -0,0 +1,33 @@ +upstream django_server_random31758.example.org { + server unix:/srv/http/random21623/internal/website.sock; +} + +server { + listen 80; + server_name random31758.example.org www.random31758.example.org; + + if ($host != 'random31758.example.org') { + rewrite ^/(.*)$ http://random31758.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random21623/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31758.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/internal/access.log combined_plus; + error_log /var/log/nginx/random21623/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 new file mode 100644 index 000000000..85576da76 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-21549 @@ -0,0 +1,32 @@ +upstream django_server_random1688.example.org { + server unix:/srv/http/random6470/acceptance/website.sock; +} + +server { + listen 80; + server_name random5078.example.org random1688.example.org www.random1688.example.org; + + if ($host != 'random5078.example.org') { + rewrite ^/(.*)$ http://random5078.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random6470/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random6470/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1688.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random6470/acceptance/access.log combined_plus; + error_log /var/log/nginx/random6470/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 new file mode 100644 index 000000000..00d1d2b0b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-230 @@ -0,0 +1,33 @@ +upstream django_server_random22746.example.org { + server unix:/srv/http/random6344/internal/website.sock; +} + +server { + listen 80; + server_name random22746.example.org; + + if ($host != 'random22746.example.org') { + rewrite ^/(.*)$ http://random22746.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random6344/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22746.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/internal/access.log combined_plus; + error_log /var/log/nginx/random6344/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 new file mode 100644 index 000000000..5b91f0eaf --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23325 @@ -0,0 +1,74 @@ +upstream django_server_random15255_live { + server unix:/srv/http/random15255/live/website.sock fail_timeout=5; +} + +server { + listen 443; + server_name random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + location /media/ { + alias /srv/http/random15255/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + + location /static/ { + alias /srv/http/random15255/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_live; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random15255/live/access.log combined_plus; + error_log /var/log/nginx/random15255/live/error.log; +} + +server { + listen 80; + server_name random7381.example.org www.random7381.example.org; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 8445; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 1000; + server_name random7381.example.org www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} + +server { + listen 443; + server_name www.random7381.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random7381.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7381.example.org.key; + + return 301 https://random7381.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 new file mode 100644 index 000000000..4f78b645b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23470 @@ -0,0 +1,56 @@ +upstream django_server_random27579.example.org { + server unix:/srv/http/random21623/live/website.sock; +} + +server { + listen 443; + server_name random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + location /media/ { + alias /srv/http/random21623/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random21623/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27579.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random21623/live/access.log combined_plus; + error_log /var/log/nginx/random21623/live/error.log; +} + +server { + listen 443; + server_name www.random27579.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27579.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27579.example.org.key; + + return 301 https://random27579.example.org$request_uri; +} + +server { + listen 80; + + server_name random27579.example.org www.random27579.example.org random11512.example.org; + server_name random18003.example.org www.random18003.example.org; + server_name random26730.example.org www.random26730.example.org; + server_name random3968.example.org www.random3968.example.org; + server_name random11925.example.org www.random11925.example.org; + + return 301 https://random27579.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 new file mode 100644 index 000000000..25933cebb --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23791 @@ -0,0 +1,33 @@ +upstream django_server_random31057.example.org { + server unix:/srv/http/random22194/acceptance/website.sock; +} + +server { + listen 80; + server_name random31057.example.org www.random31057.example.org; + + if ($host != 'random31057.example.org') { + rewrite ^/(.*)$ http://random31057.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random22194/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random22194/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31057.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_read_timeout 120; + } + + access_log /var/log/nginx/random22194/acceptance/access.log combined_plus; + error_log /var/log/nginx/random22194/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 new file mode 100644 index 000000000..9db2c07f5 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23803 @@ -0,0 +1,32 @@ +upstream django_server_random16722.example.org { + server unix:/srv/http/random16722.example.org/live/website.sock; +} + +server { + listen 80; + server_name random16722.example.org; + + location ^~ /media/ { + alias /srv/http/random16722.example.org/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random16722.example.org/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16722.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random16722.example.org/live/access.log combined_plus; + error_log /var/log/nginx/random16722.example.org/live/error.log; +} + +server { + server_name www.random16722.example.org; + rewrite ^ http://random16722.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 new file mode 100644 index 000000000..7bd3f2778 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-23838 @@ -0,0 +1,32 @@ +upstream django_server_random14388.example.org { + server unix:/srv/http/random4886/live/website.sock; +} + +server { + listen 80; + server_name random14388.example.org; + + location /media/ { + alias /srv/http/random4886/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random14388.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random4886/live/access.log; + error_log /var/log/nginx/random4886/live/error.log; +} + +server { + server_name www.random14388.example.org; + return 301 http://random14388.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 new file mode 100644 index 000000000..f7efda324 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24125 @@ -0,0 +1,7 @@ +server { + listen 80; + server_name random14996.example.org; + + root /srv/http/random23392/; + index index.html; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 new file mode 100644 index 000000000..1d2b7ec83 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24193 @@ -0,0 +1,62 @@ +upstream django_server_random6177.example.org { + server unix:/srv/http/random550/live/website.sock; +} + +server { + listen 443 ssl; + server_name random2179.example.org; + + ssl_certificate /etc/ssl/public/random2179.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random2179.example.org.key; + + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access.log combined_plus; + error_log /var/log/nginx/random550/live/error.log; +} + +server { + listen 80; + server_name random2179.example.org; + + location /media/ { + alias /srv/http/random550/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/live/static_collected/; + expires 7d; + } + + #location = / { + # return 301 https://random2179.example.org$request_uri; + #} + + location / { + proxy_pass http://django_server_random6177.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/live/access_http.log combined_plus; + error_log /var/log/nginx/random550/live/error_http.log; +} + +server { + server_name random6177.example.org www.random6177.example.org; + return 301 http://random2179.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 new file mode 100644 index 000000000..b23aeae19 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-24213 @@ -0,0 +1,36 @@ +upstream django_server_random22047.example.org { + server unix:/srv/http/random26975/acceptance/website.sock; +} + +server { + listen 80; + server_name random22047.example.org; + + location /media/ { + alias /srv/http/random26975/acceptance/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random22047.example.org; + include /etc/nginx/django_proxy_params; + + satisfy any; + auth_basic 'acceptance for random26975'; + auth_basic_user_file /srv/http/random26975/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random26975/acceptance/access.log; + error_log /var/log/nginx/random26975/acceptance/error.log; +} + +server { + server_name www.random22047.example.org; + return 301 http://random22047.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 new file mode 100644 index 000000000..7628d27d2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-25480 @@ -0,0 +1,32 @@ +upstream django_server_random6193.example.org { + server unix:/srv/http/random4755/live/website.sock; +} + +server { + listen 80; + server_name random6193.example.org www.random6193.example.org; + + if ($host != 'random6193.example.org') { + rewrite ^/(.*)$ http://random6193.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random6193.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/live/access.log combined_plus; + error_log /var/log/nginx/random4755/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 new file mode 100644 index 000000000..232935a51 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26195 @@ -0,0 +1,26 @@ +server { + listen 80; + server_name www.random25446.example.org random25446.example.org; + + if ($host != 'random25446.example.org') { + rewrite ^/(.*)$ http://random25446.example.org/$1 permanent; + } + + location ^~ /media { + alias /srv/http/random17476/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static { + alias /srv/http/random17476/internal/static_collected/; + expires 7d; + } + + location / { + include fastcgi_params; + fastcgi_pass unix:/srv/http/random17476/internal/website.sock; + } + + access_log /var/log/nginx/random17476/internal/access.log combined_plus; + error_log /var/log/nginx/random17476/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 new file mode 100644 index 000000000..8e5893d61 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26221 @@ -0,0 +1,32 @@ +upstream django_server_random4030.example.org { + server unix:/srv/http/random26975/live/website.sock; +} + +server { + listen 80; + server_name random4030.example.org; + + location /media/ { + alias /srv/http/random26975/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random26975/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random4030.example.org; + include /etc/nginx/django_proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random26975/live/access.log; + error_log /var/log/nginx/random26975/live/error.log; +} + +server { + server_name www.random4030.example.org; + return 301 http://random4030.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 new file mode 100644 index 000000000..3ef549982 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26637 @@ -0,0 +1,32 @@ +upstream django_server_random5890.example.org { + server unix:/srv/http/random4755/internal/website.sock; +} + +server { + listen 80; + server_name random5890.example.org; + + if ($host != 'random5890.example.org') { + rewrite ^/(.*)$ http://random5890.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random5890.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random4755/internal/access.log combined_plus; + error_log /var/log/nginx/random4755/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 new file mode 100644 index 000000000..f7cfb854c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-26758 @@ -0,0 +1,21 @@ +server { + listen 80 default_server; + #listen [::]:80 default_server ipv6only=on; + root /var/www/default/; + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/access.log combined_plus; + error_log /var/log/nginx/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 new file mode 100644 index 000000000..9328e2943 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27646 @@ -0,0 +1,37 @@ +upstream django_server_random10783.example.org { + server unix:/srv/http/random4711/acceptance/website.sock; +} + +server { + listen 80; + server_name random10783.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random10783.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + satisfy any; + auth_basic 'acceptance for random4711'; + auth_basic_user_file /srv/http/random4711/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4711/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4711/acceptance/error.log; +} + +server { + server_name www.random10783.example.org; + rewrite ^ http://random10783.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 new file mode 100644 index 000000000..fdef2900c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27728 @@ -0,0 +1,5 @@ +server { + location =/ { + return 404; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 new file mode 100644 index 000000000..5f579971a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27736 @@ -0,0 +1,32 @@ +upstream django_server_random17112.example.org { + server unix:/srv/http/random29467/live/website.sock; +} + +server { + listen 80; + server_name random17112.example.org www.random17112.example.org; + + if ($host != 'random17112.example.org') { + rewrite ^/(.*)$ http://random17112.example.org/$1 permanent; + } + + location ^~ /media/ { + alias /srv/http/random29467/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location ^~ /static/ { + alias /srv/http/random29467/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random17112.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random29467/live/access.log combined_plus; + error_log /var/log/nginx/random29467/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 new file mode 100644 index 000000000..8e455eb9b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-27812 @@ -0,0 +1,36 @@ +upstream django_server_random1296.example.org { + server unix:/srv/http/random2912/acceptance/website.sock; +} + +server { + listen 80; + server_name random1296.example.org; + + location ^~ /media/ { + alias /srv/http/random2912/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random2912/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1296.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random2912'; + auth_basic_user_file /srv/http/random2912/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random2912/acceptance/access.log combined_plus; + error_log /var/log/nginx/random2912/acceptance/error.log; +} + +server { + server_name www.random1296.example.org; + rewrite ^ http://random1296.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 new file mode 100644 index 000000000..3d0ac97ae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28050 @@ -0,0 +1,36 @@ +upstream django_server_random11685.example.org { + server unix:/srv/http/random4886/internal/website.sock; +} + +server { + listen 80; + server_name random11685.example.org; + + location /media/ { + alias /srv/http/random4886/internal/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random4886/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random11685.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random4886'; + auth_basic_user_file /srv/http/random4886/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random4886/internal/access.log; + error_log /var/log/nginx/random4886/internal/error.log; +} + +server { + server_name www.random11685.example.org; + return 301 http://random11685.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 new file mode 100644 index 000000000..69bcb26c0 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-28690 @@ -0,0 +1,32 @@ +upstream django_server_random16112.example.org { + server unix:/srv/http/random24645/live/website.sock; +} + +server { + listen 80; + server_name random16112.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random16112.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24645/live/access.log; + error_log /var/log/nginx/random24645/live/error.log; +} + +server { + server_name www.random16112.example.org; + rewrite ^ http://random16112.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 new file mode 100644 index 000000000..be6481eae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-29159 @@ -0,0 +1,33 @@ +upstream django_server_random29198.example.org { + server unix:/srv/http/random28641/acceptance/website.sock; +} + +server { + listen 80; + server_name random29198.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28641/acceptance/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random29198.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28641'; + auth_basic_user_file /srv/http/random28641/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28641/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28641/acceptance/error.log; +} + +server { + server_name www.random29198.example.org; + rewrite ^ http://random29198.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 new file mode 100644 index 000000000..683aa3226 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-2951 @@ -0,0 +1,67 @@ +server { + listen 80; + #listen [::]:80 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} + +server { + listen 443 default_server; + #listen [::]:443 default_server ipv6only=on; + root /var/www/random616_log/; + server_name random12800.example.org; + + # We created (will create) this SSL certificate ourselves, using our own CA. This way, we can control strictly which CA the XXX trusts. + # See ytec #6244 + # However, we're working on a fix for high SSL overhead. We're hoping to be able to keep the connections open between log POSTs, like SSL can. + ssl on; + ssl_certificate /etc/ssl/public/random12800.example.org.crt; + ssl_certificate_key /etc/ssl/private/random12800.example.org.key; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random12543/access.log combined_plus; + error_log /var/log/nginx/random12543/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 new file mode 100644 index 000000000..479edac5d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30011 @@ -0,0 +1,37 @@ +upstream django_server_random12785.example.org { + server unix:/srv/http/random14353/live/website.sock; +} + +server { + listen 80; + server_name random12785.example.org; + + location /media/ { + alias /srv/http/random14353/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random14353/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random12785.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random14353/live/access.log; + error_log /var/log/nginx/random14353/live/error.log; +} + +server { + server_name www.random12785.example.org; + return 301 http://random12785.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 new file mode 100644 index 000000000..84e44dd7c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-30571 @@ -0,0 +1,31 @@ +upstream django_server_random7150.example.org { + server unix:/srv/http/random550/acceptance/website.sock; +} + +server { + listen 80; + server_name random7150.example.org; + + location /media/ { + alias /srv/http/random550/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random550/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7150.example.org; + include /etc/nginx/django_proxy_params; + } + + access_log /var/log/nginx/random550/acceptance/access.log combined_plus; + error_log /var/log/nginx/random550/acceptance/error.log; +} + +server { + server_name www.random7150.example.org; + return 301 http://random7150.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 new file mode 100644 index 000000000..648693cbc --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-31900 @@ -0,0 +1,33 @@ +upstream django_server_random31131.example.org { + server unix:/srv/http/random24334/internal/website.sock; +} + +server { + listen 80; + server_name random31131.example.org; + + location /media/ { + alias /srv/http/random24334/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random31131.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random24334/internal/access.log combined_plus; + error_log /var/log/nginx/random24334/internal/error.log; +} + +server { + server_name www.random31131.example.org; + return 301 http://random31131.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 new file mode 100644 index 000000000..8c7738c03 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32190 @@ -0,0 +1,4 @@ +server { + server_name www.random5115; + return 301 http://www.random10305.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 new file mode 100644 index 000000000..16f4e5e9e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32279 @@ -0,0 +1,25 @@ +server { + listen 80; + root /home/admin/random19651_log/; + server_name random16339.example.org; + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + + # With php5-fpm: + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + } + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random4235/access.log combined_plus; + error_log /var/log/nginx/random4235/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 new file mode 100644 index 000000000..e9c986ff1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32317 @@ -0,0 +1,32 @@ +upstream django_server_random21989.example.org { + server unix:/srv/http/random28136/acceptance/website.sock; +} + +server { + listen 80; + server_name random21989.