mirror of
https://github.com/containous/traefik.git
synced 2025-01-22 22:03:51 +03:00
Simplify acme e2e tests.
This commit is contained in:
parent
56fe023a12
commit
9e012a6b54
@ -9,7 +9,9 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/containous/traefik/integration/try"
|
||||
"github.com/containous/traefik/provider/acme"
|
||||
"github.com/containous/traefik/testhelpers"
|
||||
"github.com/containous/traefik/types"
|
||||
"github.com/go-check/check"
|
||||
checker "github.com/vdemeester/shakers"
|
||||
)
|
||||
@ -22,10 +24,10 @@ type AcmeSuite struct {
|
||||
|
||||
// Acme tests configuration
|
||||
type AcmeTestCase struct {
|
||||
onDemand bool
|
||||
configuration acme.Configuration
|
||||
traefikConfFilePath string
|
||||
domainToCheck string
|
||||
algorithm x509.PublicKeyAlgorithm
|
||||
expectedDomain string
|
||||
expectedAlgorithm x509.PublicKeyAlgorithm
|
||||
}
|
||||
|
||||
const (
|
||||
@ -39,6 +41,10 @@ const (
|
||||
traefikDefaultDomain = "TRAEFIK DEFAULT CERT"
|
||||
)
|
||||
|
||||
func (s *AcmeSuite) getAcmeURL() string {
|
||||
return fmt.Sprintf("http://%s:4001/directory", s.boulderIP)
|
||||
}
|
||||
|
||||
func (s *AcmeSuite) SetUpSuite(c *check.C) {
|
||||
s.createComposeProject(c, "boulder")
|
||||
s.composeProject.Start(c)
|
||||
@ -46,7 +52,7 @@ func (s *AcmeSuite) SetUpSuite(c *check.C) {
|
||||
s.boulderIP = s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress
|
||||
|
||||
// wait for boulder
|
||||
err := try.GetRequest("http://"+s.boulderIP+":4001/directory", 120*time.Second, try.StatusCodeIs(http.StatusOK))
|
||||
err := try.GetRequest(s.getAcmeURL(), 120*time.Second, try.StatusCodeIs(http.StatusOK))
|
||||
c.Assert(err, checker.IsNil)
|
||||
}
|
||||
|
||||
@ -60,10 +66,18 @@ func (s *AcmeSuite) TearDownSuite(c *check.C) {
|
||||
// Test ACME provider with certificate at start
|
||||
func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/provideracme/acme.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
Domains: types.Domains{types.Domain{
|
||||
Main: "traefik.acme.wtf",
|
||||
}},
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -71,10 +85,18 @@ func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
|
||||
// Test ACME provider with certificate at start
|
||||
func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/provideracme/acme_insan.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: "acme.wtf",
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
Domains: types.Domains{types.Domain{
|
||||
Main: "acme.wtf",
|
||||
SANs: []string{"traefik.acme.wtf"},
|
||||
}},
|
||||
},
|
||||
expectedDomain: "acme.wtf",
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -82,10 +104,15 @@ func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
|
||||
// Test ACME provider with certificate at start
|
||||
func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/provideracme/acme_onhost.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
CAServer: s.getAcmeURL(),
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -93,10 +120,16 @@ func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
|
||||
// Test ACME provider with certificate at start ECDSA algo
|
||||
func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/provideracme/acme_onhost_ecdsa.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.ECDSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
KeyType: "EC384",
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.ECDSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -104,10 +137,16 @@ func (s *AcmeSuite) TestACMEProviderOnHostECDSA(c *check.C) {
|
||||
// Test ACME provider with certificate at start invalid algo default RSA
|
||||
func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/provideracme/acme_onhost_invalid_algo.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
KeyType: "INVALID",
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -115,10 +154,14 @@ func (s *AcmeSuite) TestACMEProviderOnHostInvalidAlgo(c *check.C) {
|
||||
// Test ACME provider with certificate at start and no ACME challenge
|
||||
func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/no_challenge_acme.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: traefikDefaultDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: traefikDefaultDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -126,10 +169,15 @@ func (s *AcmeSuite) TestACMEProviderOnHostWithNoACMEChallenge(c *check.C) {
