Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1338 from drwetter/drwetter-dockerfiles1

Browse Source 
Docker container for testing (generated by a script)
This commit is contained in:
Dirk Wetter 2019-10-02 17:53:37 +02:00 committed by GitHub
commit 35c69bee27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 86 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
utils/docker-debian10.tls13only.start.sh Normal file
View File

@ -0,0 +1,31 @@
# no early data, but TLS 1.3 with debian:buster (sid simlar in Feb 2019)
image=${1:-"debian:buster"}
docker pull "$image"
ID=$(docker run -d -ti $image)
docker exec -ti $ID apt-get update
docker exec -ti $ID apt-get install -y ssl-cert dialog
docker exec -ti $ID apt-get install -y nginx-common nginx-light
docker exec -ti $ID cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
docker exec -ti $ID sed -i -e 's/# listen/listen/' -e 's/# include/include/' /etc/nginx/sites-available/default
if echo "$0" | grep -q only; then
docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols TLSv1\.3;\n\tssl_ecdh_curve X448:X25519;/' /etc/nginx/sites-available/default
else
docker exec -ti $ID sed -i -e 's/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols TLSv1\.2 TLSv1\.3;\n\tssl_ecdh_curve X448:X25519;/' /etc/nginx/sites-available/default
fi
s/listen \[::\]:443 ssl default_server;/&\n\tssl_protocols TLSv1.2 TLSv1.3;/\n\tssl_ecdh_curve X448:X25519;' /etc/nginx/sites-available/default
docker exec -ti $ID nginx -V
docker exec -ti $ID service nginx start
docker exec -ti $ID service nginx status
# P Q
docker inspect $ID | jq -r '.[].NetworkSettings.IPAddress'
exit 0

55
utils/docker-nginx.tls13-earlydata.start.sh Normal file
View File

@ -0,0 +1,55 @@
#!/bin/bash
image="rsnow/nginx"
docker pull $image
ID=$(docker run -d -ti $image)
echo $ID
docker exec -ti $ID nginx -V
docker exec -ti $ID mkdir /etc/nginx/ssl
HN=$(docker exec -ti $ID hostname| tr -d '\n' | tr -d '\r')
cd /tmp
cat >$ID.conf << EOF
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name _;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_early_data on;
#
ssl_certificate /etc/nginx/ssl/$HN.crt;
ssl_certificate_key /etc/nginx/ssl/$HN.key;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
EOF
docker cp $ID.conf $ID:/etc/nginx/conf.d/443.conf
C_ST_etc="C=DE/ST=Gotham/L=Nowhere/CN=${HN}"
openssl req -subj "/${C_ST_etc}/CN=${HN}" -newkey rsa:4096 -keyout "$HN.key" -nodes -sha256 -out "$HN.req"
openssl x509 -days 365 -in "$HN.req" -req -signkey "$HN.key" -out "$HN.crt"
docker cp $HN.key $ID:/etc/nginx/ssl
docker cp $HN.crt $ID:/etc/nginx/ssl
docker exec -ti $ID nginx -s reload
# docker start $ID
# P Q
docker inspect $ID | jq -r '.[].NetworkSettings.IPAddress'
exit 0
EOF