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/acceptance/website/static/$1; + expires 7d; + } + + location / { + proxy_pass http://django_server_random21989.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'acceptance for random28136'; + auth_basic_user_file /srv/http/random28136/acceptance/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random28136/acceptance/access.log combined_plus; + error_log /var/log/nginx/random28136/acceptance/error.log; +} + +server { + server_name www.random21989.example.org; + rewrite ^ http://random21989.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 new file mode 100644 index 000000000..66929620f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-32438 @@ -0,0 +1,46 @@ +upstream django_server_random1769.example.org { + server unix:/srv/http/random7047/acceptance/website.sock; +} + +server { + listen 80; + server_name random1769.example.org; + + if ($host != 'random1769.example.org') { + rewrite ^/(.*)$ http://random1769.example.org/$1 permanent; + } + + rewrite ^/(.*) https://$host:8444/$1; +} + +server { + listen 8444; + server_name random1769.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random6822.example.org.crt; + ssl_certificate_key /etc/ssl/private/random6822.example.org.key; + + location ^~ /media/ { + alias /srv/http/random7047/acceptance/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7047/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1769.example.org; + include /etc/nginx/proxy_params; + + #satisfy any; + #auth_basic 'acceptance for random7047'; + #auth_basic_user_file /srv/http/random7047/acceptance/htpasswords; + #include /etc/nginx/allow_ytec_ips_params; + #deny all; + } + + access_log /var/log/nginx/random7047/acceptance/access.log combined_plus; + error_log /var/log/nginx/random7047/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 new file mode 100644 index 000000000..7a415c293 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3483 @@ -0,0 +1,32 @@ +server { + listen 80; + server_name random9761.example.org; + + + location ~ /static/(.*)$ { + alias /srv/http/random14537/static_collected/$1; + expires 7d; + } + + location ~ /media/(.*)$ { + alias /srv/http/random14537/dynamic/public/$1; + expires 7d; + include upload_folder_security_params; + } + + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:81; + proxy_connect_timeout 120; + proxy_read_timeout 120; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/random14537/access.log combined_plus; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 new file mode 100644 index 000000000..0fdca78d7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3507 @@ -0,0 +1,44 @@ +server { + listen 80; + server_name random3674.example.org www.random3674.example.org; + + root /srv/http/random3674.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random3674.example.org/access.log combined_plus; + error_log /var/log/nginx/random3674.example.org/error.log; +} + +server { + listen 80; + server_name random27569.example.org www.random27569.example.org; + + root /srv/http/random27569.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random27569.example.org/access.log combined_plus; + error_log /var/log/nginx/random27569.example.org/error.log; +} + +server { + listen 80; + server_name random11055.example.org www.random11055.example.org; + + root /srv/http/random11055.example.org; + index index.html index.htm; + + location / { + try_files $uri $uri/ =404; + } + + access_log /var/log/nginx/random11055.example.org/access.log combined_plus; + error_log /var/log/nginx/random11055.example.org/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 new file mode 100644 index 000000000..1180f2eb1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-3874 @@ -0,0 +1,46 @@ +upstream django_server_random7267.example.org { + server unix:/srv/http/random24334/live/website.sock; +} + +server { + listen 80; + listen 443 ssl; + + server_name random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + location /media/ { + alias /srv/http/random24334/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random24334/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random7267.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random24334/live/access.log combined_plus; + error_log /var/log/nginx/random24334/live/error.log; +} + +server { + listen 80; + listen 443 ssl; + + server_name www.random7267.example.org; + + ssl_certificate /etc/ssl/public/random7267.example.org_chained.crt; + ssl_certificate_key /etc/ssl/private/random7267.example.org.key; + + return 301 http://random7267.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 new file mode 100644 index 000000000..1a1deb96b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4035 @@ -0,0 +1,31 @@ +upstream django_server_random2104.example.org { + server unix:/srv/http/random28136/live/website.sock; +} + +server { + listen 80; + server_name www.random2104.example.org; + + location ~ /static/(.*)$ { + alias /srv/http/random28136/live/website/static/$1; + expires 7d; + } + + + location / { + proxy_pass http://django_server_random2104.example.org; + include /etc/nginx/proxy_params; + proxy_connect_timeout 240; + proxy_read_timeout 240; + + # You can configure access rules here + } + + access_log /var/log/nginx/random28136/live/access.log combined_plus; + error_log /var/log/nginx/random28136/live/error.log; +} + +server { + server_name random2104.example.org; + rewrite ^ http://www.random2104.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 new file mode 100644 index 000000000..add683007 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4143 @@ -0,0 +1,33 @@ +upstream django_server_random24919.example.org { + server unix:/srv/http/random7831/live/website.sock; +} + +server { + listen 80; + server_name random24919.example.org; + + location ^~ /media/ { + alias /srv/http/random7831/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random7831/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random24919.example.org; + include /etc/nginx/proxy_params; + + proxy_connect_timeout 240; + proxy_read_timeout 240; + } + + access_log /var/log/nginx/random7831/live/access.log combined_plus; + error_log /var/log/nginx/random7831/live/error.log; +} + +server { + server_name www.random24919.example.org; + rewrite ^ http://random24919.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 new file mode 100644 index 000000000..ef347862f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-4264 @@ -0,0 +1,12 @@ +# vhost created by moving from marauder, but there it was an apache vhost. + +server { + listen 80; + server_name random3080.example.org www.random3080.example.org random26833.example.org www.random26833.example.org; + + root /srv/http/random10391.example.org/; + + if ($request_uri != '/googleYYYYYYYYYYYYYYYY.html') { + rewrite ^ http://random10305.example.org/ permanent; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 new file mode 100644 index 000000000..bcfc662b2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5826 @@ -0,0 +1,38 @@ +upstream django_server_random1107.example.org { + server unix:/srv/http/random4755/acceptance/website.sock; +} + +server { + listen 80; + server_name random1107.example.org www.random1107.example.org; + + if ($host != 'random1107.example.org') { + rewrite ^/(.*)$ http://random1107.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random4755/acceptance/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random4755/acceptance/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random1107.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + satisfy any; + allow 89.188.25.162; + auth_basic "random4755 acceptance"; + auth_basic_user_file htpasswords/random4755_acceptance; + + } + + access_log /var/log/nginx/random4755/acceptance/access.log combined_plus; + error_log /var/log/nginx/random4755/acceptance/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 new file mode 100644 index 000000000..fe41f9872 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-5872 @@ -0,0 +1,36 @@ +upstream django_server_random8404.example.org { + server unix:/srv/http/random1006/internal/website.sock; +} + +server { + listen 80; + server_name random8404.example.org; + + location ^~ /media/ { + alias /srv/http/random1006/internal/website/static/; + expires 7d; + } + #location ^~ /static/ { + # alias /srv/http/random1006/internal/website/static/; + # expires 7d; + #} + + location / { + proxy_pass http://django_server_random8404.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random1006'; + auth_basic_user_file /srv/http/random1006/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random1006/internal/access.log combined_plus; + error_log /var/log/nginx/random1006/internal/error.log; +} + +server { + server_name www.random8404.example.org; + rewrite ^ http://random8404.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 new file mode 100644 index 000000000..d5c157e88 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-6228 @@ -0,0 +1,39 @@ +upstream django_server_random15255_intern { + server unix:/srv/http/random15255/intern/website.sock fail_timeout=5; +} + +server { + listen 80; + server_name random11459.example.org www.random11459.example.org; + + if ($host != 'random11459.example.org') { + rewrite ^/(.*)$ http://random11459.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random15255/internal/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random15255/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random15255_intern; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + + satisfy any; + auth_basic 'random191 internal'; + auth_basic_user_file /srv/http/random15255/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random15255/internal/access.log combined_plus; + error_log /var/log/nginx/random15255/internal/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 new file mode 100644 index 000000000..4a49ea47e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-7895 @@ -0,0 +1,32 @@ +upstream django_server_random20084.example.org { + server unix:/srv/http/random1540/live/website.sock; +} + +server { + listen 80; + server_name random3969.example.org www.random20084.example.org random20084.example.org; + + if ($host != 'www.random20084.example.org') { + rewrite ^/(.*)$ http://www.random20084.example.org/$1 permanent; + } + + location /media/ { + alias /srv/http/random1540/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random1540/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20084.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + access_log /var/log/nginx/random1540/live/access.log combined_plus; + error_log /var/log/nginx/random1540/live/error.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 new file mode 100644 index 000000000..9e0d39d47 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8343 @@ -0,0 +1,36 @@ +upstream django_server_random29577.example.org { + server unix:/srv/http/random24645/internal/website.sock; +} + +server { + listen 80; + server_name random29577.example.org; + + location ^~ /media/ { + alias /srv/http/random24645/internal/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24645/internal/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random29577.example.org; + include /etc/nginx/proxy_params; + + satisfy any; + auth_basic 'internal for random24645'; + auth_basic_user_file /srv/http/random24645/internal/htpasswords; + include /etc/nginx/allow_ytec_ips_params; + deny all; + } + + access_log /var/log/nginx/random24645/internal/access.log; + error_log /var/log/nginx/random24645/internal/error.log; +} + +server { + server_name www.random29577.example.org; + rewrite ^ http://random29577.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 new file mode 100644 index 000000000..c3b979b4e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8422 @@ -0,0 +1,46 @@ +upstream django_server_random25771.example.org { + server unix:/srv/http/random4711/live/website.sock; +} + +server { + listen 80; + server_name random25771.example.org; + + location ^~ /media/ { + alias /srv/http/random4711/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random4711/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random25771.example.org; + include /etc/nginx/proxy_params; + proxy_read_timeout 4m; + + # You can configure access rules here + } + + client_max_body_size 25m; + + access_log /var/log/nginx/random4711/live/access.log combined_plus; + error_log /var/log/nginx/random4711/live/error.log; +} + +server { + server_name www.random25771.example.org; + server_name *.random17707.example.org; + server_name *.random22274.example.org; + server_name *.random26333.example.org; + server_name *.random10742.example.org; + server_name *.random8297.example.org; + server_name *.random18250.example.org; + server_name *.random30184.example.org; + server_name *.random27005.example.org; + server_name *.random12286.example.org; + server_name *.random28076.example.org; + server_name *.random26194.example.org; + rewrite ^ http://random25771.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 new file mode 100644 index 000000000..91e31bbfd --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8637 @@ -0,0 +1,40 @@ +upstream django_server_random27891.example.org { + server unix:/srv/http/random6344/live/website.sock; +} + +server { + listen 443; + server_name random27891.example.org; + + ssl on; + ssl_certificate /etc/ssl/public/random27891.example.org.bundle.crt; + ssl_certificate_key /etc/ssl/private/random27891.example.org.key; + + location /media/ { + alias /srv/http/random6344/live/dynamic/public/; + expires 7d; + include upload_folder_security_params; + } + location /static/ { + alias /srv/http/random6344/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27891.example.org; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Protocol $scheme; + } + + access_log /var/log/nginx/random6344/live/access.log combined_plus; + error_log /var/log/nginx/random6344/live/error.log; +} + +server { + listen 80; + server_name random27891.example.org; + + return 301 https://random27891.example.org$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 new file mode 100644 index 000000000..3fe9c4011 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-8662 @@ -0,0 +1,32 @@ +upstream django_server_random27507.example.org { + server unix:/srv/http/random24211/live/website.sock; +} + +server { + listen 80; + server_name random27507.example.org; + + location ^~ /media/ { + alias /srv/http/random24211/live/dynamic/public/; + expires 7d; + } + location ^~ /static/ { + alias /srv/http/random24211/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random27507.example.org; + include /etc/nginx/proxy_params; + + # You can configure access rules here + } + + access_log /var/log/nginx/random24211/live/access.log combined_plus; + error_log /var/log/nginx/random24211/live/error.log; +} + +server { + server_name www.random27507.example.org; + rewrite ^ http://random27507.example.org$request_uri permanent; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 new file mode 100644 index 000000000..90dad9601 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/79-configs/site-9426 @@ -0,0 +1,111 @@ +upstream django_server_random20374.nl { + server unix:/srv/http/random20374/live/website.sock; +} + +server { + listen 80; + + # Main domain + server_name random9123.example.org; + + # So called mini-sites, resulting in landing pages for Google. + server_name random16942.example.org; + server_name random23560.example.org; + server_name random17636.example.org; + server_name random13969.example.org; + server_name random4892.example.org; + server_name random24240.example.org; + server_name random25863.example.org; + server_name random26503.example.org; + server_name random5090.example.org; + server_name random1856.example.org; + server_name random2911.example.org; + server_name random16405.example.org; + + location /media/ { + alias /srv/http/random20374/live/dynamic/public/; + expires 7d; + } + location /static/ { + alias /srv/http/random20374/live/static_collected/; + expires 7d; + } + + location / { + proxy_pass http://django_server_random20374.nl; + include /etc/nginx/proxy_params; + } + + access_log /var/log/nginx/random20374/live/access.log combined_plus; + error_log /var/log/nginx/random20374/live/error.log; +} + +server { + server_name www.random9123.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random1825.example.org random1825.example.org; + return 301 $scheme://random9123.example.org$request_uri; +} + +server { + server_name www.random16942.example.org; + return 301 $scheme://random16942.example.org; +} + +server { + server_name www.random23560.example.org; + return 301 $scheme://random23560.example.org; +} + +server { + server_name www.random17636.example.org; + return 301 $scheme://random17636.example.org; +} + +server { + server_name www.random13969.example.org; + return 301 $scheme://random13969.example.org; +} + +server { + server_name www.random4892.example.org; + return 301 $scheme://random4892.example.org; +} + +server { + server_name www.random24240.example.org; + return 301 $scheme://random24240.example.org; +} + +server { + server_name www.random25863.example.org; + return 301 $scheme://random25863.example.org; +} + +server { + server_name www.random26503.example.org; + return 301 $scheme://random26503.example.org; +} + +server { + server_name www.random5090.example.org; + return 301 $scheme://random5090.example.org; +} + +server { + server_name www.random1856.example.org; + return 301 $scheme://random1856.example.org; +} + +server { + server_name www.random2911.example.org; + return 301 $scheme://random2911.example.org; +} + +server { + server_name www.random16405.example.org; + return 301 $scheme://random16405.example.org; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost new file mode 100644 index 000000000..71344abea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/activecolab/www.example.com.vhost @@ -0,0 +1,44 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location / { + try_files $uri $uri/ /index.php?path_info=$uri&$args; + access_log off; + expires max; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf new file mode 100644 index 000000000..056987136 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi.conf @@ -0,0 +1,9 @@ +#-*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### fastcgi configuration. +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +include fastcgi_params; +fastcgi_buffers 256 4k; +fastcgi_intercept_errors on; +## allow 4 hrs - pass timeout responsibility to upstrea +fastcgi_read_timeout 14400; +fastcgi_index index.php; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params new file mode 100644 index 000000000..4a7f26920 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/fastcgi_params @@ -0,0 +1,32 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### fastcgi parameters. +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + +## PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; +## HTTPS 'on' parameter. This requires Nginx version 1.1.11 or +## later. The if_not_empty flag was introduced in 1.1.11. See: +## http://nginx.org/en/CHANGES. If using a version that doesn't +## support this comment out the line below. +fastcgi_param HTTPS $https if_not_empty; +## For Nginx versions below 1.1.11 uncomment the line below after commenting out the above. +#fastcgi_param HTTPS $https diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf new file mode 100644 index 000000000..e7974ff6a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-utf @@ -0,0 +1,109 @@ + +# This map is not a full koi8-r <> utf8 map: it does not contain +# box-drawing and some other characters. Besides this map contains +# several koi8-u and Byelorussian letters which are not in koi8-r. +# If you need a full and standard map, use contrib/unicode2nginx/koi-utf +# map instead. + +charset_map koi8-r utf-8 { + + 80 E282AC ; # euro + + 95 E280A2 ; # bullet + + 9A C2A0 ; # + + 9E C2B7 ; # · + + A3 D191 ; # small yo + A4 D194 ; # small Ukrainian ye + + A6 D196 ; # small Ukrainian i + A7 D197 ; # small Ukrainian yi + + AD D291 ; # small Ukrainian soft g + AE D19E ; # small Byelorussian short u + + B0 C2B0 ; # ° + + B3 D081 ; # capital YO + B4 D084 ; # capital Ukrainian YE + + B6 D086 ; # capital Ukrainian I + B7 D087 ; # capital Ukrainian YI + + B9 E28496 ; # numero sign + + BD D290 ; # capital Ukrainian soft G + BE D18E ; # capital Byelorussian short U + + BF C2A9 ; # (C) + + C0 D18E ; # small yu + C1 D0B0 ; # small a + C2 D0B1 ; # small b + C3 D186 ; # small ts + C4 D0B4 ; # small d + C5 D0B5 ; # small ye + C6 D184 ; # small f + C7 D0B3 ; # small g + C8 D185 ; # small kh + C9 D0B8 ; # small i + CA D0B9 ; # small j + CB D0BA ; # small k + CC D0BB ; # small l + CD D0BC ; # small m + CE D0BD ; # small n + CF D0BE ; # small o + + D0 D0BF ; # small p + D1 D18F ; # small ya + D2 D180 ; # small r + D3 D181 ; # small s + D4 D182 ; # small t + D5 D183 ; # small u + D6 D0B6 ; # small zh + D7 D0B2 ; # small v + D8 D18C ; # small soft sign + D9 D18B ; # small y + DA D0B7 ; # small z + DB D188 ; # small sh + DC D18D ; # small e + DD D189 ; # small shch + DE D187 ; # small ch + DF D18A ; # small hard sign + + E0 D0AE ; # capital YU + E1 D090 ; # capital A + E2 D091 ; # capital B + E3 D0A6 ; # capital TS + E4 D094 ; # capital D + E5 D095 ; # capital YE + E6 D0A4 ; # capital F + E7 D093 ; # capital G + E8 D0A5 ; # capital KH + E9 D098 ; # capital I + EA D099 ; # capital J + EB D09A ; # capital K + EC D09B ; # capital L + ED D09C ; # capital M + EE D09D ; # capital N + EF D09E ; # capital O + + F0 D09F ; # capital P + F1 D0AF ; # capital YA + F2 D0A0 ; # capital R + F3 D0A1 ; # capital S + F4 D0A2 ; # capital T + F5 D0A3 ; # capital U + F6 D096 ; # capital ZH + F7 D092 ; # capital V + F8 D0AC ; # capital soft sign + F9 D0AB ; # capital Y + FA D097 ; # capital Z + FB D0A8 ; # capital SH + FC D0AD ; # capital E + FD D0A9 ; # capital SHCH + FE D0A7 ; # capital CH + FF D0AA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win new file mode 100644 index 000000000..72afabe89 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/koi-win @@ -0,0 +1,103 @@ + +charset_map koi8-r windows-1251 { + + 80 88 ; # euro + + 95 95 ; # bullet + + 9A A0 ; # + + 9E B7 ; # · + + A3 B8 ; # small yo + A4 BA ; # small Ukrainian ye + + A6 B3 ; # small Ukrainian i + A7 BF ; # small Ukrainian yi + + AD B4 ; # small Ukrainian soft g + AE A2 ; # small Byelorussian short u + + B0 B0 ; # ° + + B3 A8 ; # capital YO + B4 AA ; # capital Ukrainian YE + + B6 B2 ; # capital Ukrainian I + B7 AF ; # capital Ukrainian YI + + B9 B9 ; # numero sign + + BD A5 ; # capital Ukrainian soft G + BE A1 ; # capital Byelorussian short U + + BF A9 ; # (C) + + C0 FE ; # small yu + C1 E0 ; # small a + C2 E1 ; # small b + C3 F6 ; # small ts + C4 E4 ; # small d + C5 E5 ; # small ye + C6 F4 ; # small f + C7 E3 ; # small g + C8 F5 ; # small kh + C9 E8 ; # small i + CA E9 ; # small j + CB EA ; # small k + CC EB ; # small l + CD EC ; # small m + CE ED ; # small n + CF EE ; # small o + + D0 EF ; # small p + D1 FF ; # small ya + D2 F0 ; # small r + D3 F1 ; # small s + D4 F2 ; # small t + D5 F3 ; # small u + D6 E6 ; # small zh + D7 E2 ; # small v + D8 FC ; # small soft sign + D9 FB ; # small y + DA E7 ; # small z + DB F8 ; # small sh + DC FD ; # small e + DD F9 ; # small shch + DE F7 ; # small ch + DF FA ; # small hard sign + + E0 DE ; # capital YU + E1 C0 ; # capital A + E2 C1 ; # capital B + E3 D6 ; # capital TS + E4 C4 ; # capital D + E5 C5 ; # capital YE + E6 D4 ; # capital F + E7 C3 ; # capital G + E8 D5 ; # capital KH + E9 C8 ; # capital I + EA C9 ; # capital J + EB CA ; # capital K + EC CB ; # capital L + ED CC ; # capital M + EE CD ; # capital N + EF CE ; # capital O + + F0 CF ; # capital P + F1 DF ; # capital YA + F2 D0 ; # capital R + F3 D1 ; # capital S + F4 D2 ; # capital T + F5 D3 ; # capital U + F6 C6 ; # capital ZH + F7 C2 ; # capital V + F8 DC ; # capital soft sign + F9 DB ; # capital Y + FA C7 ; # capital Z + FB D8 ; # capital SH + FC DD ; # capital E + FD D9 ; # capital SHCH + FE D7 ; # capital CH + FF DA ; # capital hard sign +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf new file mode 100644 index 000000000..a8d62223a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/map_https_fcgi.conf @@ -0,0 +1,7 @@ +# -*- mode: conf; mode: flyspell-prog; ispell-local-dictionary: "american" -*- +### Implement the $https_if_not_empty variable for Nginx versions below 1.1.11. + +map $scheme $https { + default ''; + https on; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types new file mode 100644 index 000000000..618b8f8e7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/mime.types @@ -0,0 +1,77 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-current-dictionary: american -*- +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + application/atom+xml atom; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.ms-excel xls; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.wap.xhtml+xml xhtml; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + + # Mime types for web fonts. Stolen from here: + # http://seconddrawer.com.au/blog/ in part. + application/x-font-ttf ttf; + font/opentype otf; + application/vnd.ms-fontobject eot; + application/x-woff woff; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf new file mode 100644 index 000000000..22ad4c317 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/nginx.conf @@ -0,0 +1,119 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +user www-data; +worker_processes 4; + +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; + ## epoll is preferred on 2.6 Linux + ## kernels. Cf. http://www.kegel.com/c10k.html#nb.epoll + use epoll; + ## Accept as many connections as possible. + multi_accept on; +} + +http { + ## MIME types. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## FastCGI. + include /etc/nginx/fastcgi.conf; + + ## Default log and error files. + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## Use sendfile() syscall to speed up I/O operations and speed up + ## static file serving. + sendfile on; + ## Handling of IPs in proxied and load balancing situations. + set_real_ip_from 0.0.0.0/32; # all addresses get a real IP. + real_ip_header X-Forwarded-For; # the ip is forwarded from the load balancer/proxy + + ## Define a zone for limiting the number of simultaneous + ## connections nginx accepts. 1m means 32000 simultaneous + ## sessions. We need to define for each server the limit_conn + ## value refering to this or other zones. + ## ** This syntax requires nginx version >= + ## ** 1.1.8. Cf. http://nginx.org/en/CHANGES. If using an older + ## ** version then use the limit_zone directive below + ## ** instead. Comment out this + ## ** one if not using nginx version >= 1.1.8. + limit_conn_zone $binary_remote_addr zone=arbeit:10m; + + ## Timeouts. + client_body_timeout 60; + client_header_timeout 60; + keepalive_timeout 10 10; + send_timeout 60; + + ## Reset lingering timed out connections. Deflect DDoS. + reset_timedout_connection on; + + ## Body size. + client_max_body_size 10m; + + ## TCP options. + tcp_nodelay on; + tcp_nopush on; + + ## Compression. + gzip on; + gzip_buffers 16 8k; + gzip_comp_level 1; + gzip_http_version 1.1; + gzip_min_length 10; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf; + gzip_vary on; + gzip_proxied any; # Compression for all requests. + ## No need for regexps. See + ## http://wiki.nginx.org/NginxHttpGzipModule#gzip_disable + gzip_disable "msie6"; + + ## Serve already compressed files directly, bypassing on-the-fly + ## compression. + gzip_static on; + + ## Hide the Nginx version number. + server_tokens off; + + ## Use a SSL/TLS cache for SSL session resume. This needs to be + ## here (in this context, for session resumption to work. See this + ## thread on the Nginx mailing list: + ## http://nginx.org/pipermail/nginx/2010-November/023736.html. + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + ## For the filefield_nginx_progress module to work. From the + ## README. Reserve 1MB under the name 'uploads' to track uploads. + upload_progress uploads 1m; + + ## Enable clickjacking protection in modern browsers. Available in + ## IE8 also. See + ## https://developer.mozilla.org/en/The_X-FRAME-OPTIONS_response_header + add_header X-Frame-Options sameorigin; + + ## Include the upstream servers for PHP FastCGI handling config. + include upstream_phpcgi.conf; + + ## If using Nginx version >= 1.1.11 then there's a $https variable + ## that has the value 'on' if the used scheme is https and '' if not. + ## See: http://trac.nginx.org/nginx/changeset/4380/nginx + ## http://trac.nginx.org/nginx/changeset/4333/nginx and + ## http://trac.nginx.org/nginx/changeset/4334/nginx. If using a + ## previous version then uncomment out the line below. + #include map_https_fcgi.conf; + + ## Include the upstream servers for Apache handling the PHP + ## processes. In this case Nginx functions as a reverse proxy. + #include reverse_proxy.conf; + #include upstream_phpapache.conf; + + ## Include all vhosts. + include /etc/nginx/sites-enabled/*; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf new file mode 100644 index 000000000..ee0faadd7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf @@ -0,0 +1,10 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- + +### Configuration for reverse proxy. Passing the necessary headers to +### the backend. Nginx doesn't tunnel the connection, it opens a new +### one. Hence whe need to send these headers to the backend so that +### the client(s) IP is available to them. The host is also sent. + +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header Host $http_host; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default new file mode 100644 index 000000000..9dbaa44ff --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/000-default @@ -0,0 +1,19 @@ +# -*-mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Block all illegal host headers. Taken from a discussion on nginx +### forums. Cf. http://forum.nginx.org/read.php?2,3482,3518 following +### a suggestion by Maxim Dounin. Also suggested in +### http://nginx.org/en/docs/http/request_processing.html. +server { + listen [::]:80 default_server; + # Uncomment the line below and comment the above if you're + # running a Nginx version less than 0.8.20. + # listen [::]:80 default; + + # Accept redirects based on the value of the Host header. If + # there's no valid vhost configuration file with a + # corresponding server_name directive then signal an error and + # fail silently. See: + # http://wiki.nginx.org/NginxHttpCoreModule#server_name_in_redirect + server_name_in_redirect off; + return 444; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf new file mode 100644 index 000000000..e77024456 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/chive.example.com.conf @@ -0,0 +1,102 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Nginx configuration for Chive. + +server { + ## This is to avoid the spurious if for sub-domain name + ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name. + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + server_name www.chive.example.com; + + return 301 $scheme://chive.example.com$request_uri; + +} # server domain rewrite. + +server { + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + limit_conn arbeit 32; + server_name chive.example.com; + + ## Parameterization using hostname of access and log filenames. + access_log /var/log/nginx/chive.example.com_access.log; + error_log /var/log/nginx/chive.example.com_error.log; + + root /var/www/sites/chive.example.com; + index index.php index.html; + + ## Support for favicon. Return a 204 (No Content) if the favicon + ## doesn't exist. + location = /favicon.ico { + try_files /favicon.ico =204; + } + + ## The main location is accessed using Basic Auth. + location / { + ## Access is restricted. + auth_basic "Restricted Access"; # auth realm + auth_basic_user_file .htpasswd-users; # htpasswd file + + ## Use PATH_INFO for translating the requests to the + ## FastCGI. This config follows Igor's suggestion here: + ## http://forum.nginx.org/read.php?2,124378,124582. + ## This is preferable to using: + ## fastcgi_split_path_info ^(.+\.php)(.*)$ + ## It saves one regex in the location. Hence it's faster. + location ~ ^(?<script>.+\.php)(?<path_info>.*)$ { + include fastcgi.conf; + ## The fastcgi_params must be redefined from the ones + ## given in fastcgi.conf. No longer standard names + ## but arbitrary: named patterns in regex. + fastcgi_param SCRIPT_FILENAME $document_root$script; + fastcgi_param SCRIPT_NAME $script; + fastcgi_param PATH_INFO $path_info; + ## Passing the request upstream to the FastCGI + ## listener. + fastcgi_pass phpcgi; + } + + ## Protect these locations. Replicating the .htaccess + ## rules throughout the chive distro. + location /protected { + internal; + } + + location /yii { + internal; + } + + ## Static file handling. + location ~* .+\.(?:css|gif|htc|js|jpe?g|png|swf)$ { + expires max; + ## No need to bleed constant updates. Send the all shebang in one + ## fell swoop. + tcp_nodelay off; + ## Set the OS file cache. + open_file_cache max=100 inactive=120s; + open_file_cache_valid 45s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + } + } + + ## We need to capture the case where the index.php is missing, + ## hence we drop out of the path info thingie. + location ~* /([^\.])$ { + return 302 /index.php/$1; + } + + ## Close up git repo access. + location ^~ /.git { + return 404; + } + +} # server diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/secure.chive.example.com.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/secure.chive.example.com.conf new file mode 100644 index 000000000..7b25ac209 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/sites-available/secure.chive.example.com.conf @@ -0,0 +1,135 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- +### Nginx configuration for Chive with HTTPS. + +server { + ## This is to avoid the spurious if for sub-domain name + ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name. + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + server_name chive.example.com; + return 301 https://chive.example.com$request_uri; + +} # server domain rewrite. + +server { + ## This is to avoid the spurious if for sub-domain name + ## rewriting. See http://wiki.nginx.org/Pitfalls#Server_Name. + listen 80; # IPv4 + + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:80 ipv6only=on; + + listen 443 ssl; # IPv4 + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:443 ssl ipv6only=on; + + server_name www.chive.example.com; + + ## Server certificate and key. + ssl_certificate /etc/ssl/certs/chive.example.com-cert.pem; + ssl_certificate_key /etc/ssl/private/chive.example.com-key.pem; + + ## Use only HTTPS. + return 301 https://chive.example.com$request_uri; + +} # server domain rewrite. + +server { + listen 443 ssl; # IPv4 + ## Replace the IPv6 address by your own address. The address below + ## was stolen from the wikipedia page on IPv6. + listen [fe80::202:b3ff:fe1e:8329]:443 ssl ipv6only=on; + + limit_conn arbeit 32; + server_name chive.example.com; + + ## Keep alive timeout set to a greater value for SSL/TLS. + keepalive_timeout 75 75; + + ## Parameterization using hostname of access and log filenames. + access_log /var/log/nginx/chive.example.com_access.log; + error_log /var/log/nginx/chive.example.com_error.log; + + ## Server certificate and key. + ssl_certificate /etc/ssl/certs/chive.example.com-cert.pem; + ssl_certificate_key /etc/ssl/private/chive.example.com-key.pem; + + ## Strict Transport Security header for enhanced security. See + ## http://www.chromium.org/sts. + add_header Strict-Transport-Security "max-age=12960000"; + + root /var/www/sites/chive.example.com/; + index index.php index.html; + + ## Support for favicon. Return a 204 (No Content) if the favicon + ## doesn't exist. + location = /favicon.ico { + try_files /favicon.ico =204; + } + + ## The main location is accessed using Basic Auth. + location / { + ## Access is restricted. + auth_basic "Restricted Access"; # auth realm + auth_basic_user_file .htpasswd-users; # htpasswd file + + ## Use PATH_INFO for translating the requests to the + ## FastCGI. This config follows Igor's suggestion here: + ## http://forum.nginx.org/read.php?2,124378,124582. + ## This is preferable to using: + ## fastcgi_split_path_info ^(.+\.php)(.*)$ + ## It saves one regex in the location. Hence it's faster. + location ~ ^(?<script>.+\.php)(?<path_info>.*)$ { + include fastcgi.conf; + ## The fastcgi_params must be redefined from the ones + ## given in fastcgi.conf. No longer standard names + ## but arbitrary: named patterns in regex. + fastcgi_param SCRIPT_FILENAME $document_root$script; + fastcgi_param SCRIPT_NAME $script; + fastcgi_param PATH_INFO $path_info; + ## Passing the request upstream to the FastCGI + ## listener. + fastcgi_pass php-cgi; + } + + ## Protect these locations. Replicating the .htaccess + ## rules throughout the chive distro. + location /protected { + internal; + } + location /yii { + internal; + } + + ## Static file handling. + location ~* .+\.(?:css|gif|htc|js|jpe?g|png)$ { + expires max; + ## No need to bleed constant updates. Send the all shebang in one + ## fell swoop. + tcp_nodelay off; + ## Set the OS file cache. + open_file_cache max=100 inactive=120s; + open_file_cache_valid 45s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + } + } + + ## We need to capture the case where the index.php is missing, + ## hence we drop out of the path info thingie. + location ~* /([^\.])$ { + return 302 /index.php/$1; + } + + ## Close up git repo access. + location ^~ /.git { + return 404; + } + +} # server diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpapache.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpapache.conf new file mode 100644 index 000000000..488c8ef6a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpapache.conf @@ -0,0 +1,8 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- + +### Upstream configuration for Apache functioning has a PHP handler. + +## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule. +upstream phpapache { + server 127.0.0.1:8080; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpcgi.conf new file mode 100644 index 000000000..cf770685e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/upstream_phpcgi.conf @@ -0,0 +1,8 @@ +# -*- mode: nginx; mode: flyspell-prog; mode: autopair; ispell-local-dictionary: "american" -*- + +### Upstream configuration for PHP FastCGI. + +## Add as many servers as needed. Cf. http://wiki.nginx.org/HttpUpstreamModule. +upstream phpcgi { + server unix:/var/run/php-fpm.sock; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/win-utf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/win-utf new file mode 100644 index 000000000..ed8bc007a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/win-utf @@ -0,0 +1,126 @@ + +# This map is not a full windows-1251 <> utf8 map: it does not +# contain Serbian and Macedonian letters. If you need a full map, +# use contrib/unicode2nginx/win-utf map instead. + +charset_map windows-1251 utf-8 { + + 82 E2809A ; # single low-9 quotation mark + + 84 E2809E ; # double low-9 quotation mark + 85 E280A6 ; # ellipsis + 86 E280A0 ; # dagger + 87 E280A1 ; # double dagger + 88 E282AC ; # euro + 89 E280B0 ; # per mille + + 91 E28098 ; # left single quotation mark + 92 E28099 ; # right single quotation mark + 93 E2809C ; # left double quotation mark + 94 E2809D ; # right double quotation mark + 95 E280A2 ; # bullet + 96 E28093 ; # en dash + 97 E28094 ; # em dash + + 99 E284A2 ; # trade mark sign + + A0 C2A0 ; # + A1 D18E ; # capital Byelorussian short U + A2 D19E ; # small Byelorussian short u + + A4 C2A4 ; # currency sign + A5 D290 ; # capital Ukrainian soft G + A6 C2A6 ; # borken bar + A7 C2A7 ; # section sign + A8 D081 ; # capital YO + A9 C2A9 ; # (C) + AA D084 ; # capital Ukrainian YE + AB C2AB ; # left-pointing double angle quotation mark + AC C2AC ; # not sign + AD C2AD ; # soft hypen + AE C2AE ; # (R) + AF D087 ; # capital Ukrainian YI + + B0 C2B0 ; # ° + B1 C2B1 ; # plus-minus sign + B2 D086 ; # capital Ukrainian I + B3 D196 ; # small Ukrainian i + B4 D291 ; # small Ukrainian soft g + B5 C2B5 ; # micro sign + B6 C2B6 ; # pilcrow sign + B7 C2B7 ; # · + B8 D191 ; # small yo + B9 E28496 ; # numero sign + BA D194 ; # small Ukrainian ye + BB C2BB ; # right-pointing double angle quotation mark + + BF D197 ; # small Ukrainian yi + + C0 D090 ; # capital A + C1 D091 ; # capital B + C2 D092 ; # capital V + C3 D093 ; # capital G + C4 D094 ; # capital D + C5 D095 ; # capital YE + C6 D096 ; # capital ZH + C7 D097 ; # capital Z + C8 D098 ; # capital I + C9 D099 ; # capital J + CA D09A ; # capital K + CB D09B ; # capital L + CC D09C ; # capital M + CD D09D ; # capital N + CE D09E ; # capital O + CF D09F ; # capital P + + D0 D0A0 ; # capital R + D1 D0A1 ; # capital S + D2 D0A2 ; # capital T + D3 D0A3 ; # capital U + D4 D0A4 ; # capital F + D5 D0A5 ; # capital KH + D6 D0A6 ; # capital TS + D7 D0A7 ; # capital CH + D8 D0A8 ; # capital SH + D9 D0A9 ; # capital SHCH + DA D0AA ; # capital hard sign + DB D0AB ; # capital Y + DC D0AC ; # capital soft sign + DD D0AD ; # capital E + DE D0AE ; # capital YU + DF D0AF ; # capital YA + + E0 D0B0 ; # small a + E1 D0B1 ; # small b + E2 D0B2 ; # small v + E3 D0B3 ; # small g + E4 D0B4 ; # small d + E5 D0B5 ; # small ye + E6 D0B6 ; # small zh + E7 D0B7 ; # small z + E8 D0B8 ; # small i + E9 D0B9 ; # small j + EA D0BA ; # small k + EB D0BB ; # small l + EC D0BC ; # small m + ED D0BD ; # small n + EE D0BE ; # small o + EF D0BF ; # small p + + F0 D180 ; # small r + F1 D181 ; # small s + F2 D182 ; # small t + F3 D183 ; # small u + F4 D184 ; # small f + F5 D185 ; # small kh + F6 D186 ; # small ts + F7 D187 ; # small ch + F8 D188 ; # small sh + F9 D189 ; # small shch + FA D18A ; # small hard sign + FB D18B ; # small y + FC D18C ; # small soft sign + FD D18D ; # small e + FE D18E ; # small yu + FF D18F ; # small ya +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cms-made-simple/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cms-made-simple/nginx.conf new file mode 100644 index 000000000..a0df10f24 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cms-made-simple/nginx.conf @@ -0,0 +1,17 @@ +server { + listen 80; + server_name .domain.tld; + root /var/www/cms; # Directory root of your CMS. + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx-alt.