|
||||
// Test OnDemand option with none provided certificate and challenge HTTP-01
|
||||
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_http01.toml",
|
||||
onDemand: true,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnDemand: true,
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -137,10 +185,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateHTTP01(c *check.C) {
|
||||
// Test OnHostRule option with none provided certificate and challenge HTTP-01
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_http01.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme-base.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -148,21 +201,33 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
|
||||
// Test OnHostRule option with none provided certificate and challenge HTTP-01 and web path
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01WithPath(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_http01_web.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: acmeDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme_http01_web_path.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: acmeDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Test OnDemand option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) {
|
||||
// FIXME flaky
|
||||
c.Skip("Flaky behavior will be fixed in the next PR")
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
|
||||
onDemand: true,
|
||||
domainToCheck: wildcardDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme_tls.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnDemand: true,
|
||||
},
|
||||
expectedDomain: wildcardDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -170,10 +235,15 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C)
|
||||
// Test onHostRule option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: wildcardDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme_tls.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: wildcardDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -181,10 +251,15 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithWildcard(c *check.C
|
||||
// Test OnDemand option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml",
|
||||
onDemand: true,
|
||||
domainToCheck: wildcardDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnDemand: true,
|
||||
},
|
||||
expectedDomain: wildcardDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
@ -192,17 +267,29 @@ func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithDynamicWildcard(c *ch
|
||||
// Test onHostRule option with a wildcard provided certificate
|
||||
func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateWithDynamicWildcard(c *check.C) {
|
||||
testCase := AcmeTestCase{
|
||||
traefikConfFilePath: "fixtures/acme/acme_provided_dynamic.toml",
|
||||
onDemand: false,
|
||||
domainToCheck: wildcardDomain,
|
||||
algorithm: x509.RSA}
|
||||
traefikConfFilePath: "fixtures/acme/acme_tls_dynamic.toml",
|
||||
configuration: acme.Configuration{
|
||||
CAServer: s.getAcmeURL(),
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
},
|
||||
expectedDomain: wildcardDomain,
|
||||
expectedAlgorithm: x509.RSA,
|
||||
}
|
||||
|
||||
s.retrieveAcmeCertificate(c, testCase)
|
||||
}
|
||||
|
||||
// Test Let's encrypt down
|
||||
func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
|
||||
cmd, display := s.traefikCmd(withConfigFile("fixtures/acme/wrong_acme.toml"))
|
||||
file := s.adaptFile(c, "fixtures/acme/acme-base.toml", acme.Configuration{
|
||||
CAServer: "http://wrongurl:4001/directory",
|
||||
HTTPChallenge: &acme.HTTPChallenge{EntryPoint: "http"},
|
||||
OnHostRule: true,
|
||||
})
|
||||
defer os.Remove(file)
|
||||
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
defer display(c)
|
||||
err := cmd.Start()
|
||||
c.Assert(err, checker.IsNil)
|
||||
@ -215,15 +302,7 @@ func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
|
||||
|
||||
// Doing an HTTPS request and test the response certificate
|
||||
func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
file := s.adaptFile(c, testCase.traefikConfFilePath, struct {
|
||||
BoulderHost string
|
||||
OnDemand bool
|
||||
