Create ACME Provider

2018-03-05 20:54:04 +01:00 · 2018-03-05 20:54:04 +01:00 · 8380de1bd9
commit 8380de1bd9
parent bf43149d7e
41 changed files with 1672 additions and 657 deletions
--- a/integration/acme_test.go
+++ b/integration/acme_test.go
@ -52,20 +52,30 @@ func (s *AcmeSuite) TearDownSuite(c *check.C) {
 	}
 }

-// Test OnDemand option with none provided certificate
-func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificate(c *check.C) {
+// Test ACME provider with certificate at start
+func (s *AcmeSuite) TestACMEProviderAtStart(c *check.C) {
 	testCase := AcmeTestCase{
-		traefikConfFilePath: "fixtures/acme/acme.toml",
-		onDemand:            true,
+		traefikConfFilePath: "fixtures/provideracme/acme.toml",
+		onDemand:            false,
 		domainToCheck:       acmeDomain}

 	s.retrieveAcmeCertificate(c, testCase)
 }

-// Test OnHostRule option with none provided certificate
-func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificate(c *check.C) {
+// Test ACME provider with certificate at start
+func (s *AcmeSuite) TestACMEProviderAtStartInSAN(c *check.C) {
 	testCase := AcmeTestCase{
-		traefikConfFilePath: "fixtures/acme/acme.toml",
+		traefikConfFilePath: "fixtures/provideracme/acme_insan.toml",
+		onDemand:            false,
+		domainToCheck:       "acme.wtf"}
+
+	s.retrieveAcmeCertificate(c, testCase)
+}
+
+// Test ACME provider with certificate at start
+func (s *AcmeSuite) TestACMEProviderOnHost(c *check.C) {
+	testCase := AcmeTestCase{
+		traefikConfFilePath: "fixtures/provideracme/acme_onhost.toml",
 		onDemand:            false,
 		domainToCheck:       acmeDomain}

@ -216,7 +226,7 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {

 		cn := resp.TLS.PeerCertificates[0].Subject.CommonName
 		if cn != testCase.domainToCheck {
-			return fmt.Errorf("domain %s found in place of %s", cn, testCase.domainToCheck)
+			return fmt.Errorf("domain %s found instead of %s", cn, testCase.domainToCheck)
 		}

 		return nil
--- a/integration/fixtures/access_log_config.toml
+++ b/integration/fixtures/access_log_config.toml
@ -34,7 +34,6 @@ checkNewVersion = false
      users = ["test:traefik:a2688e031edb4be6a3797f3882655c05", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]

 [api]
-  dashboard = true

 [docker]
  exposedByDefault = false
--- a/integration/fixtures/acme/acme_http01_web.toml
+++ b/integration/fixtures/acme/acme_http01_web.toml
@ -9,10 +9,6 @@ defaultEntryPoints = ["http", "https"]
  address = ":5001"
    [entryPoints.https.tls]

-
-[web]
-path="/traefik"
-
 [acme]
 email = "test@traefik.io"
 storage = "/dev/null"
@ -23,6 +19,9 @@ caServer = "http://{{.BoulderHost}}:4000/directory"
 [acme.httpchallenge]
 entrypoint="http"

+[web]
+path="/traefik"
+
 [file]

 [backends]
@ -30,9 +29,8 @@ entrypoint="http"
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"

-
 [frontends]
  [frontends.frontend]
  backend = "backend"
    [frontends.frontend.routes.test]
-    rule = "Host:traefik.acme.wtf"
+    rule = "Host:traefik.acme.wtf"
--- a/integration/fixtures/acme/acme_provided.toml
+++ b/integration/fixtures/acme/acme_provided.toml
@ -4,7 +4,7 @@ defaultEntryPoints = ["http", "https"]

 [entryPoints]
  [entryPoints.http]
-  address = ":8080"
+  address = ":5002"
  [entryPoints.https]
  address = ":5001"
    [entryPoints.https.tls]
@ -19,6 +19,8 @@ entryPoint = "https"
 onDemand = {{.OnDemand}}
 OnHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpChallenge]
+entryPoint="http"

 [file]

--- a/integration/fixtures/acme/acme_provided_dynamic.toml
+++ b/integration/fixtures/acme/acme_provided_dynamic.toml
@ -4,7 +4,7 @@ defaultEntryPoints = ["http", "https"]