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx-alt.conf new file mode 100644 index 000000000..61d27e626 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx-alt.conf @@ -0,0 +1,25 @@ +server { + listen 80; + server_name localhost; + root /var/www/html/ci; + autoindex on; + index index.php; + + location / { + + try_files $uri $uri/ /index.php; + + location = /index.php { + + fastcgi_pass 127.0.0.1:6969; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx.conf new file mode 100644 index 000000000..4d2c9732c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/codeigniter/nginx.conf @@ -0,0 +1,22 @@ +server { + server_name domain.tld; + + root /var/www/codeignitor; + index index.html index.php; + + # set expiration of assets to MAX for caching + location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ { + expires max; + log_not_found off; + } + + location / { + # Check if a file or directory index file exists, else route it to index.php. + try_files $uri $uri/ /index.php; + } + + location ~* \.php$ { + fastcgi_pass 127.0.0.1:9000; + include fastcgi.conf; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/contao/sites-available/example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/contao/sites-available/example.com.vhost new file mode 100644 index 000000000..bf95433b4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/contao/sites-available/example.com.vhost @@ -0,0 +1,41 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! + location ~* \.(tpl|html5|xhtml)$ { + deny all; + } + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + location / { + try_files $uri $uri/ /index.php?$args; + } + location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cs-cart/sites-available/example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cs-cart/sites-available/example.com.vhost new file mode 100644 index 000000000..899c2cb17 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/cs-cart/sites-available/example.com.vhost @@ -0,0 +1,65 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + client_max_body_size 100M; + + rewrite /api/(.*)$ /api.php?_d=$1&ajax_custom=1 last; + + location ~ \.(png|gif|ico|swf|jpe?g|js|css|ttf|svg|eot|woff)$ { + if (!-e $request_filename){ + rewrite ^/(.*?)\/(.*)$ /$2 last; + } + expires 1w; + } + + location ~ store_closed.html$ { + if (!-e $request_filename){ + rewrite ^/(.*?)\/(.*)$ /$2 last; + } + } + + location / { + index index.php; + try_files $uri $uri/ /index.php?sef_rewrite=1&$args; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + fastcgi_temp_file_write_size 10m; + fastcgi_busy_buffers_size 512k; + fastcgi_buffer_size 512k; + fastcgi_buffers 16 512k; + fastcgi_read_timeout 1200; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/large.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/large.conf new file mode 100644 index 000000000..38d0ebb42 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/large.conf @@ -0,0 +1,98 @@ +pid /project_location/log/nginx.pid; +worker_processes 2; +error_log /project_location/log/error_log; + +events { + worker_connections 1024; + use epoll; +} + +http { + # default nginx location + include /usr/local/nginx/mime.types; + default_type application/octet-stream; + log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + client_header_timeout 3m; + client_body_timeout 3m; + send_timeout 3m; + connection_pool_size 256; + client_header_buffer_size 1k; + large_client_header_buffers 4 2k; + request_pool_size 4k; + output_buffers 4 32k; + postpone_output 1460; + sendfile on; + tcp_nopush on; + keepalive_timeout 75 20; + tcp_nodelay on; + + client_max_body_size 10m; + client_body_buffer_size 256k; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + client_body_temp_path /project_location/log/client_body_temp; + proxy_temp_path /project_location/log/proxy_temp; + fastcgi_temp_path /project_location/log/fastcgi_temp; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 32k; + gzip_types text/plain text/html application/x-javascript text/xml text/css; + + ignore_invalid_headers on; + + server { + listen 8000; + server_name localhost; + index index.html; + root project_location/public; + # static resources + + location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ + { + expires 30d; + break; + } + + location / { + # host and port to fastcgi server + fastcgi_pass unix:/project_location/log/django.sock; + fastcgi_param PATH_INFO $fastcgi_script_name; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_pass_header Authorization; + fastcgi_intercept_errors off; + } + + location /403.html { + root /usr/local/nginx; + access_log off; + } + + location /401.html { + root /usr/local/nginx; + access_log off; + } + + location /404.html { + root /usr/local/nginx; + access_log off; + } + + location = /_.gif { + empty_gif; + access_log off; + } + + access_log /project_location/log/localhost.access_log main; + error_log /project_location/log/localhost.error_log; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/nginx.conf new file mode 100644 index 000000000..fa0ac68ea --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/djangofastcgi/nginx.conf @@ -0,0 +1,34 @@ +# inside a http section +# replace the several paths and names +server { + listen 80; + server_name servername; + + access_log /path/to/log/file; + + location /media { + root /path/to/sites/siteYY/; + # I use a symbolic link called "admin" in the media/ folder + # (pointing to /usr/local/lib/python2.6/dist-packages/django/contrib/admin/media/ in my case) + # as suggested in http://docs.djangoproject.com/en/dev/howto/deployment/modpython/#serving-the-admin-files + # so that nginx serves the django admin media files with the parameter + # ADMIN_MEDIA_PREFIX set to '/media/admin/' in settings.py + } + + location / { + fastcgi_pass unix:RUNFILES_PATH/siteYY.socket; + # for a TCP host/port: + # fastcgi_pass {hostname}:{port}; + + # necessary parameter + fastcgi_param PATH_INFO $fastcgi_script_name; + + # to deal with POST requests + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + # http://stackoverflow.com/questions/605173/how-to-nginx-virtual-servers-fcgi-for-django uses many other parameters, + # some may be necessary in some situations + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/dokuwiki.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/dokuwiki.conf new file mode 100644 index 000000000..4909130c1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/dokuwiki.conf @@ -0,0 +1,30 @@ +include drop.conf; + +client_max_body_size 15M; +client_body_buffer_size 128k; +location / { + try_files $uri $uri/ @dw; +} + +location @dw { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; +} + +location ~ \.php$ { + include fastcgi_params; + fastcgi_param HTTPS $php_https;#DW checks $_SERVER['HTTPS'] + fastcgi_pass unix:/tmp/php5-fpm.sock; +} + +# Block access to data folders +location ~ /(data|conf|bin|inc)/ { +deny all; +} + +# Block access to .htaccess files +location ~ /\.ht { +deny all; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/drop.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/drop.conf new file mode 100644 index 000000000..e511c0bf4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/drop.conf @@ -0,0 +1,4 @@ +location = /robots.txt { access_log off; log_not_found off; } +location = /favicon.ico { access_log off; log_not_found off; } +location ~ /\. { access_log off; log_not_found off; deny all; } +location ~ ~$ { access_log off; log_not_found off; deny all; } diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/full.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/full.conf new file mode 100644 index 000000000..2405143ac --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/full.conf @@ -0,0 +1,61 @@ +server { + server_name wiki.ulyaoth.net; + listen 80; + autoindex off; + client_max_body_size 15M; + client_body_buffer_size 128k; + index index.html index.htm index.php doku.php; + access_log /var/log/nginx/wiki.ulyaoth.net/access.log; + error_log /var/log/nginx/wiki.ulyaoth.net/error.log; + root /usr/share/nginx/dokuwiki; + + location / { + try_files $uri $uri/ @dokuwiki; + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass unix:/var/run/php-fpm/wiki.ulyaoth.net.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + } + + location ~ /(data|conf|bin|inc)/ { + deny all; + } + + location ~ /\.ht { + deny all; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx-no-ssl.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx-no-ssl.conf new file mode 100644 index 000000000..c8d9a59cf --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx-no-ssl.conf @@ -0,0 +1,29 @@ +server { + server_name wiki.domain.tld; + root /var/www/dokuwiki; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass unix:/tmp/phpcgi.socket; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx.conf new file mode 100644 index 000000000..fbd2c9a46 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dokuwiki/nginx.conf @@ -0,0 +1,30 @@ +map $scheme $php_https { default off; https on; } + + server { + server_name wiki.host.org + root /path/to/dokuwiki; + index doku.php; + listen 80; + #Enforce https for logins, admin + if ($args ~* do=(log|admin|profile)) { + rewrite ^ https://$host$request_uri? redirect; + } + include dokuwiki.conf; + } + + server { + server_name wiki.host.org; + root /path/to/dokuwiki; + index doku.php; + listen 443 ssl; + keepalive_requests 10; + keepalive_timeout 60 60; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + #switch back to plain http for normal view + + if ($args ~* (do=show|^$)){ + rewrite ^ http://$host$request_uri? redirect; + } + include dokuwiki.conf; + } diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/drupal/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/drupal/nginx.conf new file mode 100644 index 000000000..0f8aaf114 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/drupal/nginx.conf @@ -0,0 +1,95 @@ +server { + server_name example.com; + root /var/www/drupal8; ## <-- Your only path reference. + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + # try_files $uri @rewrite; # For Drupal <= 6 + try_files $uri /index.php?$query_string; # For Drupal >= 7 + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + # Don't allow direct access to PHP files in the vendor directory. + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + # In Drupal 8, we must also match new paths where the '.php' appears in + # the middle, such as update.php/selection. The rule we use is strict, + # and only allows this pattern with the update.php front controller. + # This allows legacy path aliases in the form of + # blog/index.php/legacy-path to continue to route to Drupal nodes. If + # you do not have any paths like that, then you might prefer to use a + # laxer rule, such as: + # location ~ \.php(/|$) { + # The laxer rule will continue to work if Drupal uses this new URL + # pattern with front controllers other than update.php in a future + # release. + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + # Security note: If you're running a version of PHP older than the + # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini. + # See http://serverfault.com/q/627903/94922 for details. + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_intercept_errors on; + fastcgi_pass unix:/var/run/php5-fpm.sock; + } + + # Fighting with Styles? This little gem is amazing. + # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 + location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7 + try_files $uri @rewrite; + } + + # Handle private files through Drupal. + location ~ ^/system/files/ { # For Drupal >= 7 + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dynamic_ssi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dynamic_ssi/nginx.conf new file mode 100644 index 000000000..655abf33c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/dynamic_ssi/nginx.conf @@ -0,0 +1,39 @@ +user nginx; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + tcp_nopush on; + keepalive_timeout 10; + gzip on; + + server { + server_name localhost; + charset utf-8; + access_log /var/log/nginx/access.log; + + root /var/www; + + location = / { + rewrite ^ /home redirect; + } + + location / { + ssi on; + set $inc $request_uri; + if (!-f $request_filename) { + rewrite ^ /index.html last; + } + if (!-f $document_root$inc.html) { + return 404; + } + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/elgg/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/elgg/nginx.conf new file mode 100644 index 000000000..fc64d1eda --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/elgg/nginx.conf @@ -0,0 +1,84 @@ +server { + server_name domain.com; + rewrite ^/(.*) http://www.domain.com/$1 permanent; +} + +server { + server_name www.domain.com; + + client_max_body_size 8M; + client_body_buffer_size 256k; + + location / { + if ($request_method = POST) { + proxy_pass http://localhost:8000; + break; + } + + default_type "text/html; charset=utf-8"; + set $memcached_key "/budokin-$uri"; + memcached_pass 127.0.0.1:11211; + error_page 404 502 = /fallback; + } + + location = /fallback { + proxy_pass http://127.0.0.1:8000; + break; + } + + access_log off; + #access_log /home/kam/www/budokin.com/log/access.log; + error_log /home/kam/www/budokin.com/log/error.log; +} + +server { + listen 8000; + server_name www.domain.com; + root /home/user/domain.com; + index index.php; + + client_max_body_size 8M; + client_body_buffer_size 256k; + + location / { + if (!-e $request_filename) { + rewrite ^/action/([A-Za-z\_\-\/] +) /engine/handlers/action_handler.php?action=$1 last; + rewrite ^/actions/([A-Za-z\_\-\/] +) /engine/handlers/action_handler.php?action=$1 last; + rewrite ^/export/([A-Za-z] +)/([0-9] +) /services/export/handler.php?view=$1&guid=$2 last; + rewrite ^/export/([A-Za-z] +)/([0-9] +)/([A-Za-z] +)/([A-Za-z0-9\_] +) /services/export/handler.php?view=$1&guid=$2&type=$3&idname=$4 last; + rewrite ^/_css/css.css /_css/css.php last; + rewrite ^/pg/([A-Za-z\_\-] +)/(.*) /engine/handlers/pagehandler.php?handler=$1&page=$2 last; + rewrite ^/pg/([A-Za-z\_\-] +) /engine/handlers/pagehandler.php?handler=$1 last; + rewrite ^/xml-rpc.php /engine/handlers/xml-rpc_handler.php last; + rewrite ^/mt/mt-xmlrpc.cgi /engine/handlers/xml-rpc_handler.php last; + } + } + + location ~ \.php$ { + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffer_size 128k; + fastcgi_buffers 4 256k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + fastcgi_intercept_errors on; + + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + + expires max; + } + + access_log off; + #access_log /home/kam/www/budokin.com/log/access.log; + error_log /home/kam/www/budokin.com/log/error.log; + + #error_page 500 502 503 504 /50x.html; + #location = /500.html { root /home/kam/www/nginx-default; } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlminifyjs/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlminifyjs/nginx.conf new file mode 100644 index 000000000..1cc73f6b7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlminifyjs/nginx.conf @@ -0,0 +1,19 @@ +http { + perl_modules perl; + + # Get this module from the CPAN and put the file in this directory. + # or install it systemwide + perl_require Javascript/Minifier.pm; + perl_require Minify.pm; + + root /var/www; + server { + location / { + index index.html index.htm; + } + + location ~ \.js$ { + perl Minify::handler; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlsitemapsproxy/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlsitemapsproxy/nginx.conf new file mode 100644 index 000000000..f9ec64a46 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/embeddedperlsitemapsproxy/nginx.conf @@ -0,0 +1,29 @@ +http { + include mime.types; + default_type application/octet-stream; + + perl_modules lib; + perl_require Sitemap.pm; + + keepalive_timeout 65; + + server { + listen 8090; + server_name sitemaps.worldsoft-cms.info; + + location / { + root html; + index index.html index.htm; + if (!-f $request_filename) { + rewrite ^/(.*)-sitemap.xml$ /sitemap/$1 last; + # If a file matches somethingsomething-sitemap.xml + # then redirect it to /sitemap/somethingsomething + # here somethingsomething will match a domain + } + } + + location /sitemap { + perl Sitemap::handler; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/bad.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/bad.conf new file mode 100644 index 000000000..6c4fe8282 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/bad.conf @@ -0,0 +1,24 @@ +server { + listen 80; + server_name www.mydomain.com; + root /var/www/EECore1.6.7; + + access_log /var/log/nginx/www.mydomain.com-access.log; + error_log /var/log/nginx/www.mydomain.com-error.log info; + + location / { + index index.php; + error_page 404 = @ee; + } + + location @ee { + rewrite ^(.*) /index.php?$1 last; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:8888; + fastcgi_index index.php5; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/better.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/better.conf new file mode 100644 index 000000000..a7b42c21f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/better.conf @@ -0,0 +1,24 @@ +server { + listen 80; + server_name www.mydomain.com; + root /var/www/EECore1.6.7; + + access_log /var/log/nginx/www.mydomain.com-access.log; + error_log /var/log/nginx/www.mydomain.com-error.log info; + + location / { + index index.php; + try_files $uri $uri/ @ee; + } + + location @ee { + rewrite ^(.*) /index.php?$1 last; + } + + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:8888; + fastcgi_index index.php5; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/yourpath.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/yourpath.conf new file mode 100644 index 000000000..a8ad8fae4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/expressionengine/yourpath.conf @@ -0,0 +1,37 @@ +server { + listen 80; + server_name example.com; + root /PATH_TO_ROOT; + index index.php; + + location / { + index index.php; + try_files $uri $uri/ @ee; + } + + location @ee { + rewrite ^(.*) /index.php$1 last; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass unix:/tmp/php-fastcgi.socket; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + # This location is for our EE index.php gateway + location /index.php { + include /usr/local/nginx/conf/fastcgi_params; + set $script $uri; + set $path_info $uri; + # this will set the path_info when it exists as query string: /index.php?/something/here + if ($args ~* "^(/.+)$") { + set $path_info $1; + } + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/fastcgi.conf new file mode 100644 index 000000000..99cb14de2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/fastcgi.conf @@ -0,0 +1,18 @@ +#fastcgi.conf +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/nginx.conf new file mode 100644 index 000000000..8cd568cc9 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fastcgiexample/nginx.conf @@ -0,0 +1,6 @@ +location ~ \.php$ { + include /etc/nginx/fastcgi_params; + if ($uri !~ "^/images/") { + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fengoffice/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fengoffice/sites-available/www.example.com.vhost new file mode 100644 index 000000000..76894e3df --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fengoffice/sites-available/www.example.com.vhost @@ -0,0 +1,33 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + location = /favicon.ico { + log_not_found off; + access_log off; + expires max; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + client_max_body_size 8M; + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/fastcgi.conf new file mode 100644 index 000000000..f74064d5f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/fastcgi.conf @@ -0,0 +1,21 @@ +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_index index.php; + +fastcgi_param REDIRECT_STATUS 200; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/mime.types b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/mime.types new file mode 100644 index 000000000..25ae94eb7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/mime.types @@ -0,0 +1,48 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml rss; + image/gif gif; + image/jpeg jpeg jpg; + application/x-javascript js; + text/plain txt; + text/x-component htc; + text/mathml mml; + image/png png; + image/x-icon ico; + image/x-jng jng; + image/vnd.wap.wbmp wbmp; + application/java-archive jar war ear; + application/mac-binhex40 hqx; + application/pdf pdf; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/zip zip; + application/octet-stream deb; + application/octet-stream bin exe dll; + application/octet-stream dmg; + application/octet-stream eot; + application/octet-stream iso img; + application/octet-stream msi msp msm; + audio/mpeg mp3; + audio/x-realaudio ra; + video/mpeg mpeg mpg; + video/quicktime mov; + video/x-flv flv; + video/x-msvideo avi; + video/x-ms-wmv wmv; + video/x-ms-asf asx asf; + video/x-mng mng; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/nginx.conf new file mode 100644 index 000000000..f0ceb89b3 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/nginx.conf @@ -0,0 +1,70 @@ +user www www; ## Default: nobody +worker_processes 5; ## Default: 1 +error_log logs/error.log; +pid logs/nginx.pid; +worker_rlimit_nofile 8192; + +events { + worker_connections 4096; ## Default: 1024 +} + +http { + include conf/mime.types; + include /etc/nginx/proxy.conf; + include /etc/nginx/fastcgi.conf; + index index.html index.htm index.php; + + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log logs/access.log main; + sendfile on; + tcp_nopush on; + server_names_hash_bucket_size 128; # this seems to be required for some vhosts + + server { # php/fastcgi + listen 80; + server_name domain1.com www.domain1.com; + access_log logs/domain1.access.log main; + root html; + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:1025; + } + } + + server { # simple reverse-proxy + listen 80; + server_name domain2.com www.domain2.com; + access_log logs/domain2.access.log main; + + # serve static files + location ~ ^/(images|javascript|js|css|flash|media|static)/ { + root /var/www/virtual/big.server.com/htdocs; + expires 30d; + } + + # pass requests for dynamic content to rails/turbogears/zope, et al + location / { + proxy_pass http://127.0.0.1:8080; + } + } + + upstream big_server_com { + server 127.0.0.3:8000 weight=5; + server 127.0.0.3:8001 weight=5; + server 192.168.0.1:8000; + server 192.168.0.1:8001; + } + + server { # simple load balancing + listen 80; + server_name big.server.com; + access_log logs/big.server.access.log main; + + location / { + proxy_pass http://big_server_com; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/proxy.conf new file mode 100644 index 000000000..d337611df --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/full-example/proxy.conf @@ -0,0 +1,10 @@ +proxy_redirect off; +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +client_max_body_size 10m; +client_body_buffer_size 128k; +proxy_connect_timeout 90; +proxy_send_timeout 90; +proxy_read_timeout 90; +proxy_buffers 32 4k; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fullexample2/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fullexample2/nginx.conf new file mode 100644 index 000000000..5381a0c43 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/fullexample2/nginx.conf @@ -0,0 +1,126 @@ +user www www; +worker_processes 2; +pid /var/run/nginx.pid; + +# [ debug | info | notice | warn | error | crit ] +error_log /var/log/nginx.error_log info; + +events { + worker_connections 2000; + # use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] ; + use kqueue; +} + +http { + include conf/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + log_format download '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$http_range" "$sent_http_content_range"'; + + client_header_timeout 3m; + client_body_timeout 3m; + send_timeout 3m; + + client_header_buffer_size 1k; + large_client_header_buffers 4 4k; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + + tcp_nodelay on; + send_lowat 12000; + + keepalive_timeout 75 20; + + # lingering_time 30; + # lingering_timeout 10; + # reset_timedout_connection on; + + + server { + listen one.example.com; + server_name one.example.com www.one.example.com; + + access_log /var/log/nginx.access_log main; + + location / { + proxy_pass http://127.0.0.1/; + proxy_redirect off; + + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + client_max_body_size 10m; + client_body_buffer_size 128k; + + client_body_temp_path /var/nginx/client_body_temp; + + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_send_lowat 12000; + + proxy_buffer_size 4k; + proxy_buffers 4 32k; + proxy_busy_buffers_size 64k; + proxy_temp_file_write_size 64k; + + proxy_temp_path /var/nginx/proxy_temp; + + charset koi8-r; + } + + error_page 404 /404.html; + + location /404.html { + root /spool/www; + + charset on; + source_charset koi8-r; + } + + location /old_stuff/ { + rewrite ^/old_stuff/(.