From f40cf6064a02fbb6baae924e94b9183d6bd87474 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 5 May 2025 17:20:44 +0200 Subject: pki: T7122: when ACME listen-address is used - check if port is available When instructing certbot to listen on a given address, check if the address is free to use. Also take this into account when spawning certbot behind HAProxy. If the address is not (yet) bound - the request must be done in standalone mode and not via the reverse-proxy. --- smoketest/scripts/cli/test_load-balancing_haproxy.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'smoketest/scripts/cli/test_load-balancing_haproxy.py') diff --git a/smoketest/scripts/cli/test_load-balancing_haproxy.py b/smoketest/scripts/cli/test_load-balancing_haproxy.py index 6a410ffde..833e0a92b 100755 --- a/smoketest/scripts/cli/test_load-balancing_haproxy.py +++ b/smoketest/scripts/cli/test_load-balancing_haproxy.py @@ -603,13 +603,13 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase): self.assertIn('mode http', config[frontend_name]) self.assertIn('bind [::]:80 v4v6', config[frontend_name]) self.assertIn('acl acme_acl path_beg /.well-known/acme-challenge/', config[frontend_name]) - self.assertIn(f'use_backend certbot_{haproxy_service_name}_backend if acme_acl', config[frontend_name]) + self.assertIn('use_backend buildin_acme_certbot if acme_acl', config[frontend_name]) self.assertIn('redirect scheme https code 301 if !acme_acl', config[frontend_name]) - backend_name = f'backend certbot_{haproxy_service_name}_backend' + backend_name = 'backend buildin_acme_certbot' self.assertIn(backend_name, config.keys()) port = get_default_port('certbot_haproxy') - self.assertIn(f'server acme_https_front 127.0.0.1:{port}', config[backend_name]) + self.assertIn(f'server localhost 127.0.0.1:{port}', config[backend_name]) if __name__ == '__main__': unittest.main(verbosity=2) -- cgit v1.2.3