aboutsummaryrefslogtreecommitdiffstats
path: root/tests/apache2-proxy
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@debian.org>2021-02-22 03:30:32 +0100
committerGuilhem Moulin <guilhem@debian.org>2021-02-22 03:30:32 +0100
commitd1be19ea9484f4c48af2de54266465d49bb1281d (patch)
tree768da9388a9ea6ed42d8d818a6433a4871a1172e /tests/apache2-proxy
parent847ae99fb1ed73fd77c6ffd30f2c554ab5892fde (diff)
parent3eba02ef820a393bd5781be9f8fcda1611ae7c3d (diff)
Merge tag 'v0.8.0' into debian/latest
Release version 0.8.0
Diffstat (limited to 'tests/apache2-proxy')
-rw-r--r--tests/apache2-proxy33
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/apache2-proxy b/tests/apache2-proxy
new file mode 100644
index 0000000..016b426
--- /dev/null
+++ b/tests/apache2-proxy
@@ -0,0 +1,33 @@
+# Use Apache2 as reverse proxy for lacme's internal webserver using the
+# provided snippet
+
+# bind the webserver to the default listening address
+sed -i 's|^listen\s*=|#&|' /etc/lacme/lacme.conf
+
+DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends apache2 curl
+
+a2enmod proxy_http
+a2enconf lacme
+
+mkdir /run/apache2
+( set +eux && . /etc/apache2/envvars && apache2 )
+
+# ensure that requests to the root URI and challenge URIs yield 502 Bad Gateway before starting the webserver
+rv="$(curl -w"%{http_code}" -so/dev/null http://127.0.0.1/.well-known/acme-challenge/)"; [ $rv -eq 503 ]
+rv="$(curl -w"%{http_code}" -so/dev/null http://127.0.0.1/.well-known/acme-challenge/foo)"; [ $rv -eq 503 ]
+
+lacme --debug newOrder 2>"$STDERR" || fail
+test /etc/lacme/simpletest.rsa.crt -nt /etc/lacme/simpletest.rsa.key
+
+grepstderr -Fq "Forking ACME webserver bound to /run/lacme-www.socket, child PID "
+grepstderr -Fq "Forking lacme-accountd, child PID "
+grepstderr -Fq "Forking /usr/libexec/lacme/client, child PID "
+grepstderr -Fq "Shutting down lacme-accountd"
+grepstderr -Fq "Shutting down ACME webserver bound to /run/lacme-www.socket"
+grepstderr -Eq "Incoming connection: GET /\.well-known/acme-challenge/\S+ HTTP/[0-9.]+$"
+
+# ensure apache2 was indeed used to serve challenge responses (Let's Encrypt caches validation results)
+grep -E "\"GET /\.well-known/acme-challenge/\S+ HTTP/[0-9.]+\" 200 .* \(([^)]+; )*Let's Encrypt validation server(; [^)]+)*\)\"$" \
+ /var/log/apache2/access.log
+
+# vim: set filetype=sh :