*)$ /new_stuff/$1 permanent; + } + + location /download/ { + valid_referers none blocked server_names *.example.com; + + if ($invalid_referer) { + #rewrite ^/ http://www.example.com/; + return 403; + } + + # rewrite_log on; + # rewrite /download/*/mp3/*.any_ext to /download/*/mp3/*.mp3 + rewrite ^/(download/.*)/mp3/(.*)\..*$ /$1/mp3/$2.mp3 break; + + root /spool/www; + # autoindex on; + access_log /var/log/nginx-download.access_log download; + } + + location ~* ^.+\.(jpg|jpeg|gif)$ { + root /spool/www; + access_log off; + expires 30d; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/geoip/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/geoip/nginx.conf new file mode 100644 index 000000000..688fb4933 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/geoip/nginx.conf @@ -0,0 +1,9 @@ +http { + geoip_country /usr/share/GeoIP/GeoIP.dat; + map $geoip_country_code $allowed_country { + default yes; + FK no; + FM no; + EH no; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/guide-to-nginx-ssl-spdy-hsts/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/guide-to-nginx-ssl-spdy-hsts/nginx.conf new file mode 100644 index 000000000..f195b4d21 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/guide-to-nginx-ssl-spdy-hsts/nginx.conf @@ -0,0 +1,120 @@ +# openssl_version_minimum 1.0.1g; + +http { + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + server_tokens off; + keepalive_timeout 60; + + # http-redirects to https; even if using of hsts; + # usefull if users are typing your server-name w/out https:// + + + # logjam and a good idea anyway + ssl_dhparam /etc/nginx/dhparams.pem; + + + server { + listen 80 default_server; + server_name secure.example.com; + + rewrite ^ https://secure.example.com$request_uri? permanent; + + # dummy redirect, if http+https-server-in-one + if ($scheme = http) { + return 301 https://$server_name$request_uri; + } + + } + + + server { + # turn on ssl + spdy + listen 443 ssl spdy default_server; + server_name secure.example.com; + + # sending hsts-header / 12 months + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + # usually not needed + #add_header Alternate-Protocol 443:npn-spdy/2; + + # ssl-config + + ssl_certificate /etc/ssl/secure.example.com.crt-combined; + ssl_certificate_key /etc/ssl/secure.example.com.key; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + + # please use a separate session_cache for each server {} - config + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + # turn off gzip to protect against BREACH / http://breachattack.com/ + gzip on; + + # + # ssl cipher-suites + # + + # nginx-default - kind of ok and working in usually any cases + ssl_ciphers HIGH:!aNULL:!MD5 + + # nginx-default-for-static + #ssl_ciphers RC4:HIGH:!aNULL:!MD5; + + # nginx mailinglist suggestion + #ssl_ciphers HIGH:!SSLv2:!MEDIUM:!LOW:!EXP:!RC4:!DSS:!aNULL:@STRENGTH; + + + # bare minimum for basic + BEAST-mitigation + # grade A w/ ssllabs, but no PFS + #ssl_ciphers RC4:HIGH:!aNULL:!MD5; + + # suggestion from sslabs + #ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; + + # suggestion from hasgeek.com + #ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!EDH:!kEDH:!PSK:!SRP:!kECDH; + + # bare minimum for BEAST-mitigation + PFS + #ssl_ciphers !aNULL:!LOW:!MD5:!EXP:RC4:AES256:3DES:AES128:SEED:CAMELLIA; + + + + # PFS and most secure ciphers (think about using TLS1.2 only) + # suggestion from code-bear.com + #ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA; + + # PFS + BEAST-mitigation + # suggestion from hynek.me + #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:RC4-SHA; + + + # fast and secure, BEAST-mitigation but no PFS? + # suggestion from http://unhandledexpression.com + #ssl_ciphers ALL:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM; + + # + # suggestions by mozilla-server-team - good compatibility, pfs, preferrable ciphers + # + # modern ciphers + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; + + # intermediate ciphers + #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + + # old ciphers (would need SSLv3, but is not recommende as of oct 2014 + #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + + # logjam / cipher suggested from weakdh.org + #ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; + + + + } + + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/hardwarelberrors/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/hardwarelberrors/nginx.conf new file mode 100644 index 000000000..78ef6935a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/hardwarelberrors/nginx.conf @@ -0,0 +1,22 @@ +http { + geo $lb { + default 0; + 10.1.1.1/32 1; # LB IPs + 10.1.1.2/32 1; + } + + # ... + + server { + # ... + access_log /path/to/log; + error_page 400 /400; + + location = /400 { + if ($lb) { + access_log off; + } + return 400; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/icinga/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/icinga/sites-available/www.example.com.vhost new file mode 100644 index 000000000..dcc4540af --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/icinga/sites-available/www.example.com.vhost @@ -0,0 +1,66 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html index.htm; + location = /favicon.ico { + log_not_found off; + access_log off; + expires max; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + location / { + root /usr/share/icinga/htdocs; + index index.html; + auth_basic "Restricted"; + auth_basic_user_file /etc/icinga/htpasswd.users; + } + location /icinga/stylesheets { + alias /etc/icinga/stylesheets; + } + location /stylesheets { + alias /etc/icinga/stylesheets; + } + location /icinga/images { + alias /usr/share/icinga/htdocs/images; + } + location ~ \.cgi$ { + # define root directory for CGIs + root /usr/lib/cgi-bin/icinga; + rewrite ^/icinga/cgi-bin/(.*)\.cgi /$1.cgi break; + rewrite ^/cgi-bin/icinga/(.*)\.cgi /$1.cgi break; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + auth_basic "Restricted"; + auth_basic_user_file /etc/icinga/htpasswd.users; + fastcgi_param AUTH_USER $remote_user; + fastcgi_param REMOTE_USER $remote_user; + } + location ~ ^/icinga-api/(.+\.php)$ { + root /usr/share/icinga/htdocs; + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + auth_basic "Restricted"; + auth_basic_user_file /etc/icinga/htpasswd.users; + fastcgi_param AUTH_USER $remote_user; + fastcgi_param REMOTE_USER $remote_user; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapacheperlscript/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapacheperlscript/nginx.conf new file mode 100644 index 000000000..b31165917 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapacheperlscript/nginx.conf @@ -0,0 +1,39 @@ +user nobody; +worker_processes 1; +error_log logs/error.log info; +pid logs/nginx.pid; + +events { + worker_connections 1024; + multi_accept on; +} + +http { + perl_modules perl/lib; + perl_require mailauth.pm; + + server { + location /auth { + perl mailauth::handler; + } + } +} + +mail { + auth_http 127.0.0.1:80/auth; + + pop3_capabilities "TOP" "USER"; + imap_capabilities "IMAP4rev1" "UIDPLUS"; + + server { + listen 110; + protocol pop3; + proxy on; + } + + server { + listen 143; + protocol imap; + proxy on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapachephpscript/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapachephpscript/nginx.conf new file mode 100644 index 000000000..a3c96e359 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapauthenticatewithapachephpscript/nginx.conf @@ -0,0 +1,27 @@ +user nobody; +worker_processes 1; +error_log logs/error.log info; +pid logs/nginx.pid; + +events { + worker_connections 1024; + multi_accept on; +} + +mail { + auth_http 192.168.1.44:80/mail/auth.php; + pop3_capabilities "TOP" "USER"; + imap_capabilities "IMAP4rev1" "UIDPLUS"; + + server { + listen 110; + protocol pop3; + proxy on; + } + + server { + listen 143; + protocol imap; + proxy on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/nginx.conf new file mode 100644 index 000000000..cfdb3fb8c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/nginx.conf @@ -0,0 +1,38 @@ +mail { + #auth_http unix:/path/socket:/cgi-bin/auth; + auth_http localhost:9000/cgi-bin/auth; + + proxy on; + starttls on; ## enable STARTTLS for all mail servers + + # The SSL part can be put in a separate configuration file, + # e.g., in the case of an SSL offloader / caching proxy. + # In that case, only the ssl_certificate* needs to be set here (or in server block.) + # The config assumes certificates in /etc/nginx/ssl/ and + # private keys in /etc/nginx/ssl/private/ + ssl on; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 SSLv3; + ssl_ciphers HIGH:!ADH:!MD5:@STRENGTH; + ssl_session_cache shared:TLSSL:16m; + ssl_session_timeout 10m; + ## default SSL cert. Each host should have its own. + ssl_certificate ssl/wildcard.crt; + ssl_certificate_key ssl/private/wildcard.key; + + ## default, STARTTLS is appended because of starttls directive above + imap_capabilities "IMAP4rev1" "UIDPLUS"; + server { + listen 143; + protocol imap; + server_name mx.example.org; + } + +## uncomment to enable POP3 proxy +# pop3_capabilities "TOP" "USER"; +# server { +# listen 110; +# protocol pop3; +# } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/proxy-example.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/proxy-example.conf new file mode 100644 index 000000000..653f1b212 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/imapproxyexample/proxy-example.conf @@ -0,0 +1,20 @@ +mail { + #auth_http unix:/path/socket:/cgi-bin/auth; + auth_http localhost:9000/cgi-bin/auth; + + proxy on; + + imap_capabilities "IMAP4rev1" "UIDPLUS"; ## default + server { + listen 143; + protocol imap; + } + +## uncomment to enable POP3 proxy +# pop3_capabilities "TOP" "USER"; +# server { +# listen 110; +# protocol pop3; +# } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/mobile.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/mobile.conf new file mode 100644 index 000000000..147839af1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/mobile.conf @@ -0,0 +1,37 @@ +upstream m_app_server { + server 0.0.0.0:3001; +} + +server { + listen 80; + server_name m.mysite.com; + + root /path/to/mobile_site; + # ... + + location / { + proxy_set_header X-Real-IP $remote_addr; + # ... + + if ($http_user_agent ~* '(iPhone|iPod)') { + set $iphone_request '1'; + set $iphone_path_prefix '/iphone'; + } + if ($uri ~ ^/iphone.*$) { + set $iphone_path_prefix ''; + } + if ($uri ~ '(images|stylesheets|javascripts|\.css|\.js|\.ico|\.gif|\.jpg|\.png)') { + set $iphone_path_prefix ''; + } + if ($iphone_request = '1') { + rewrite (.*) $iphone_path_prefix$1; + } + + # serve cached pages ... + + if (!-f $request_filename) { + proxy_pass http://m_app_server; + break; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/nginx.conf new file mode 100644 index 000000000..a97a7128d --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iphone-website-with-nginx/nginx.conf @@ -0,0 +1,33 @@ +upstream app_server { + server 0.0.0.0:3000; +} + +server { + listen 80; + server_name www.mysite.com; + + root /path/to/main_site; + # ... + + location / { + proxy_set_header X-Real-IP $remote_addr; + # ... + + if ($http_user_agent ~* '(iPhone|iPod)') { + set $iphone_request '1'; + } + if ($http_cookie ~ 'iphone_mode=full') { + set $iphone_request ''; + } + if ($iphone_request = '1') { + rewrite ^.+ http://m.mysite.com$uri; + } + + # serve cached pages ... + + if (!-f $request_filename) { + proxy_pass http://app_server; + break; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/iredadmin.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/iredadmin.conf new file mode 100644 index 000000000..15ca8c81a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/iredadmin.conf @@ -0,0 +1,31 @@ +server { + listen 443 ssl; ## listen for ipv4; this line is default and implied + access_log /var/log/nginx/iredadmin.access.log; + error_log /var/log/nginx/iredadmin.error.log; + + ssl_certificate /etc/nginx/ssl/star.crt; + ssl_certificate_key /etc/nginx/ssl/server.key; + ssl_session_timeout 5m; + ssl_protocols SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; + ssl_prefer_server_ciphers on; + + server_name mail.elegbara.com; + + location / { + root /var/www/iredadmin/; + uwsgi_pass unix:///var/run/uwsgi/app/iredadmin/iredadmin.socket; + uwsgi_param UWSGI_PYHOME /var/www/iredadmin/python-home; + uwsgi_param UWSGI_CHDIR /var/www/iredadmin; + uwsgi_param UWSGI_SCRIPT iredadmin; + include uwsgi_params; + } + + location /static { + alias /var/www/iredadmin/static/; + } + + location ~ /\.ht { + deny all; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/nginx.conf new file mode 100644 index 000000000..6669bd1ca --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/iredmail/nginx.conf @@ -0,0 +1,43 @@ +server { + listen 80; + server_name mail.elegbara.net; + + location / { + rewrite ^ https://mail.elegbara.net/webmail permanent; + } + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name; + } +} + +server { + listen 443; + server_name mail.elegbara.net; + + location / { + root /usr/share/apache2/; + index index.php index.html; + } + + location ~ \.php$ { + root /usr/share/apache2/; + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /usr/share/apache2$fastcgi_script_name; + fastcgi_param SERVER_NAME $http_host; + fastcgi_ignore_client_abort on; + } + + ssl on; + ssl_certificate /etc/ssl/certs/iRedMail_CA.pem; + ssl_certificate_key /etc/ssl/private/iRedMail.key; + ssl_session_timeout 5m; + ssl_protocols SSLv2 SSLv3 TLSv1; + ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; + ssl_prefer_server_ciphers on; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/javaservers/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/javaservers/nginx.conf new file mode 100644 index 000000000..277d4009f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/javaservers/nginx.conf @@ -0,0 +1,49 @@ +root /PATH/TO/YOUR/WEB/APPLICATION; + +proxy_pass http://localhost:8080; + +location ~ \.do$ { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; +} +location ~ \.jsp$ { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; +} +location ^~/servlets/* { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; +} + +server { + listen 80; + server_name YOUR_DOMAIN; + root /PATH/TO/YOUR/WEB/APPLICATION; + location / { + index index.jsp; + } + location ~ \.do$ { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + } + location ~ \.jsp$ { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + } + location ^~/servlets/* { + proxy_pass http://localhost:8080; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/joomla/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/joomla/nginx.conf new file mode 100644 index 000000000..a1cf8d537 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/joomla/nginx.conf @@ -0,0 +1,39 @@ +server { + listen 80; + server_name YOUR_DOMAIN; + server_name_in_redirect off; + + access_log /var/log/nginx/localhost.access_log; + error_log /var/log/nginx/localhost.error_log info; + + root PATH_ON_SERVER; + index index.php index.html index.htm default.html default.htm; + # Support Clean (aka Search Engine Friendly) URLs + location / { + try_files $uri $uri/ /index.php?$args; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi.conf; + } + + # caching of files + location ~* \.(ico|pdf|flv)$ { + expires 1y; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ { + expires 14d; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/likeapache/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/likeapache/nginx.conf new file mode 100644 index 000000000..f90585021 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/likeapache/nginx.conf @@ -0,0 +1,11 @@ +server { + listen myhost:80; + server_name myhost; + location / { + root /path/to/myapp/public; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://myapp:8080; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/loadbalanceexample/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/loadbalanceexample/nginx.conf new file mode 100644 index 000000000..c212b5f0f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/loadbalanceexample/nginx.conf @@ -0,0 +1,16 @@ +http { + upstream myproject { + server 127.0.0.1:8000 weight=3; + server 127.0.0.1:8001; + server 127.0.0.1:8002; + server 127.0.0.1:8003; + } + + server { + listen 80; + server_name www.domain.com; + location / { + proxy_pass http://myproject; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mailman/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mailman/nginx.conf new file mode 100644 index 000000000..50401671e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mailman/nginx.conf @@ -0,0 +1,37 @@ +server { + listen 1.2.3.4:80; + server_name lists.DOMAIN.TLD; + root /usr/lib; + + location = / { + rewrite ^ /mailman/listinfo permanent; + } + + location / { + rewrite ^ /mailman$uri?$args; + } + + location = /mailman/ { + rewrite ^ /mailman/listinfo permanent; + } + + location /mailman/ { + include proxy_params; + proxy_pass http://127.0.0.1/; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } + + location /cgi-bin { + rewrite ^/cgi-bin(.*)$ $1 permanent; + } + + location /images/mailman { + alias /var/lib/mailman/icons; + } + + location /pipermail { + alias /var/lib/mailman/archives/public; + autoindex on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mediawiki/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mediawiki/nginx.conf new file mode 100644 index 000000000..245375f95 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mediawiki/nginx.conf @@ -0,0 +1,44 @@ +server { + server_name wiki.nginx.org; + root /var/www/mediawiki; + + client_max_body_size 5m; + client_body_timeout 60; + + location / { + try_files $uri $uri/ @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?title=$1&$args; + } + + location ^~ /maintenance/ { + return 403; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass unix:/tmp/phpfpm.sock; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + try_files $uri /index.php; + expires max; + log_not_found off; + } + + location = /_.gif { + expires max; + empty_gif; + } + + location ^~ /cache/ { + deny all; + } + + location /dumps { + root /var/www/mediawiki/local; + autoindex on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/memcachepreload/sites-available/default b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/memcachepreload/sites-available/default new file mode 100644 index 000000000..f654e1936 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/memcachepreload/sites-available/default @@ -0,0 +1,12 @@ +server { + listen 80; + server_name <webserver>; + root /var/www/; + + location / { + index index.html; + default_type text/plain; + set $memcached_key memfis://<hostname>$uri; + memcached_pass 127.0.0.1:11211; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/minio/sites-enabled/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/minio/sites-enabled/nginx.conf new file mode 100644 index 000000000..a70bcec63 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/minio/sites-enabled/nginx.