这是indexloc提供的服务,不要输入任何密码
Skip to content

filter out literal wildcard when deploying an unrelated domain. closes #1185 #1202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 20, 2015
Merged

filter out literal wildcard when deploying an unrelated domain. closes #1185 #1202

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions plugins/nginx-vhosts/commands
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,19 +76,20 @@ EOF
SSL_HOSTNAME=$(openssl x509 -in $SSL_INUSE/server.crt -noout -subject | tr '/' '\n' | grep CN= | cut -c4-)
if [[ -n "$SSL_HOSTNAME" ]]; then
SSL_HOSTNAME_REGEX=$(echo "$SSL_HOSTNAME" | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g')
[[ -z "$(egrep "^${SSL_HOSTNAME_REGEX}$" $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME" >> $VHOST_PATH
[[ -z "$(egrep "^${SSL_HOSTNAME_REGEX}$" $VHOST_PATH)" ]] && [[ ! "$SSL_HOSTNAME" =~ ^\*.* ]] && echo "$SSL_HOSTNAME" >> $VHOST_PATH
fi

SSL_HOSTNAME_ALT=$(openssl x509 -in $SSL_INUSE/server.crt -noout -text | grep --after-context=1 '509v3 Subject Alternative Name:' | tail -n 1 | sed -e "s/[[:space:]]*DNS://g" | tr ',' '\n' || true)
if [[ -n "$SSL_HOSTNAME_ALT" ]]; then
SSL_HOSTNAME_ALT_REGEX=$(echo "$SSL_HOSTNAME_ALT" | sed 's|\.|\\.|g' | sed 's/\*/\[^\.\]\*/g')
[[ -z "$(egrep "^${SSL_HOSTNAME_ALT_REGEX}$" $VHOST_PATH)" ]] && echo "$SSL_HOSTNAME_ALT" >> $VHOST_PATH
[[ -z "$(egrep "^${SSL_HOSTNAME_ALT_REGEX}$" $VHOST_PATH)" ]] && [[ ! "$SSL_HOSTNAME_ALT" =~ ^\*.* ]] && echo "$SSL_HOSTNAME_ALT" >> $VHOST_PATH
fi

SSL_VHOSTS=$(egrep "^${SSL_HOSTNAME_REGEX}$|^${SSL_HOSTNAME_ALT_REGEX}$" $VHOST_PATH || exit 0)
NONSSL_VHOSTS=$(egrep -v "^${SSL_HOSTNAME_REGEX}$|^${SSL_HOSTNAME_ALT_REGEX}$" $VHOST_PATH || exit 0)

while read line; do
[[ -z "$line" ]] && continue
dokku_log_info1 "Configuring SSL for $line..."
SSL_SERVER_NAME=$line
NOSSL_SERVER_NAME=$line
Expand Down
11 changes: 10 additions & 1 deletion tests/unit/nginx-vhosts.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ setup() {
}

teardown() {
destroy_app
destroy_app 0 $TEST_APP
[[ -f "$DOKKU_ROOT/VHOST.bak" ]] && mv "$DOKKU_ROOT/VHOST.bak" "$DOKKU_ROOT/VHOST"
[[ -f "$DOKKU_ROOT/HOSTNAME.bak" ]] && mv "$DOKKU_ROOT/HOSTNAME.bak" "$DOKKU_ROOT/HOSTNAME"
disable_tls_wildcard
Expand Down Expand Up @@ -82,6 +82,15 @@ assert_http_success() {
assert_ssl_domain "wildcard2.dokku.me"
}

@test "(nginx-vhosts) nginx:build-config (wildcard SSL & unrelated domain)" {
destroy_app
TEST_APP="${TEST_APP}.example.com"
setup_test_tls_wildcard
deploy_app nodejs-express dokku@dokku.me:$TEST_APP
run /bin/bash -c "egrep '*.dokku.me' $DOKKU_ROOT/${TEST_APP}/nginx.conf | wc -l"
assert_output "0"
}

@test "(nginx-vhosts) nginx:build-config (with SSL CN mismatch)" {
setup_test_tls
deploy_app
Expand Down
3 changes: 2 additions & 1 deletion tests/unit/test_helper.bash
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,8 @@ create_app() {
}

destroy_app() {
RC="$1"; RC=${RC:=0}
local RC="$1"; local RC=${RC:=0}
local TEST_APP="$2"; local TEST_APP=${TEST_APP:=my-cool-guy-test-app}
echo $TEST_APP | dokku apps:destroy $TEST_APP
return $RC
}
Expand Down