Welcome to mirror list, hosted at ThFree Co, Russian Federation.

nginx_config.py « nginx_tests « certbot_integration_tests « certbot-ci - github.com/certbot/certbot.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/certbot-ci/certbot_integration_tests/nginx_tests/nginx_config.py
blob: 18991ae6217f3074398675fa1bbe2583ec55a9de (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

"""General purpose nginx test configuration generator."""
import getpass

import pkg_resources


def construct_nginx_config(nginx_root, nginx_webroot, http_port, https_port, other_port,
                           default_server, key_path=None, cert_path=None, wtf_prefix='le'):
    """
    This method returns a full nginx configuration suitable for integration tests.
    :param str nginx_root: nginx root configuration path
    :param str nginx_webroot: nginx webroot path
    :param int http_port: HTTP port to listen on
    :param int https_port: HTTPS port to listen on
    :param int other_port: other HTTP port to listen on
    :param bool default_server: True to set a default server in nginx config, False otherwise
    :param str key_path: the path to a SSL key
    :param str cert_path: the path to a SSL certificate
    :param str wtf_prefix: the prefix to use in all domains handled by this nginx config
    :return: a string containing the full nginx configuration
    :rtype: str
    """
    key_path = key_path if key_path \
        else pkg_resources.resource_filename('certbot_integration_tests', 'assets/key.pem')
    cert_path = cert_path if cert_path \
        else pkg_resources.resource_filename('certbot_integration_tests', 'assets/cert.pem')
    return '''\
# This error log will be written regardless of server scope error_log
# definitions, so we have to set this here in the main scope.
#
# Even doing this, Nginx will still try to create the default error file, and
# log a non-fatal error when it fails. After that things will work, however.
error_log {nginx_root}/error.log;

# The pidfile will be written to /var/run unless this is set.
pid {nginx_root}/nginx.pid;

user {user};
worker_processes 1;

events {{
  worker_connections 1024;
}}

http {{
  # Set an array of temp, cache and log file options that will otherwise default to
  # restricted locations accessible only to root.
  client_body_temp_path {nginx_root}/client_body;
  fastcgi_temp_path {nginx_root}/fastcgi_temp;
  proxy_temp_path {nginx_root}/proxy_temp;
  #scgi_temp_path {nginx_root}/scgi_temp;
  #uwsgi_temp_path {nginx_root}/uwsgi_temp;
  access_log {nginx_root}/error.log;
  
  # This should be turned off in a Virtualbox VM, as it can cause some
  # interesting issues with data corruption in delivered files.
  sendfile off;
  
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  
  #include /etc/nginx/mime.types;
  index index.html index.htm index.php;
  
  log_format   main '$remote_addr - $remote_user [$time_local] $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
    
  default_type application/octet-stream;
  
  server {{
    # IPv4.
    listen {http_port} {default_server};
    # IPv6.
    listen [::]:{http_port} {default_server};
    server_name nginx.{wtf_prefix}.wtf nginx2.{wtf_prefix}.wtf;
    
    root {nginx_webroot};
    
    location / {{
      # First attempt to serve request as file, then as directory, then fall
      # back to index.html.
      try_files $uri $uri/ /index.html;
    }}
  }}
  
  server {{
    listen {http_port};
    listen [::]:{http_port};
    server_name nginx3.{wtf_prefix}.wtf;
    
    root {nginx_webroot};
    
    location /.well-known/ {{
      return 404;
    }}
    
    return 301 https://$host$request_uri;
  }}
  
  server {{
    listen {other_port};
    listen [::]:{other_port};
    server_name nginx4.{wtf_prefix}.wtf nginx5.{wtf_prefix}.wtf;
  }}
  
  server {{
    listen {http_port};
    listen [::]:{http_port};
    listen {https_port} ssl;
    listen [::]:{https_port} ssl;
    if ($scheme != "https") {{
      return 301 https://$host$request_uri;
    }}
    server_name nginx6.{wtf_prefix}.wtf nginx7.{wtf_prefix}.wtf;

    ssl_certificate {cert_path};
    ssl_certificate_key {key_path};
  }}
}}
'''.format(nginx_root=nginx_root, nginx_webroot=nginx_webroot, user=getpass.getuser(),
           http_port=http_port, https_port=https_port, other_port=other_port,
           default_server='default_server' if default_server else '', wtf_prefix=wtf_prefix,
           key_path=key_path, cert_path=cert_path)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 13:12:26 +0300