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name example.com; + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://localhost:9000; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mono/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mono/nginx.conf new file mode 100644 index 000000000..bc9061652 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mono/nginx.conf @@ -0,0 +1,36 @@ +server { + server_name profarius.com; + root /var/www/webapp; + index index.html index.htm index.aspx default.aspx; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.aspx; + } + + # Fighting with ImageCache? This little gem is amazing. + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri $uri/ @rewrite; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + + location ~ \.(aspx|asmx|ashx|asax|ascx|soap|rem|axd|cs|config|dll)$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mybb/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mybb/nginx.conf new file mode 100644 index 000000000..70b70ecf1 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/mybb/nginx.conf @@ -0,0 +1,27 @@ +server { + server_name quantifiedselfforum.com; + + access_log logs/qsforum.access; + error_log logs/qsforum.error error; + + root /var/www/qsforum; + + location / { + index index.php; + } + + # Deny access to internal files. + location ~ /(inc|uploads/avatars) { + deny all; + } + + # Pass the php scripts to fastcgi server + location ~ \.php$ { + fastcgi_pass unix:/tmp/php.socket; + # Necessary for php. + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + # Unmodified fastcgi_params from nginx distribution. + include fastcgi_params; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/nonrootwebpath/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/nonrootwebpath/nginx.conf new file mode 100644 index 000000000..3351b2cb4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/nonrootwebpath/nginx.conf @@ -0,0 +1,7 @@ +location ~ /thisapp(?<path_info>/.*|$) { + fastcgi_pass unix:/path/to/thisappfcgi.sock; + include /etc/nginx/fastcgi_params; + + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_NAME "/thisapp"; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/omeka/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/omeka/nginx.conf new file mode 100644 index 000000000..8da3b7dd7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/omeka/nginx.conf @@ -0,0 +1,50 @@ +server { + server_name omeka.corp.good-sam.com; + root /var/www/omeka; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location / { + try_files $uri /index.php?$args; + } + + location /admin { + try_files $uri /admin/index.php?$args; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + fastcgi_pass unix:/tmp/phpfpm.sock; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + + location /install { + try_files $uri /install/index.php?$args; + + # This is an odd way to check that rewrites work... + location ~* /install/check-mod-rewrite([^/]*)\.html$ { + rewrite ^ /install/mod-rewrite.php?enabled=true; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oscommerce/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oscommerce/nginx.conf new file mode 100644 index 000000000..523b16300 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oscommerce/nginx.conf @@ -0,0 +1,50 @@ +server { + server_name www.domain.com; + server_name_in_redirect off; + + root /var/www/www.domain.com/catalog; + access_log /var/www/www.domain.com/logs/access.log; + error_log /var/www/www.domain.com/logs/error.log; + + # expires max on static content + location / { expires max; } + + # Inaccessible locations + location ~ ^/includes/.*\.php$ { return 403; } + location ~ ^/admin/includes/.*\.php$ { return 403; } + location ^~ /admin/backups { return 403; } + location ^~ /download { return 403; } + + # osCommerce rewrites + location ~ -p-(?<id>[0-9]+)\.html$ { rewrite ^ /product_info.php?products_id=$id; } + location ~ -c-(?<id>[0-9_]+)\.html$ { rewrite ^ /index.php?cPath=$id; } + location ~ -m-(?<id>[0-9]+)\.html$ { rewrite ^ /index.php?manufacturers_id=$id; } + location ~ -pi-(?<id>[0-9]+)\.html$ { rewrite ^ /popup_image.php?pID=$id; } + location ~ -pr-(?<id>[0-9]+)\.html$ { rewrite ^ /product_reviews.php?products_id=$id; } + location ~ -pri-(?<id>[0-9]+)\.html$ { rewrite ^ /product_reviews_info.php?products_id=$id; } + + # Articles contribution + location ~ -t-(?<id>[0-9_]+)\.html$ { rewrite ^ /articles.php?tPath=$id; } + location ~ -a-(?<id>[0-9]+)\.html$ { rewrite ^ /article_info.php?articles_id=$id; } + + # Information pages + location ~ -i-(?<id>[0-9]+)\.html$ { rewrite ^ /information.php?info_id=$id; } + + # Links contribution + location ~ -links-(?<id>[0-9_]+)\.html$ { rewrite ^ /links.php?lPath=$id; } + + # Newsdesk contribution + location ~ -n-(?<id>[0-9]+)\.html$ { rewrite ^ /newsdesk_info.php?newsdesk_id=$id; } + location ~ -nc-(?<id>[0-9]+)\.html$ { rewrite ^ /newsdesk_index.php?newsPath=$id; } + location ~ -nri-(?<id>[0-9]+)\.html$ { rewrite ^ /newsdesk_reviews_info.php?newsdesk_id=$id; } + location ~ -nra-(?<id>[0-9]+)\.html$ { rewrite ^ /newsdesk_reviews_article.php?newsdesk_id=$id; } + + # Pass to php + location ~ \.php$ { + if (!-f $request_filename) { return 404; } + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass 127.0.0.1:9000; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/osticket/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/osticket/nginx.conf new file mode 100644 index 000000000..e44171ef6 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/osticket/nginx.conf @@ -0,0 +1,71 @@ +user nginx; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + sendfile on; + charset utf-8; + gzip on; + gzip_types text/plain application/xml text/javascript; + gzip_min_length 1000; + + index index.php index.html index.htm; + + # Rewrite all requests from HTTP to HTTPS + server { + listen 80; + server_name tickets.mydomain.com; + rewrite ^ https://tickets.mydomain.com permanent; + } + + server { + listen 443; + server_name tickets.mydomain.com; + ssl on; + ssl_certificate /etc/nginx/certs/cert.pem; + ssl_certificate_key /etc/nginx/certs/cert.key; + + keepalive_timeout 70; + + root /var/www/osticket; + + set $path_info ""; + + location ~ /include { + deny all; + return 403; + } + + if ($request_uri ~ "^/api(/[^\?]+)") { + set $path_info $1; + } + + location ~ ^/api/(?:tickets|tasks).*$ { + try_files $uri $uri/ /api/http.php?$query_string; + } + + if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") { + set $path_info $1; + } + + location ~ ^/scp/ajax.php/.*$ { + try_files $uri $uri/ /scp/ajax.php?$query_string; + } + + location / { + try_files $uri $uri/ index.php; + } + + location ~ \.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param PATH_INFO $path_info; + fastcgi_pass 127.0.0.1:8888; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/owncloud/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/owncloud/sites-available/www.example.com.vhost new file mode 100644 index 000000000..25dbf1e05 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/owncloud/sites-available/www.example.com.vhost @@ -0,0 +1,75 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + client_max_body_size 10G; # set max upload size + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + rewrite ^/apps/calendar/caldav.php /remote.php/caldav/ last; + rewrite ^/apps/contacts/carddav.php /remote.php/carddav/ last; + rewrite ^/apps/([^/]*)/(.*\.(css|php))$ /index.php?app=$1&getfile=$2 last; + rewrite ^/remote/(.*) /remote.php last; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } + + location / { + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ ^(.+?\.php)(/.*)?$ { + try_files $1 =404; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + fastcgi_param PATH_INFO $2; + fastcgi_param HTTPS $https; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_intercept_errors on; + fastcgi_index index.php; + fastcgi_buffers 64 4K; + } + + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + expires 30d; + access_log off; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oxid-eshop/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oxid-eshop/sites-available/www.example.com.vhost new file mode 100644 index 000000000..4052fc482 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/oxid-eshop/sites-available/www.example.com.vhost @@ -0,0 +1,66 @@ +server { + listen 80; + + ## SSL directives might go here + ## see http://www.howtoforge.com/how_to_set_up_ssl_vhosts_under_nginx_plus_sni_support_ubuntu_11.04_debian_squeeze + ## if you want to enable SSL for this vhost + + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + + if ($request_method ~ ^(TRACE|TRACK)$ ) { + return 403; + } + + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ (/\.|EXCEPTION_LOG\.txt|\.log$|\.tpl$|pkg.rev) { + deny all; + } + + location ~ /out/pictures/.*(\.jpg|\.gif|\.png)$ { + try_files $uri /core/utils/getimg.php; + } + + location ~ ^/(admin|setup)/?$ { + } + + location ~ /(core|export|modules|out|tmp|views)/ { + } + + location / { + try_files $uri $uri/ /oxseo.php; + } + + location = /oxseo.php { + if ($args ~ "mod_rewrite_module_is=off") { + rewrite /oxseo.php /oxseo.php?mod_rewrite_module_is=on? break; + } + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS $fastcgi_https; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS $fastcgi_https; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/php-fpm/default.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/php-fpm/default.conf new file mode 100644 index 000000000..eded5b90a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/php-fpm/default.conf @@ -0,0 +1,9 @@ +# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 +# +location ~ \.php$ { + root /usr/share/nginx/html; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpbb/nginx.sample.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpbb/nginx.sample.conf new file mode 100644 index 000000000..c415720e9 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpbb/nginx.sample.conf @@ -0,0 +1,129 @@ +# Sample nginx configuration file for phpBB. +# Global settings have been removed, copy them +# from your system's nginx.conf. +# Tested with nginx 0.8.35. + +# If you want to use the X-Accel-Redirect feature, +# add the following to your config.php. +# +# define('PHPBB_ENABLE_X_ACCEL_REDIRECT', true); +# +# See http://wiki.nginx.org/XSendfile for the details +# on X-Accel-Redirect. + +http { + # Compression - requires gzip and gzip static modules. + gzip on; + gzip_static on; + gzip_vary on; + gzip_http_version 1.1; + gzip_min_length 700; + + # Compression levels over 6 do not give an appreciable improvement + # in compression ratio, but take more resources. + gzip_comp_level 6; + + # IE 6 and lower do not support gzip with Vary correctly. + gzip_disable "msie6"; + # Before nginx 0.7.63: + #gzip_disable "MSIE [1-6]\."; + + # Catch-all server for requests to invalid hosts. + # Also catches vulnerability scanners probing IP addresses. + server { + # default specifies that this block is to be used when + # no other block matches. + listen 80 default; + + server_name bogus; + return 444; + root /var/empty; + } + + # If you have domains with and without www prefix, + # redirect one to the other. + server { + # Default port is 80. + #listen 80; + + server_name myforums.com; + + # A trick from http://wiki.nginx.org/Pitfalls#Taxing_Rewrites: + rewrite ^ http://www.myforums.com$request_uri permanent; + # Equivalent to: + #rewrite ^(.*)$ http://www.myforums.com$1 permanent; + } + + # The actual board domain. + server { + #listen 80; + server_name www.myforums.com; + + root /path/to/phpbb; + + location / { + # phpBB uses index.htm + index index.php index.html index.htm; + try_files $uri $uri/ @rewriteapp; + } + + location @rewriteapp { + rewrite ^(.*)$ /app.php/$1 last; + } + + # Deny access to internal phpbb files. + location ~ /(config\.php|common\.php|includes|cache|files|store|images/avatars/upload) { + deny all; + # deny was ignored before 0.8.40 for connections over IPv6. + # Use internal directive to prohibit access on older versions. + internal; + } + + # Pass the php scripts to fastcgi server specified in upstream declaration. + location ~ \.php(/|$) { + # Unmodified fastcgi_params from nginx distribution. + include fastcgi_params; + # Necessary for php. + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + try_files $uri $uri/ /app.php$is_args$args; + fastcgi_pass php; + } + + # Correctly pass scripts for installer + location /install/ { + # phpBB uses index.htm + try_files $uri $uri/ @rewrite_installapp; + + # Pass the php scripts to fastcgi server specified in upstream declaration. + location ~ \.php(/|$) { + # Unmodified fastcgi_params from nginx distribution. + include fastcgi_params; + # Necessary for php. + fastcgi_split_path_info ^(.+\.php)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + try_files $uri $uri/ /install/app.php$is_args$args; + fastcgi_pass php; + } + } + + location @rewrite_installapp { + rewrite ^(.*)$ /install/app.php/$1 last; + } + + # Deny access to version control system directories. + location ~ /\.svn|/\.git { + deny all; + internal; + } + } + + # If running php as fastcgi, specify php upstream. + upstream php { + server unix:/tmp/php.sock; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfastcgionwindows/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfastcgionwindows/nginx.conf new file mode 100644 index 000000000..1d73370c9 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfastcgionwindows/nginx.conf @@ -0,0 +1,8 @@ +root c:/www; + +location ~ \.php$ { + fastcgi_pass 127.0.0.1:9123; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/fastcgi_params new file mode 100644 index 000000000..86f4c0a6c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/fastcgi_params @@ -0,0 +1,27 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +fastcgi_param HTTPS $https; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/nginx.conf new file mode 100644 index 000000000..7bc9fcfc2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phpfcgi/nginx.conf @@ -0,0 +1,10 @@ +location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phplist/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phplist/nginx.conf new file mode 100644 index 000000000..9cf532809 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/phplist/nginx.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name example.com; + + root /var/www/phplist/public_html/lists; + index index.php; + + access_log <<log file>>; + error_log <<log file>>; + + charset utf-8; + + location ~* \.(txt|log|inc)$ { + allow 127.0.0.1; + deny all; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } + + #block phplist config directory + location /config { + deny all; + } + + #per the phplist .htaccess these are the only public allowed php files + location ~* (index\.php|upload\.php|connector\.php|dl\.php|ut\.php|lt\.php|download\.php)$ { + fastcgi_split_path_info ^(.|\.php)(/.+)$; + + include /etc/nginx/fastcgi_params.conf; #standar fastcgi config file + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + fastcgi_pass 127.0.0.1:9000; + } + + + #block all other php file access from public + location ~ \.php$ { + deny all; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/piwik/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/piwik/nginx.conf new file mode 100644 index 000000000..9d67932b9 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/piwik/nginx.conf @@ -0,0 +1,70 @@ +server { + ## This is to avoid the spurious if for sub-domain name rewriting. + listen [::]:80; + server_name www.stats.example.com; + rewrite ^ $scheme://stats.example.com$request_uri? permanent; +} + +server { + listen [::]:80; + limit_conn arbeit 10; + server_name stats.example.com; + + # Parameterization using hostname of access and log filenames. + access_log /var/log/nginx/stats.example.com_access.log; + error_log /var/log/nginx/stats.example.com_error.log; + + # Disable all methods besides HEAD, GET and POST. + if ($request_method !~ ^(GET|HEAD|POST)$ ) { + return 444; + } + + root /var/www/sites/stats.example.com/; + index index.php index.html; + + # Disallow any usage of piwik assets if referer is non valid. + location ~* ^.+\.(?:jpg|png|css|gif|jpeg|js|swf)$ { + # Defining the valid referers. + valid_referers none blocked *.mysite.com othersite.com; + if ($invalid_referer) { + return 444; + } + expires max; + break; + } + + # Support for favicon. Return a 204 (No Content) if the favicon + # doesn't exist. + location = /favicon.ico { + try_files /favicon.ico =204; + } + + # Try all locations and relay to index.php as a fallback. + location / { + try_files $uri /index.php; + } + + # Relay all index.php requests to fastcgi. + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_pass unix:/tmp/php-cgi/php-cgi.socket; + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + # # The 404 is signaled through a static page. + # error_page 404 /404.html; + + # ## All server error pages go to 50x.html at the document root. + # error_page 500 502 503 504 /50x.html; + # location = /50x.html { + # root /var/www/nginx-default; + # } +} # server diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pmwiki/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pmwiki/nginx.conf new file mode 100644 index 000000000..61a5d4d43 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pmwiki/nginx.conf @@ -0,0 +1,39 @@ +server { + server_name wiki.example.com; + root /srv/www/pmwiki/example.com/wiki/public; + + index pmwiki.php; + + location ~ ^/(cookbook|local|scripts|wiki.d|wikilib.d) { + deny all; + } + + location / { + try_files $uri $uri/ @pmwiki; + } + + location @pmwiki { + rewrite ^/(.*) /pmwiki.php?n=$1; + } + + ## php configuration using unix sockets. + location ~ \.php$ { + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + } + + + # cache configuration for most common files + location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { + # Some basic cache-control for static files to be sent to the browser + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + # drop common log errors + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/prestashop/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/prestashop/sites-available/www.example.com.vhost new file mode 100644 index 000000000..b75f65d81 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/prestashop/sites-available/www.example.com.vhost @@ -0,0 +1,75 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last; + rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last; + rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; + rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; + rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; + rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last; + rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last; + rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last; + try_files $uri $uri/ /index.php$is_args$args; + error_page 404 /index.php?controller=404; + + location ~* \.(gif)$ { + expires 2592000s; + } + location ~* \.(jpeg|jpg)$ { + expires 2592000s; + } + location ~* \.(png)$ { + expires 2592000s; + } + location ~* \.(css)$ { + expires 604800s; + } + location ~* \.(js|jsonp)$ { + expires 604800s; + } + location ~* \.(js)$ { + expires 604800s; + } + location ~* \.(ico)$ { + expires 31536000s; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/processwire/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/processwire/sites-available/www.example.com.vhost new file mode 100644 index 000000000..a4d51719f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/processwire/sites-available/www.example.com.vhost @@ -0,0 +1,64 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + client_max_body_size 100M; + + location ~ /(COPYRIGHT|LICENSE|README|htaccess)\.txt { + deny all; + } + location ~ ^/site(-[^/]+)?/assets/(.*\.php|backups|cache|config|install|logs|sessions) { + deny all; + } + location ~ ^/site(-[^/]+)?/install { + deny all; + } + location ~ ^/(site(-[^/]+)?|wire)/(config(-dev)?|index\.config)\.php { + deny all; + } + location ~ ^/((site(-[^/]+)?|wire)/modules|wire/core)/.*\.(inc|module|php|tpl) { + deny all; + } + location ~ ^/(site(-[^/]+)?|wire)/templates(-admin)?/.*\.(inc|html?|php|tpl) { + deny all; + } + + ### GLOBAL REWRITE + location / { + try_files $uri $uri/ /index.php?it=$uri&$args; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pylons/nginx.vhost.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pylons/nginx.vhost.conf new file mode 100644 index 000000000..e50dfddd7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pylons/nginx.vhost.conf @@ -0,0 +1,11 @@ +server { + server_name domain.tld; + + location / { + # host and port to fastcgi server + fastcgi_pass 127.0.0.1:8080; + include fastcgi_params; + fastcgi_pass_header Authorization; + fastcgi_intercept_errors off; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/drop.