OnHostRule bool
|
||||
}{
|
||||
BoulderHost: s.boulderIP,
|
||||
OnDemand: testCase.onDemand,
|
||||
OnHostRule: !testCase.onDemand,
|
||||
})
|
||||
file := s.adaptFile(c, testCase.traefikConfFilePath, testCase.configuration)
|
||||
defer os.Remove(file)
|
||||
|
||||
cmd, display := s.traefikCmd(withConfigFile(file))
|
||||
@ -237,10 +316,11 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
backend := startTestServer("9010", http.StatusOK)
|
||||
defer backend.Close()
|
||||
|
||||
tr := &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
client := &http.Client{
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
||||
},
|
||||
}
|
||||
client := &http.Client{Transport: tr}
|
||||
|
||||
// wait for traefik (generating acme account take some seconds)
|
||||
err = try.Do(90*time.Second, func() error {
|
||||
@ -249,13 +329,14 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
})
|
||||
c.Assert(err, checker.IsNil)
|
||||
|
||||
tr = &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
ServerName: acmeDomain,
|
||||
client = &http.Client{
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
ServerName: acmeDomain,
|
||||
},
|
||||
},
|
||||
}
|
||||
client = &http.Client{Transport: tr}
|
||||
|
||||
req := testhelpers.MustNewRequest(http.MethodGet, "https://127.0.0.1:5001/", nil)
|
||||
req.Host = acmeDomain
|
||||
@ -276,8 +357,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
}
|
||||
|
||||
cn := resp.TLS.PeerCertificates[0].Subject.CommonName
|
||||
if cn != testCase.domainToCheck {
|
||||
return fmt.Errorf("domain %s found instead of %s", cn, testCase.domainToCheck)
|
||||
if cn != testCase.expectedDomain {
|
||||
return fmt.Errorf("domain %s found instead of %s", cn, testCase.expectedDomain)
|
||||
}
|
||||
|
||||
return nil
|
||||
@ -286,6 +367,6 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
|
||||
c.Assert(err, checker.IsNil)
|
||||
c.Assert(resp.StatusCode, checker.Equals, http.StatusOK)
|
||||
// Check Domain into response certificate
|
||||
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.domainToCheck)
|
||||
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.algorithm)
|
||||
c.Assert(resp.TLS.PeerCertificates[0].Subject.CommonName, checker.Equals, testCase.expectedDomain)
|
||||
c.Assert(resp.TLS.PeerCertificates[0].PublicKeyAlgorithm, checker.Equals, testCase.expectedAlgorithm)
|
||||
}
|
||||
|
@ -9,20 +9,28 @@ defaultEntryPoints = ["http", "https"]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
[[acme.domains]]
|
||||
main = "traefik.acme.wtf"
|
||||
onDemand = {{ .OnDemand }}
|
||||
onHostRule = {{ .OnHostRule }}
|
||||
keyType = "{{ .KeyType }}"
|
||||
caServer = "{{ .CAServer }}"
|
||||
|
||||
{{if .HTTPChallenge }}
|
||||
[acme.httpChallenge]
|
||||
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
|
||||
{{end}}
|
||||
|
||||
{{range .Domains}}
|
||||
[[acme.domains]]
|
||||
main = "{{ .Main }}"
|
||||
sans = [{{range .SANs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
[api]
|
||||
|
||||
@ -38,4 +46,4 @@ defaultEntryPoints = ["http", "https"]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,37 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpchallenge]
|
||||
entrypoint="http"
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,38 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpchallenge]
|
||||
entrypoint="http"
|
||||
|
||||
[web]
|
||||
path="/traefik"
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -9,23 +9,31 @@ defaultEntryPoints = ["http", "https"]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = false
|
||||
onHostRule = false
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
onDemand = {{ .OnDemand }}
|
||||
onHostRule = {{ .OnHostRule }}
|
||||
keyType = "{{ .KeyType }}"
|
||||
caServer = "{{ .CAServer }}"
|
||||
|
||||
{{if .HTTPChallenge }}
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
|
||||
{{end}}
|
||||
|
||||
{{range .Domains}}
|
||||
[[acme.domains]]
|
||||
main = "acme.wtf"
|
||||
sans = [ "traefik.acme.wtf" ]
|
||||
main = "{{ .Main }}"
|
||||
sans = [{{range .SANs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
|
||||
[api]
|
||||
[web]
|
||||
path="/traefik"
|
||||
|
||||
[file]
|
||||
|
||||
@ -39,4 +47,4 @@ defaultEntryPoints = ["http", "https"]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,26 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