 [entryPoints]
  [entryPoints.http]
-  address = ":8080"
+  address = ":5002"
  [entryPoints.https]
  address = ":5001"
    [entryPoints.https.tls]
@ -17,6 +17,8 @@ entryPoint = "https"
 onDemand = {{.OnDemand}}
 OnHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpChallenge]
+entryPoint="http"

 [file]
 filename = "fixtures/acme/certificates.toml"
--- a/integration/fixtures/provideracme/acme.toml
+++ b/integration/fixtures/provideracme/acme.toml
@ -4,7 +4,7 @@ defaultEntryPoints = ["http", "https"]

 [entryPoints]
  [entryPoints.http]
-  address = ":8080"
+  address = ":5002"
  [entryPoints.https]
  address = ":5001"
    [entryPoints.https.tls]
@ -17,6 +17,13 @@ entryPoint = "https"
 onDemand = {{.OnDemand}}
 OnHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpChallenge]
+entryPoint="http"
+[[acme.domains]]
+main = "traefik.acme.wtf"
+
+
+[api]

 [file]

@ -25,9 +32,8 @@ caServer = "http://{{.BoulderHost}}:4000/directory"
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"

-
 [frontends]
  [frontends.frontend]
  backend = "backend"
    [frontends.frontend.routes.test]
-    rule = "Host:traefik.acme.wtf"
+    rule = "Host:traefik.acme.wtf"
--- a/integration/fixtures/provideracme/acme_insan.toml
+++ b/integration/fixtures/provideracme/acme_insan.toml
@ -0,0 +1,40 @@
+logLevel = "DEBUG"
+
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":5002"
+  [entryPoints.https]
+  address = ":5001"
+    [entryPoints.https.tls]
+
+
+[acme]
+email = "test@traefik.io"
+storage = "/dev/null"
+entryPoint = "https"
+onDemand = false
+OnHostRule = false
+caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpChallenge]
+entryPoint="http"
+[[acme.domains]]
+main = "acme.wtf"
+sans = [ "traefik.acme.wtf" ]
+
+
+[api]
+
+[file]
+
+[backends]
+  [backends.backend]
+    [backends.backend.servers.server1]
+    url = "http://127.0.0.1:9010"
+
+[frontends]
+  [frontends.frontend]
+  backend = "backend"
+    [frontends.frontend.routes.test]
+    rule = "Host:traefik.acme.wtf"
--- a/integration/fixtures/provideracme/acme_onhost.toml
+++ b/integration/fixtures/provideracme/acme_onhost.toml
@ -0,0 +1,36 @@
+logLevel = "DEBUG"
+
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":5002"
+  [entryPoints.https]
+  address = ":5001"
+    [entryPoints.https.tls]
+
+
+[acme]
+email = "test@traefik.io"
+storage = "/dev/null"
+entryPoint = "https"
+onDemand = {{.OnDemand}}
+OnHostRule = {{.OnHostRule}}
+caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpChallenge]
+entryPoint="http"
+
+[api]
+
+[file]
+
+[backends]
+  [backends.backend]
+    [backends.backend.servers.server1]
+    url = "http://127.0.0.1:9010"
+
+[frontends]
+  [frontends.frontend]
+  backend = "backend"
+    [frontends.frontend.routes.test]
+    rule = "Host:traefik.acme.wtf"
--- a/integration/https_test.go
+++ b/integration/https_test.go
@ -604,7 +604,7 @@ func (s *HTTPSSuite) TestWithSNIDynamicConfigRouteWithTlsConfigurationDeletion(c

 		cn := resp.TLS.PeerCertificates[0].Subject.CommonName
 		if cn == tr2.TLSClientConfig.ServerName {
-			return fmt.Errorf("domain %s found in place of default one", tr2.TLSClientConfig.ServerName)
+			return fmt.Errorf("domain %s found instead of the default one", tr2.TLSClientConfig.ServerName)
 		}

 		return nil
--- a/integration/resources/compose/boulder.yml
+++ b/integration/resources/compose/boulder.yml
@ -1,5 +1,5 @@
 boulder:
-    image: containous/boulder:release
+    image: containous/boulder:containous-fork
    environment:
        FAKE_DNS: ${DOCKER_HOST_IP}
        PKCS11_PROXY_SOCKET: tcp://boulder-hsm:5657