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/drop.conf new file mode 100644 index 000000000..e511c0bf4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/drop.conf @@ -0,0 +1,4 @@ +location = /robots.txt { access_log off; log_not_found off; } +location = /favicon.ico { access_log off; log_not_found off; } +location ~ /\. { access_log off; log_not_found off; deny all; } +location ~ ~$ { access_log off; log_not_found off; deny all; } diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/fastcgi_params b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/fastcgi_params new file mode 100644 index 000000000..47ef64a5b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/fastcgi_params @@ -0,0 +1,31 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; + +fastcgi_connect_timeout 60; +fastcgi_send_timeout 180; +fastcgi_read_timeout 180; +fastcgi_buffer_size 128k; +fastcgi_buffers 4 256k; +fastcgi_busy_buffers_size 256k; +fastcgi_temp_file_write_size 256k; +fastcgi_intercept_errors off; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/nginx.conf new file mode 100644 index 000000000..d164f0ee2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/pyrocms/nginx.conf @@ -0,0 +1,50 @@ +server { + listen 80; + server_name domain.com; + root /path/to/webroot; + index index.php; + + access_log /path/to/logs/access.log main; + error_log /path/to/logs/error.log; + + client_max_body_size 200M; + + gzip on; + gzip_static on; + gzip_http_version 1.0; + gzip_disable "MSIE [1-6]."; + gzip_vary on; + + gzip_comp_level 9; + gzip_proxied any; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; + + fastcgi_buffers 8 16k; + fastcgi_buffer_size 32k; + fastcgi_read_timeout 180; + + location / { + try_files $uri $uri/ /index.php; + } + + location /installer { + try_files $uri $uri/ /installer/index.php; + } + + fastcgi_intercept_errors off; + + location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + location ~ \.php { + fastcgi_pass unix:/tmp/domain.sock; + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + include drop.conf; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/redirect.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/redirect.conf new file mode 100644 index 000000000..0d787161b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/redirect.conf @@ -0,0 +1,6 @@ +server { + listen 127.0.0.1:80; + listen [::1]:80; + server_name webchat.domain.tld; + return 301 $scheme://webchat.domain.tld:8080$request_uri; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/reverse-proxy.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/reverse-proxy.conf new file mode 100644 index 000000000..257717fe4 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/qwebric/reverse-proxy.conf @@ -0,0 +1,18 @@ +server { + listen 127.0.0.1:80; + listen [::1]:80; + + server_name webchat.domain.tld; + + access_log /home/web/log/qwebirc.access.log; + error_log /home/web/log/qwebirc.error.log; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_buffering off; + + location / { + proxy_pass http://127.0.0.1:9090; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redaxo/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redaxo/sites-available/www.example.com.vhost new file mode 100644 index 000000000..2c403f20b --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redaxo/sites-available/www.example.com.vhost @@ -0,0 +1,46 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location ^~ /redaxo/include { + deny all; + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redmine/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redmine/nginx.conf new file mode 100644 index 000000000..f90492196 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/redmine/nginx.conf @@ -0,0 +1,19 @@ +upstream redmine { + server 127.0.0.1:8000; + server 127.0.0.1:8001; + server 127.0.0.1:8002; +} + +server { + server_name redmine.DOMAIN.TLD; + root /var/www/redmine/public; + + location / { + try_files $uri @redmine; + } + + location @redmine { + proxy_set_header X-Forwarded-For $remote_addr; + proxy_pass http://redmine; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/reverseproxycachingexample/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/reverseproxycachingexample/nginx.conf new file mode 100644 index 000000000..8dea6ac7a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/reverseproxycachingexample/nginx.conf @@ -0,0 +1,14 @@ +http { + proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m + inactive=24h max_size=1g; + server { + location / { + proxy_pass http://1.2.3.4; + proxy_set_header Host $host; + proxy_cache STATIC; + proxy_cache_valid 200 1d; + proxy_cache_use_stale error timeout invalid_header updating + http_500 http_502 http_503 http_504; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/roundcube/sites-available/example.com.vhost.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/roundcube/sites-available/example.com.vhost.conf new file mode 100644 index 000000000..1a54f9b6c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/roundcube/sites-available/example.com.vhost.conf @@ -0,0 +1,46 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location ~ ^/favicon.ico$ { + root /var/www/www.example.com/web/skins/default/images; + log_not_found off; + access_log off; + expires max; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { + deny all; + } + location ~ ^/(bin|SQL)/ { + deny all; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/separateerrorloggingpervirtualhost/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/separateerrorloggingpervirtualhost/nginx.conf new file mode 100644 index 000000000..49359bfcb --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/separateerrorloggingpervirtualhost/nginx.conf @@ -0,0 +1,20 @@ +error_log logs/main_error.log; + +events { + worker_connections 1024; +} + +http { + error_log logs/http_error.log error; + server { + server_name one.org; + access_log logs/one.access; + error_log logs/one.error error; + } + + server { + server_name two.org; + access_log logs/two.access; + error_log logs/two.error error; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/catchall.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/catchall.conf new file mode 100644 index 000000000..19132c710 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/catchall.conf @@ -0,0 +1,13 @@ +http { + index index.html; + + server { + listen 80 default_server; + server_name _; # This is just an invalid value which will never trigger on a real hostname. + access_log logs/default.access.log main; + + server_name_in_redirect off; + + root /var/www/default/htdocs; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/two.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/two.conf new file mode 100644 index 000000000..bce1afdae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/two.conf @@ -0,0 +1,17 @@ +http { + index index.html; + + server { + server_name www.domain1.com; + access_log logs/domain1.access.log main; + + root /var/www/domain1.com/htdocs; + } + + server { + server_name www.domain2.com; + access_log logs/domain2.access.log main; + + root /var/www/domain2.com/htdocs; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/wildcard-subdomains.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/wildcard-subdomains.conf new file mode 100644 index 000000000..5dab623a9 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/server_blocks/wildcard-subdomains.conf @@ -0,0 +1,31 @@ +server { + # Replace this port with the right one for your requirements + listen 80 default_server; #could also be 1.2.3.4:80 + + # Multiple hostnames separated by spaces. Replace these as well. + server_name star.yourdomain.com *.yourdomain.com; # Alternately: _ + + root /PATH/TO/WEBROOT; + + error_page 404 errors/404.html; + access_log logs/star.yourdomain.com.access.log; + + index index.php index.html index.htm; + + # static file 404's aren't logged and expires header is set to maximum age + location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ { + access_log off; + expires max; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_intercept_errors on; + # By all means use a different server for the fcgi processes if you need to + fastcgi_pass 127.0.0.1:YOURFCGIPORTHERE; + } + + location ~ /\.ht { + deny all; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware/sites-available/www.example.com.vhost new file mode 100644 index 000000000..c5b79d2b5 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware/sites-available/www.example.com.vhost @@ -0,0 +1,75 @@ +server { + listen 80; + + ## SSL directives might go here + ## see http://www.howtoforge.com/how_to_set_up_ssl_vhosts_under_nginx_plus_sni_support_ubuntu_11.04_debian_squeeze + ## if you want to enable SSL for this vhost + + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ /\. { + deny all; + } + + location / { + # Set DirectoryIndex + index shopware.php index.php; + + # Deny direct access to all smarty templates + location ~ ^/templates/.*/*.tpl { + deny all; + } + + # Deny access to php files in web readable directories + location ~ ^/cache/.*/.*\.(php|cgi|php5|php3|php4|phtml|pl|py) { + deny all; + } + location ~ ^/images/.*/.*\.(php|cgi|php5|php3|php4|phtml|pl|py) { + deny all; + } + location ~ ^/files/.*/.*\.(php|cgi|php5|php3|php4|phtml|pl|py) { + deny all; + } + location ~ ^/upload/.*/.*\.(php|cgi|php5|php3|php4|phtml|pl|py) { + deny all; + } + + # Defining rewrite rules + rewrite /images/ayww/(.*) /images/banner/$1 last; + rewrite /files/documents/.* /engine last; + rewrite /templates/(.*(css|js))$ /engine/backend/php/sCacheTemplate.php?file=/templates/$1 last; + rewrite /sitemap.xml(.*) /shopware.php?controller=SitemapXml; + rewrite /application.yaml /engine last; + rewrite /engine/core/php/sAjaxSearch.php$ /engine/backend/php/sAjaxSearch.php last; + rewrite /engine/core/php/campaigns.php$ /engine/backend/php/campaigns.php last; + + # Defining controller based route processing behaviour + if (!-e $request_filename) { + rewrite . /shopware.php last; + } + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS $fastcgi_https; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware4/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware4/sites-available/www.example.com.vhost new file mode 100644 index 000000000..3ff5e34ac --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/shopware4/sites-available/www.example.com.vhost @@ -0,0 +1,53 @@ +server { + listen 80; + ## SSL directives might go here + ## see http://www.howtoforge.com/how_to_set_up_ssl_vhosts_under_nginx_plus_sni_support_ubuntu_11.04_debian_squeeze + ## if you want to enable SSL for this vhost + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ /\. { + deny all; + } + location ~ /(engine|images/[a-z]+|files|templates)/ { + } + location / { + index index.html index.php shopware.php + rewrite shopware.dll /shopware.php; + rewrite files/documents/.* /engine last; + rewrite images/ayww/(.*) /images/banner/$1 last; + rewrite backend/media/(.*) /media/$1 last; + if (!-e $request_filename){ + rewrite . /shopware.php last; + } + } + location ~ \.(tpl|yml|ini)$ { + deny all; + } + location /install { + location /install/assets { + } + if (!-e $request_filename){ + rewrite . /install/index.php last; + } + } + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS $fastcgi_https; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/silverstripe/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/silverstripe/nginx.conf new file mode 100644 index 000000000..321a76dae --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/silverstripe/nginx.conf @@ -0,0 +1,72 @@ +server { + listen 80; + root /path/to/ss/folder; + + server_name site.com www.site.com; + + location / { + try_files $uri /framework/main.php?url=$uri&$query_string; + } + + error_page 404 /assets/error-404.html; + error_page 500 /assets/error-500.html; + + location ^~ /assets/ { + sendfile on; + try_files $uri =404; + } + + location ~ /framework/.*(main|rpc|tiny_mce_gzip)\.php$ { + fastcgi_keep_conn on; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /(mysite|framework|cms)/.*\.(php|php3|php4|php5|phtml|inc)$ { + deny all; + } + + location ~ /\.. { + deny all; + } + + location ~ \.ss$ { + satisfy any; + allow 127.0.0.1; + deny all; + } + + location ~ web\.config$ { + deny all; + } + + location ~ \.ya?ml$ { + deny all; + } + + location ^~ /vendor/ { + deny all; + } + + location ~* /silverstripe-cache/ { + deny all; + } + + location ~* composer\.(json|lock)$ { + deny all; + } + + location ~* /(cms|framework)/silverstripe_version$ { + deny all; + } + + location ~ \.php$ { + fastcgi_keep_conn on; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplecgi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplecgi/nginx.conf new file mode 100644 index 000000000..de7a31eab --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplecgi/nginx.conf @@ -0,0 +1,26 @@ +http { + root /var/www/htdocs; + index index.html; + location ~ ^/cgi-bin/.*\.cgi$ { + gzip off; #gzip makes scripts feel slower since they have to complete before getting gzipped + fastcgi_pass unix:/var/run/nginx/cgiwrap-dispatch.sock; + fastcgi_index index.cgi; + fastcgi_param SCRIPT_FILENAME /var/www/cgi-bin$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param GATEWAY_INTERFACE CGI/1.1; + fastcgi_param SERVER_SOFTWARE nginx; + fastcgi_param SCRIPT_NAME $fastcgi_script_name; + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param DOCUMENT_URI $document_uri; + fastcgi_param DOCUMENT_ROOT $document_root; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param REMOTE_PORT $remote_port; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplegroupware/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplegroupware/sites-available/www.example.com.vhost new file mode 100644 index 000000000..94f8277c2 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplegroupware/sites-available/www.example.com.vhost @@ -0,0 +1,78 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + location = /favicon.ico { + log_not_found off; + access_log off; + expires max; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + client_max_body_size 1000M; + dav_methods PUT DELETE MKCOL COPY MOVE; + create_full_put_path on; + dav_access user:rw group:rw all:r; + + # WebDAV server + location ~ ^/sgdav { + rewrite . /bin/webdav.php; + } + # CMS real URLs + location ~ ^/cms/ { + rewrite ^/cms/ext/(.*)$ /bin/ext/cms/$1 last; + rewrite ^/cms/thumbs/(.*)$ /bin/preview.php?filename=$1 last; + rewrite ^/cms/(.*?)/file/(.*)$ /bin/cms.php?page=$1&file=$2 last; + rewrite ^/cms/(.*)$ /bin/cms.php?page=$1 last; + } + # Root + location = / { + if ($request_method = "OPTIONS") { + rewrite . /bin/webdav.php last; + } + try_files /bin/index.php /src/index.php /sgs_installer.php =404; + + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; # use spawn-fcgi (!!) + } + # Root PHP /*.php + location ~ ^/([^/]+\.php)$ { + try_files /bin/$1 /src/$1 $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; # use spawn-fcgi (!!) + } + # sgs src/*.php bin/*.php + location ~ ^/(src|bin)/([^/]+\.php|ext/.+\.php)$ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass 127.0.0.1:9000; # use spawn-fcgi (!!) + } + # Redirect static files + location ~ ^/(src/|bin/)?(ext/.*|docs/.*)$ { + try_files /custom/$2 /ext/$2 /bin/$2 /src/$2 $uri =404; + } + # Drop all other stuff + location / { + if (!-f $request_filename) { return 404; } + #return 403; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/fastcgi.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/fastcgi.conf new file mode 100644 index 000000000..7705e5ec6 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/fastcgi.conf @@ -0,0 +1,20 @@ +#fastcgi.conf +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx; + +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/nginx.conf new file mode 100644 index 000000000..f17ae8e0a --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplepythonfcgi/nginx.conf @@ -0,0 +1,17 @@ +# static files +location ~ ^/(images|javascript|js|css|flash|media|static)/ { + root /PROJECTBASE/PROJECTNAME/static; +} + +location = /favicon.ico { + root /PROJECTBASE/PROJECTNAME/static/images; +} + +# pass all requests to FastCGI TG server listening on ${HOST}:${PORT} +# +location / { + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index; + fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + include conf/fastcgi_params; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplerubyfcgi/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplerubyfcgi/nginx.conf new file mode 100644 index 000000000..53187fd2f --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/simplerubyfcgi/nginx.conf @@ -0,0 +1,32 @@ +user http; +worker_processes 3; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + gzip on; + gzip_types text/plain text/css text/javascript + application/javascript application/json + application/xml; + index index.html index.htm; + + server { + listen 80; + server_name .example.com; + root /srv/http/my_app/public; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_redirect off; + proxy_pass http://unix:/var/run/my_app.sock:; + } + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/spip/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/spip/nginx.conf new file mode 100644 index 000000000..cc3439314 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/spip/nginx.conf @@ -0,0 +1,24 @@ +server { + server_name emeagwali.net www.emeagwali.net; + client_max_body_size 10m; + root /var/www/spip; + index index.php; + + location / { + try_files $uri $uri/ /spip.php?q=$uri&$args; + } + + location ~^/(tmp|config)/{ + return 403; + } + + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php ; + fastcgi_buffers 16 16k; + fastcgi_buffer_size 32k; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/sugarcrm/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/sugarcrm/sites-available/www.example.com.vhost new file mode 100644 index 000000000..6c7c189db --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/sugarcrm/sites-available/www.example.com.vhost @@ -0,0 +1,39 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + location / { + try_files $uri $uri/ /index.php?$args; + } + # Add trailing slash to */wp-admin requests. + rewrite /wp-admin$ $scheme://$host$uri/ permanent; + location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/nginx.conf new file mode 100644 index 000000000..c5bb402f7 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/nginx.conf @@ -0,0 +1,54 @@ +server { + server_name domain.tld www.domain.tld; + root /var/www/project/web; + + location / { + # try to serve file directly, fallback to app.php + try_files $uri /app.php$is_args$args; + } + # DEV + # This rule should only be placed on your development environment + # In production, don't include this and don't deploy app_dev.php or config.php + location ~ ^/(app_dev|config)\.php(/|$) { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + } + # PROD + location ~ ^/app\.php(/|$) { + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/app.php/some-path + # Remove the internal directive to allow URIs like this + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + error_log /var/log/nginx/project_error.log; + access_log /var/log/nginx/project_access.log; +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/old.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/old.conf new file mode 100644 index 000000000..bd1afb0ab --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/old.conf @@ -0,0 +1,70 @@ +upstream phpfcgi { + server 127.0.0.1:9000; + # server unix:/var/run/php5-fpm.sock; #for PHP-FPM running on UNIX socket +} +server { + listen 80; + + server_name symfony2; + root /var/www/symfony2/web; + + error_log /var/log/nginx/symfony2.error.log; + access_log /var/log/nginx/symfony2.access.log; + + # strip app.php/ prefix if it is present + rewrite ^/app\.php/?(.*)$ /$1 permanent; + + location / { + index app.php; + try_files $uri @rewriteapp; + } + + location @rewriteapp { + rewrite ^(.*)$ /app.php/$1 last; + } + + # pass the PHP scripts to FastCGI server from upstream phpfcgi + location ~ ^/(app|app_dev|config)\.php(/|$) { + fastcgi_pass phpfcgi; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS off; + } +} + + +server { + listen 443; + + server_name symfony2; + root /var/www/symfony2/web; + + ssl on; + ssl_certificate /etc/ssl/certs/symfony2.crt; + ssl_certificate_key /etc/ssl/private/symfony2.key; + + error_log /var/log/nginx/symfony2.error.log; + access_log /var/log/nginx/symfony2.access.log; + + # strip app.php/ prefix if it is present + rewrite ^/app\.php/?(.*)$ /$1 permanent; + + location / { + index app.php; + try_files $uri @rewriteapp; + } + + location @rewriteapp { + rewrite ^(.*)$ /app.php/$1 last; + } + + # pass the PHP scripts to FastCGI server from upstream phpfcgi + location ~ ^/(app|app_dev|config)\.php(/|$) { + fastcgi_pass phpfcgi; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param HTTPS on; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/oldold.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/oldold.conf new file mode 100644 index 000000000..a2e647593 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/symfony/oldold.conf @@ -0,0 +1,50 @@ +server { + listen 80; + + server_name mysite.com; + + root /var/www/mysite.com/web; + access_log /var/log/nginx/mysite.com.access.log; + error_log /var/log/nginx/mysite.com.error.log; + + location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + fastcgi_param HTTPS off; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + index index.php; + try_files $uri /index.php?$args; + } +} + +server { + listen 443; + + ssl on; + ssl_certificate /etc/ssl/certs/mysite.com.crt; + ssl_certificate_key /etc/ssl/private/mysite.com.key; + + server_name mysite.com; + + root /var/www/mysite.com/web; + access_log /var/log/nginx/mysite.com.access.log; + error_log /var/log/nginx/mysite.com.error.log; + location ~ ^/(index|frontend|frontend_dev|backend|backend_dev)\.php$ { + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_pass 127.0.0.1:9000; + } + + location / { + index index.php; + try_files $uri /index.php?$args; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-4.6/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-4.6/sites-available/www.example.com.vhost new file mode 100644 index 000000000..a9e94f23e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-4.6/sites-available/www.example.com.vhost @@ -0,0 +1,89 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + index index.php index.html; + location = /favicon.ico { + log_not_found off; + access_log off; + expires max; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ { + expires max; + log_not_found off; + } + location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)((\?