[file]
|
||||
filename = "fixtures/acme/certificates.toml"
|
||||
watch = true
|
@ -13,15 +13,29 @@ defaultEntryPoints = ["http", "https"]
|
||||
keyFile = "fixtures/acme/ssl/wildcard.key"
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{ .OnDemand }}
|
||||
onHostRule = {{ .OnHostRule }}
|
||||
keyType = "{{ .KeyType }}"
|
||||
caServer = "{{ .CAServer }}"
|
||||
|
||||
{{if .HTTPChallenge }}
|
||||
[acme.httpChallenge]
|
||||
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
|
||||
{{end}}
|
||||
|
||||
{{range .Domains}}
|
||||
[[acme.domains]]
|
||||
main = "{{ .Main }}"
|
||||
sans = [{{range .SANs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
[api]
|
||||
|
||||
[file]
|
||||
|
||||
@ -31,7 +45,6 @@ entryPoint="http"
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
40
integration/fixtures/acme/acme_tls_dynamic.toml
Normal file
40
integration/fixtures/acme/acme_tls_dynamic.toml
Normal file
@ -0,0 +1,40 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{ .OnDemand }}
|
||||
onHostRule = {{ .OnHostRule }}
|
||||
keyType = "{{ .KeyType }}"
|
||||
caServer = "{{ .CAServer }}"
|
||||
|
||||
{{if .HTTPChallenge }}
|
||||
[acme.httpChallenge]
|
||||
entryPoint = "{{ .HTTPChallenge.EntryPoint }}"
|
||||
{{end}}
|
||||
|
||||
{{range .Domains}}
|
||||
[[acme.domains]]
|
||||
main = "{{ .Main }}"
|
||||
sans = [{{range .SANs }}
|
||||
"{{.}}",
|
||||
{{end}}]
|
||||
{{end}}
|
||||
|
||||
[api]
|
||||
|
||||
[file]
|
||||
filename = "fixtures/acme/certificates.toml"
|
||||
watch = true
|
@ -1,37 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[api]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":8081"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onHostRule = true
|
||||
acmeLogging = true
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
# No challenge defined
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,36 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[api]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":8081"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onHostRule = true
|
||||
caServer = "http://wrongurl:4001/directory"
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,38 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
acmeLogging = true
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
[api]
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,38 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
keyType = "EC384"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
[api]
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -1,38 +0,0 @@
|
||||
logLevel = "DEBUG"
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
address = ":5002"
|
||||
[entryPoints.https]
|
||||
address = ":5001"
|
||||
[entryPoints.https.tls]
|
||||
|
||||
|
||||
[acme]
|
||||
email = "test@traefik.io"
|
||||
storage = "/tmp/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = {{.OnDemand}}
|
||||
onHostRule = {{.OnHostRule}}
|
||||
caServer = "http://{{.BoulderHost}}:4001/directory"
|
||||
keyType = "INVALID"
|
||||
[acme.httpChallenge]
|
||||
entryPoint="http"
|
||||
|
||||
[api]
|
||||
|
||||
[file]
|
||||
|
||||
[backends]
|
||||
[backends.backend]
|
||||
[backends.backend.servers.server1]
|
||||
url = "http://127.0.0.1:9010"
|
||||
weight = 1
|
||||
|
||||
[frontends]
|
||||
[frontends.frontend]
|
||||
backend = "backend"
|
||||
[frontends.frontend.routes.test]
|
||||
rule = "Host:traefik.acme.wtf"
|
@ -22,6 +22,7 @@ import (
|
||||
var integration = flag.Bool("integration", false, "run integration tests")
|
||||
var container = flag.Bool("container", false, "run container integration tests")
|
||||
var host = flag.Bool("host", false, "run host integration tests")
|
||||
var showLog = flag.Bool("tlog", false, "always show Traefik logs")
|
||||
|
||||
func Test(t *testing.T) {
|
||||
check.TestingT(t)
|
||||
@ -114,7 +115,7 @@ func (s *BaseSuite) cmdTraefik(args ...string) (*exec.Cmd, *bytes.Buffer) {
|
||||
func (s *BaseSuite) traefikCmd(args ...string) (*exec.Cmd, func(*check.C)) {
|
||||
cmd, out := s.cmdTraefik(args...)
|
||||
return cmd, func(c *check.C) {
|
||||
if c.Failed() {
|
||||
if c.Failed() || *showLog {
|
||||
s.displayTraefikLog(c, out)
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user