diff options
Diffstat (limited to 'certbot-nginx/tests/boulder-integration.conf.sh')
-rwxr-xr-x | certbot-nginx/tests/boulder-integration.conf.sh | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/certbot-nginx/tests/boulder-integration.conf.sh b/certbot-nginx/tests/boulder-integration.conf.sh index 470eab28e..35cedf5ed 100755 --- a/certbot-nginx/tests/boulder-integration.conf.sh +++ b/certbot-nginx/tests/boulder-integration.conf.sh @@ -3,16 +3,22 @@ # https://www.exratione.com/2014/03/running-nginx-as-a-non-root-user/ # https://github.com/exratione/non-root-nginx/blob/9a77f62e5d5cb9c9026fd62eece76b9514011019/nginx.conf +# USAGE: ./boulder-integration.conf.sh /path/to/root cert.key cert.pem >> nginx.conf + +ROOT=$1 +CERT_KEY_PATH=$2 +CERT_PATH=$3 + cat <<EOF # This error log will be written regardless of server scope error_log # definitions, so we have to set this here in the main scope. # # Even doing this, Nginx will still try to create the default error file, and # log a non-fatal error when it fails. After that things will work, however. -error_log $root/error.log; +error_log $ROOT/error.log; # The pidfile will be written to /var/run unless this is set. -pid $root/nginx.pid; +pid $ROOT/nginx.pid; worker_processes 1; @@ -23,12 +29,12 @@ events { http { # Set an array of temp, cache and log file options that will otherwise default to # restricted locations accessible only to root. - client_body_temp_path $root/client_body; - fastcgi_temp_path $root/fastcgi_temp; - proxy_temp_path $root/proxy_temp; - #scgi_temp_path $root/scgi_temp; - #uwsgi_temp_path $root/uwsgi_temp; - access_log $root/error.log; + client_body_temp_path $ROOT/client_body; + fastcgi_temp_path $ROOT/fastcgi_temp; + proxy_temp_path $ROOT/proxy_temp; + #scgi_temp_path $ROOT/scgi_temp; + #uwsgi_temp_path $ROOT/uwsgi_temp; + access_log $ROOT/error.log; # This should be turned off in a Virtualbox VM, as it can cause some # interesting issues with data corruption in delivered files. @@ -53,9 +59,9 @@ http { listen 5002 $default_server; # IPv6. listen [::]:5002 $default_server; - server_name nginx.wtf nginx-tls.wtf nginx2.wtf; + server_name nginx.wtf nginx2.wtf; - root $root/webroot; + root $ROOT/webroot; location / { # First attempt to serve request as file, then as directory, then fall @@ -69,7 +75,7 @@ http { listen [::]:5002; server_name nginx3.wtf; - root $root/webroot; + root $ROOT/webroot; location /.well-known/ { return 404; @@ -93,6 +99,9 @@ http { return 301 https://\$host\$request_uri; } server_name nginx6.wtf nginx7.wtf; + + ssl_certificate ${CERT_PATH}; + ssl_certificate_key ${CERT_KEY_PATH}; } } EOF |