\d\d\d\d\d\d\d\d\d\d)|(\?s=\d\d\d\d\d\d\d\d\d\d))$ { + expires max; + log_not_found off; + } + location ~* \.(cur|ico|gif|png|jpe?g|css|js|swf|woff)(\?v\d\d?\.\d\d?\.\d\d?)$ { + expires max; + log_not_found off; + } + location ~* ^(/typo3/sysext|/typo3conf/ext).*\.(cur|ico|gif|png|jpe?g|css|js|swf|woff) { + expires max; + log_not_found off; + } + location = /clear.gif { + empty_gif; + expires max; + } + location ^~ /typo3/gfx { + expires max; + } + location ^~ /typo3temp/compressor { + expires max; + } + location ~* \.(sql|htaccess|htpasswd|tpl|html5|xhtml) { + deny all; + } + location / { + if ($query_string ~ ".+") { + return 405; + } + # pass requests from logged-in users to PHP + if ($http_cookie ~ 'nc_staticfilecache|be_typo_user' ) { + return 405; + } # pass POST requests to PHP + if ($request_method !~ ^(GET|HEAD)$ ) { + return 405; + } + if ($http_pragma = 'no-cache') { + return 405; + } + if ($http_cache_control = 'no-cache') { + return 405; + } + error_page 405 = @nocache; + # serve requested content from the cache if available, otherwise pass the request to PHP + try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache; + } + location @nocache { + try_files $uri $uri/ /index.php?$args; + } + location ^~ /typo3temp/tx_ncstaticfilecache { + expires 43200; + charset utf-8; + } + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-6.2/sites-available/www.example.com.vhost b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-6.2/sites-available/www.example.com.vhost new file mode 100644 index 000000000..0fc1671b3 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/typo3-6.2/sites-available/www.example.com.vhost @@ -0,0 +1,91 @@ +server { + listen 80; + server_name www.example.com example.com; + root /var/www/www.example.com/web; + + if ($http_host != "www.example.com") { + rewrite ^ http://www.example.com$request_uri permanent; + } + + index index.php index.html; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). + location ~ /\. { + deny all; + access_log off; + log_not_found off; + } + + location ~ \.php$ { + try_files $uri =404; + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_intercept_errors on; + fastcgi_buffer_size 128k; + fastcgi_buffers 256 16k; + fastcgi_busy_buffers_size 256k; + fastcgi_temp_file_write_size 256k; + fastcgi_read_timeout 1200; + } + + client_max_body_size 100M; + + location ~ /\.(js|css)$ { + expires 604800s; + } + + if (!-e $request_filename){ + rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last; + } + + location ~* ^/fileadmin/(.*/)?_recycler_/ { + deny all; + } + location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ { + deny all; + } + location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ { + deny all; + } + location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) { + } + + location / { + if ($query_string ~ ".+") { + return 405; + } + if ($http_cookie ~ 'nc_staticfilecache|be_typo_user|fe_typo_user' ) { + return 405; + } # pass POST requests to PHP + if ($request_method !~ ^(GET|HEAD)$ ) { + return 405; + } + if ($http_pragma = 'no-cache') { + return 405; + } + if ($http_cache_control = 'no-cache') { + return 405; + } + error_page 405 = @nocache; + + try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache; + } + + location @nocache { + try_files $uri $uri/ /index.php$is_args$args; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/no-cache.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/no-cache.conf new file mode 100644 index 000000000..b5d45cb77 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/no-cache.conf @@ -0,0 +1,41 @@ +server { + listen 80; + + server_name kbeezie.com www.kbeezie.com; + root html/kbeezie.com; + + access_log logs/kbeezie.access.log; + error_log logs/kbeezie.error.log; + + # Simply using try_files, tests the request uri against a file, then folder + # then if neither can be found, the request is sent to index.php + # this is a lot simpler than the .htaccess method of rewriting permalinks + + location / { + try_files $uri $uri/ /index.php; + } + + # Normally you do not need this if you are not using any error_page directive + # but having it off allows Wordpress to return it's own error page + # rather than the plain Nginx screen + + fastcgi_intercept_errors off; + + # Caching the typical static files such as css, js, jpg, png and so forth + # helps in telling the browser they can cache the content + location ~* \.(ico|css|js|gif|jpe?g|png)$ { + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + # I like to place my php stuff into it's own file + # see http://kbeezie.com/view/nginx/ for more information + include php.conf; + + # We don't really need to log favicon requests + location = /favicon.ico { access_log off; log_not_found off; } + + # We don't want to allow the browsers to see .hidden linux/unix files + location ~ /\. { deny all; access_log off; log_not_found off; } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/supercache.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/supercache.conf new file mode 100644 index 000000000..9129b2495 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/supercache.conf @@ -0,0 +1,74 @@ +server { + listen 80; + + server_name kbeezie.com www.kbeezie.com; + root html/kbeezie.com; + + access_log logs/kbeezie.access.log; + error_log logs/kbeezie.error.log; + + location / { + # This line when enabled will use Nginx's gzip static module + gzip_static on; + + # Disables serving gzip content to IE 6 or below + gzip_disable "MSIE [1-6]\."; + + # Sets the default type to text/html so that gzipped content is served + # as html, instead of raw uninterpreted data. + default_type text/html; + + # does the requested file exist exactly as it is? if yes, serve it and stop here + if (-f $request_filename) { break; } + + # sets some variables to help test for the existence of a cached copy of the request + set $supercache_file ''; + set $supercache_uri $request_uri; + + # IF the request is a post, has a query attached, or a cookie + # then don't serve the cache (ie: users logged in, or posting comments) + if ($request_method = POST) { set $supercache_uri ''; } + if ($query_string) { set $supercache_uri ''; } + if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) { + set $supercache_uri ''; + } + + # if the supercache_uri variable hasn't been blanked by this point, attempt + # to set the name of the destination to the possible cache file + if ($supercache_uri ~ ^(.+)$) { + set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html; + } + + # If a cache file of that name exists, serve it directly + if (-f $document_root$supercache_file) { rewrite ^ $supercache_file break; } + + # Otherwise send the request back to index.php for further processing + if (!-e $request_filename) { rewrite . /index.php last; } + } + + # Normally you do not need this if you are not using any error_page directive + # but having it off allows Wordpress to return it's own error page + # rather than the plain Nginx screen + + fastcgi_intercept_errors off; + + # Caching the typical static files such as css, js, jpg, png and so forth + # helps in telling the browser they can cache the content + location ~* \.(ico|css|js|gif|jpe?g|png)$ { + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + # I like to place my php stuff into it's own file + # see http://kbeezie.com/view/nginx/ for more information + include php.conf; + + # We don't really need to log favicon requests + location = /favicon.ico { access_log off; log_not_found off; } + + # We don't want to allow the browsers to see .hidden linux/unix files + location ~ /\. { deny all; access_log off; log_not_found off; } +} + + diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/total-cache.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/total-cache.conf new file mode 100644 index 000000000..b5d45cb77 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/total-cache.conf @@ -0,0 +1,41 @@ +server { + listen 80; + + server_name kbeezie.com www.kbeezie.com; + root html/kbeezie.com; + + access_log logs/kbeezie.access.log; + error_log logs/kbeezie.error.log; + + # Simply using try_files, tests the request uri against a file, then folder + # then if neither can be found, the request is sent to index.php + # this is a lot simpler than the .htaccess method of rewriting permalinks + + location / { + try_files $uri $uri/ /index.php; + } + + # Normally you do not need this if you are not using any error_page directive + # but having it off allows Wordpress to return it's own error page + # rather than the plain Nginx screen + + fastcgi_intercept_errors off; + + # Caching the typical static files such as css, js, jpg, png and so forth + # helps in telling the browser they can cache the content + location ~* \.(ico|css|js|gif|jpe?g|png)$ { + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + # I like to place my php stuff into it's own file + # see http://kbeezie.com/view/nginx/ for more information + include php.conf; + + # We don't really need to log favicon requests + location = /favicon.ico { access_log off; log_not_found off; } + + # We don't want to allow the browsers to see .hidden linux/unix files + location ~ /\. { deny all; access_log off; log_not_found off; } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/totalcache-enhanced.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/totalcache-enhanced.conf new file mode 100644 index 000000000..28181d739 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress-caching/totalcache-enhanced.conf @@ -0,0 +1,64 @@ +server { + listen 80; + + server_name kbeezie.com www.kbeezie.com; + + root /usr/local/www/kbeezie.com; + + access_log /var/log/nginx/kbeezie.access.log; + error_log /var/log/nginx/kbeezie.error.log; + + location / { + if (-f $request_filename) { + break; + } + + set $w3tc_rewrite 1; + if ($request_method = POST) { set $w3tc_rewrite 0; } + if ($query_string != "") { set $w3tc_rewrite 0; } + + set $w3tc_rewrite2 1; + if ($request_uri !~ \/$) { set $w3tc_rewrite2 0; } + if ($request_uri ~* "(sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") { set $w3tc_rewrite2 1; } + if ($w3tc_rewrite2 != 1) { set $w3tc_rewrite 0; } + + if ($http_cookie ~* "(comment_author|wp\-postpass|wordpress_\[a\-f0\-9\]\+|wordpress_logged_in)") { set $w3tc_rewrite 0; } + if ($http_user_agent ~* "(W3\ Total\ Cache/0\.9\.2\.4)") { set $w3tc_rewrite 0; } + + set $w3tc_ua ""; + set $w3tc_ref ""; + set $w3tc_ssl ""; + set $w3tc_enc ""; + + if ($http_accept_encoding ~ gzip) { set $w3tc_enc _gzip; } + + set $w3tc_ext ""; + if (-f "$document_root/wp-content/cache/page_enhanced/$host/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl.html$w3tc_enc") { + set $w3tc_ext .html; + } + if ($w3tc_ext = "") { set $w3tc_rewrite 0; } + + if ($w3tc_rewrite = 1) { + rewrite ^ "/wp-content/cache/page_enhanced/$host/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl$w3tc_ext$w3tc_enc" last; + } + + if (!-e $request_filename) { + rewrite ^ /index.php last; + } + } + + location /search { limit_req zone=kbeezieone burst=3 nodelay; rewrite ^ /index.php; } + + fastcgi_intercept_errors off; + + location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { + expires max; + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + # see http://kbeezie.com/view/nginx/ for more information + include php.conf; + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { deny all; access_log off; log_not_found off; } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdir.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdir.conf new file mode 100644 index 000000000..13c89678c --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdir.conf @@ -0,0 +1,47 @@ +map $uri $blogname{ + ~^(?P<blogpath>/[^/]+/)files/(.*) $blogpath ; +} + +map $blogname $blogid{ + default -999; + + #Ref: http://wordpress.org/extend/plugins/nginx-helper/ + #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; +} + +server { + server_name example.com ; + + root /var/www/example.com/htdocs; + index index.php; + + location ~ ^(/[^/]+/)?files/(.+) { + try_files /wp-content/blogs.dir/$blogid/files/$2 /wp-includes/ms-files.php?file=$2 ; + access_log off; log_not_found off; expires max; + } + + #avoid php readfile() + location ^~ /blogs.dir { + internal; + alias /var/www/example.com/htdocs/wp-content/blogs.dir ; + access_log off; log_not_found off; expires max; + } + + if (!-e $request_filename) { + rewrite /wp-admin$ $scheme://$host$uri/ permanent; + rewrite ^(/[^/]+)?(/wp-.*) $2 last; + rewrite ^(/[^/]+)?(/.*\.php) $2 last; + } + + location / { + try_files $uri $uri/ /index.php?$args ; + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php; + } + + #add some rules for static content expiry-headers here +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdomain.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdomain.conf new file mode 100644 index 000000000..6871f1245 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/multisite-subdomain.conf @@ -0,0 +1,39 @@ +map $http_host $blogid { + default -999; + + #Ref: http://wordpress.org/extend/plugins/nginx-helper/ + #include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ; + +} + +server { + server_name example.com *.example.com ; + + root /var/www/example.com/htdocs; + index index.php; + + location / { + try_files $uri $uri/ /index.php?$args ; + } + + location ~ \.php$ { + try_files $uri =404; + include fastcgi_params; + fastcgi_pass php; + } + + #WPMU Files + location ~ ^/files/(.*)$ { + try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$1 ; + access_log off; log_not_found off; expires max; + } + + #WPMU x-sendfile to avoid php readfile() + location ^~ /blogs.dir { + internal; + alias /var/www/example.com/htdocs/wp-content/blogs.dir; + access_log off; log_not_found off; expires max; + } + + #add some rules for static content expiry-headers here +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/nginx.conf new file mode 100644 index 000000000..32544338e --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/wordpress/nginx.conf @@ -0,0 +1,43 @@ +# Upstream to abstract backend connection(s) for php +upstream php { + server unix:/tmp/php-cgi.socket; + server 127.0.0.1:9000; +} + +server { + ## Your website name goes here. + server_name domain.tld; + ## Your only path reference. + root /var/www/wordpress; + ## This should be in your http block and if it is, it's not needed here. + index index.php; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + # This is cool because no php is touched for static content. + # include the "?$args" part so non-default permalinks doesn't break when using query string + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini + include fastcgi.conf; + fastcgi_intercept_errors on; + fastcgi_pass php; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { + expires max; + log_not_found off; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/xenforo/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/xenforo/nginx.conf new file mode 100644 index 000000000..a7d140518 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/xenforo/nginx.conf @@ -0,0 +1,18 @@ +server { + + server_name localhost; + + root html/xenforo; + index index.php index.html; + + location / { + try_files $uri $uri/ /index.php?$uri&$args; + } + + location ~ \.php$ { + fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/yii/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/yii/nginx.conf new file mode 100644 index 000000000..8bfe243e3 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/yii/nginx.conf @@ -0,0 +1,42 @@ +server { + server_name domain.tld; + + root /usr/share/nginx/html; + index index.html index.php; + + #Yii Specific location configurations. + + #SEF URLs for sampleapp. + location /sampleapp { + rewrite ^/sampleapp/(.*)$ /sampleapp/index.php?r=$1; + } + + location ~ /(protected|framework|nbproject) { + deny all; + access_log off; + log_not_found off; + } + + location ~ /themes/\w+/views { + deny all; + access_log off; + log_not_found off; + } + + location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ { + try_files $uri =404; + } + + #End Yii Specific specific location configurations. + + location ~ \.php$ { + root /usr/share/nginx/html; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/$fastcgi_script_name; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + } + + +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zend/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zend/nginx.conf new file mode 100644 index 000000000..65cb37d08 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zend/nginx.conf @@ -0,0 +1,16 @@ +server { + listen 80; + server_name www.example.com; + root /var/www/www.example.com/myapplication; + index index.html index.htm index.php; + + location / { + try_files $uri $uri/ /index.php$is_args$args; + } + + location ~ \.php$ { + fastcgi_pass unix:/usr/local/zend/tmp/php-fastcgi.socket; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zenphoto/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zenphoto/nginx.conf new file mode 100644 index 000000000..1fbef9e41 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zenphoto/nginx.conf @@ -0,0 +1,93 @@ +server { + server_name domain.tld; + + root /var/www/zenphoto; + index index.php; + + # pass the PHP scripts to php-fpm server + location ~ \.php$ { + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_index index.php; + fastcgi_pass php; + } + + location @zenphoto { + + # experimental rss rules + rewrite index\.php\?^rss-(.*)&(.*) /index.php?rss=$1 last; + rewrite index\.php\?^rss-(.*)$ /index.php?rss=$1 last; + + rewrite index\.php$ /index.php last; + rewrite ^/(.*)/page/([A-Za-z0-9_\-]+)/?$ /index.php?album=$1&page=$2 last; + + # Images and stuff + rewrite "^/(.*)/image/(thumb|[0-9]{1,4})/([^/\\\]+)$" /zp-core/i.php?a=$1&i=$3&s=$2 last; + rewrite ^/(.*)/image/([^/\\\]+)$ /zp-core/i.php?a=$1&i=$2 last; + rewrite "^/(.*)/album/(thumb|[0-9]{1,4})/([^/\\\]+)$" /zp-core/i.php?a=$1&i=$3&s=$2&album=true last; + + # Catch all for unknown stuff + rewrite ^/(.*)/?$ /index.php?album=$1 last; + } + + location @albums { + rewrite ^/albums/?(.+/?)?$ /$1 redirect; + } + + # Admin pages + location /admin { + rewrite ^/admin/?$ /zp-core/admin.php redirect; + } + + location /albums { + try_files $uri @albums; + } + + # Tiny URLs + location /tiny { + rewrite ^/tiny/([0-9]+)/?$ /index.php?p=$1&t last; + } + + # Page + location /page { + rewrite ^/page/([0-9]+)/?$ /index.php?page=$1 last; + rewrite ^/page/([A-Za-z0-9\-_]+)/?$ /index.php?p=$1 last; + rewrite ^/page/([A-Za-z0-9_\-]+)/([0-9]+)/?$ /index.php?p=$1&page=$2 last; + } + + # Pages + location /pages { + rewrite ^/pages/?$ /index.php?p=pages last; + rewrite ^/pages/(.*)/?$ /index.php?p=pages&title=$1 last; + } + + # Search + location /page/search { + rewrite ^/page/search/fields([0-9]+)/(.*)/([0-9]+)/?$ /index.php?p=search&searchfields=$1&words=$2&page=$3 last; + rewrite ^/page/search/fields([0-9]+)/(.*)/?$ /index.php?p=search&searchfields=$1&words=$2 last; + rewrite ^/page/search/archive/(.*)/([0-9]+)/?$ /index.php?p=search&date=$1&page=$2 last; + rewrite ^/page/search/archive/(.*)/?$ /index.php?p=search&date=$1 last; + rewrite ^/page/search/tags/(.*)/([0-9]+)/?$ /index.php?p=search&searchfields=tags&words=$1&page=$2 last; + rewrite ^/page/search/tags/(.*)/?$ /index.php?p=search&searchfields=tags&words=$1 last; + rewrite ^/page/search/(.*)/([0-9]+)/?$ /index.php?p=search&words=$1&page=$2 last; + rewrite ^/page/search/(.*)/?$ /index.php?p=search&words=$1 last; + } + + # News + location /news { + rewrite ^/news/?$ /index.php?p=news last; + rewrite ^/news/([0-9]+)/?$ /index.php?p=news&page=$1 last; + rewrite ^/news/category/(.*)/([0-9]+)/?$ /index.php?p=news&category=$1&page=$2 last; + rewrite ^/news/category/(.*)/?$ /index.php?p=news&category=$1 last; + rewrite ^/news/archive/(.*)/([0-9]+)/?$ /index.php?p=news&date=$1&page=$2 last; + rewrite ^/news/archive/(.*)/?$ /index.php?p=news&date=$1 last; + rewrite ^/news/(.*)/?$ /index.php?p=news&title=$1 last; + } + + # Root + location / { + try_files $uri $uri/ @zenphoto; + } +} diff --git a/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zope/nginx.conf b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zope/nginx.conf new file mode 100644 index 000000000..3d022f346 --- /dev/null +++ b/certbot-compatibility-test/nginx/nginx-roundtrip-testdata/zope/nginx.conf @@ -0,0 +1,18 @@ +location ~ /zope(/|$) { + fastcgi_pass unix:/var/run/plone-site.sock; + include /etc/nginx/fastcgi_params; + + set $fixed_content_length $content_length; + if ( $fixed_content_length = "" ) { + set $fixed_content_length "0"; + } + + set $path_info ""; + if ( $document_uri ~ "^/zope/(.*)$" ) { + set $path_info $1; + } + + fastcgi_param CONTENT_LENGTH $fixed_content_length; + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_NAME /zope; +} diff --git a/certbot-compatibility-test/nginx/roundtrip.py b/certbot-compatibility-test/nginx/roundtrip.py new file mode 100644 index 000000000..852221df5 --- /dev/null +++ b/certbot-compatibility-test/nginx/roundtrip.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python + +import os +import sys + +from certbot_nginx import nginxparser + +def roundtrip(stuff): + success = True + for t in stuff: + print t + if not os.path.isfile(t): + continue + with open(t, "r") as f: + config = f.read() + try: + if nginxparser.dumps(nginxparser.loads(config)) != config: + print("Failed parsing round-trip for {0}".format(t)) + success = False + except Exception as e: + print("Failed parsing {0} ({1})".format(t, e)) + success = False + return success + +if __name__ == "__main__": + if len(sys.argv) != 2: + print("usage: %s directory" % sys.argv[0]) + sys.exit(1) + success = True + for where, _, files in os.walk(sys.argv[1]): + if files: + success &= roundtrip(os.path.join(where, f) for f in files) + + sys.exit(0 if success else 1) |