mrjones-plip
commented
1 year ago AT passes
Setup is to wget latest files:
wget https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-couchdb.yml
wget https://staging.dev.medicmobile.org/_couch/builds/medic:medic:master/docker-compose/cht-core.yml
wget https://raw.githubusercontent.com/medic/cht-upgrade-service/main/docker-compose.ymlThen set up a DNS entry so that zatls.plip.com resolves to the IP where the CHT test install is going to go, 143.198.129.206 a Digital Ocean droplet in this case.
Then do AT:
- no full public docs on the docs site, but we have a decent readme
- this command uses explicit use of auto certs, and it works:
COMMON_NAME=zatls.plip.com CHT_COMPOSE_PROJECT_NAME=test3 COUCHDB_SECRET=foo DOCKER_CONFIG_PATH=./ COUCHDB_DATA=.//couchd CHT_COMPOSE_PATH=./ COUCHDB_USER=medic COUCHDB_PASSWORD=password CERTIFICATE_MODE=AUTO_GENERATE docker compose up - validation that "it works" was done with
curllike this:curl --silent -v -I https://zatls.plip.com 2>&1 |egrep 'SSL connection|subject:' * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA * subject: CN=zatls.plip.com - As well the browser showed a valid let's encrypt cert
- logs for the
nginxcontainer are below - finally, upgrading to branch
4.0.0-7778-bulk-delete-redesignworked as expected
10-listen-on-ipv6-by-default.sh: info: IPv6 listen already enabled
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
20-envsubst-on-templates.sh: Running envsubst on /etc/nginx/templates/server.conf.template to /etc/nginx/conf.d/server.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/ssl-install.sh
Running SSL certificate checks
CERTIFICATE MODE = AUTO_GENERATE
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1032 0 1032 0 0 9467 0 --:--:-- --:--:-- --:--:-- 9467
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 214k 100 214k 0 0 5496k 0 --:--:-- --:--:-- --:--:-- 5496k
[Wed Nov 2 20:12:52 UTC 2022] Installing from online archive.
[Wed Nov 2 20:12:52 UTC 2022] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Wed Nov 2 20:12:53 UTC 2022] Extracting master.tar.gz
[Wed Nov 2 20:12:53 UTC 2022] Installing to /root/.acme.sh
[Wed Nov 2 20:12:53 UTC 2022] Installed to /root/.acme.sh/acme.sh
[Wed Nov 2 20:12:53 UTC 2022] No profile is found, you will need to go into /root/.acme.sh to use acme.sh
[Wed Nov 2 20:12:53 UTC 2022] Installing cron job
12 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Wed Nov 2 20:12:53 UTC 2022] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Nov 2 20:12:54 UTC 2022] OK
[Wed Nov 2 20:12:54 UTC 2022] Install success!
[Wed Nov 2 20:12:54 UTC 2022] Domains not changed.
[Wed Nov 2 20:12:54 UTC 2022] Skip, Next renewal time is: 2022-12-31T19:55:19Z
[Wed Nov 2 20:12:54 UTC 2022] Add '--force' to force to renew.
root@deleteme-cht-tls-auto-test:~# /root/.local/bin/lazydocker
root@deleteme-cht-tls-auto-test:~# docker logs --follow test3_nginx_1
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
20-envsubst-on-templates.sh: Running envsubst on /etc/nginx/templates/server.conf.template to /etc/nginx/conf.d/server.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/ssl-install.sh
Running SSL certificate checks
CERTIFICATE MODE = AUTO_GENERATE
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1032 0 1032 0 0 5863 0 --:--:-- --:--:-- --:--:-- 5863
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 214k 100 214k 0 0 1438k 0 --:--:-- --:--:-- --:--:-- 1438k
[Wed Nov 2 20:15:43 UTC 2022] Installing from online archive.
[Wed Nov 2 20:15:43 UTC 2022] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Wed Nov 2 20:15:43 UTC 2022] Extracting master.tar.gz
[Wed Nov 2 20:15:43 UTC 2022] Installing to /root/.acme.sh
[Wed Nov 2 20:15:43 UTC 2022] Installed to /root/.acme.sh/acme.sh
[Wed Nov 2 20:15:43 UTC 2022] No profile is found, you will need to go into /root/.acme.sh to use acme.sh
[Wed Nov 2 20:15:44 UTC 2022] Installing cron job
[Wed Nov 2 20:15:44 UTC 2022] Good, bash is found, so change the shebang to use bash as preferred.
[Wed Nov 2 20:15:44 UTC 2022] OK
[Wed Nov 2 20:15:44 UTC 2022] Install success!
[Wed Nov 2 20:15:45 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Nov 2 20:15:45 UTC 2022] Standalone mode.
[Wed Nov 2 20:15:45 UTC 2022] Create account key ok.
[Wed Nov 2 20:15:45 UTC 2022] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed Nov 2 20:15:45 UTC 2022] Registered
[Wed Nov 2 20:15:45 UTC 2022] ACCOUNT_THUMBPRINT='0G01ikUqiZwl-SIbCVqBMPakZHRpe4x4JF3ONmxSsUQ'
[Wed Nov 2 20:15:45 UTC 2022] Creating domain key
[Wed Nov 2 20:15:46 UTC 2022] The domain key is here: /root/.acme.sh/zatls.plip.com/zatls.plip.com.key
[Wed Nov 2 20:15:46 UTC 2022] Single domain='zatls.plip.com'
[Wed Nov 2 20:15:46 UTC 2022] Getting domain auth token for each domain
[Wed Nov 2 20:15:46 UTC 2022] Getting webroot for domain='zatls.plip.com'
[Wed Nov 2 20:15:46 UTC 2022] Verifying: zatls.plip.com
[Wed Nov 2 20:15:46 UTC 2022] Standalone mode server
[Wed Nov 2 20:15:48 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Nov 2 20:15:50 UTC 2022] Success
[Wed Nov 2 20:15:50 UTC 2022] Verify finished, start to sign.
[Wed Nov 2 20:15:50 UTC 2022] Lets finalize the order.
[Wed Nov 2 20:15:50 UTC 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/806108337/140360652907'
[Wed Nov 2 20:15:51 UTC 2022] Downloading cert.
[Wed Nov 2 20:15:51 UTC 2022] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/0419674d5a977bc9443308764e1ac4a49f24'
[Wed Nov 2 20:15:51 UTC 2022] Cert success.
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISBBlnTVqXe8lEMwh2ThrEpJ8kMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjExMDIxOTE1NTBaFw0yMzAxMzExOTE1NDlaMBkxFzAVBgNVBAMT
DnphdGxzLnBsaXAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
vFEtr5MR4L5/a2/xvpz0zAh7CKpGZz4BZh7NIaVdfenTjo6LGOIjqOjUcLKsti2u
tecwjmOsmrKJGGQt9WUlCBtAviXfQaFtLCc89x+R0lJZ+tAvmfrDB3aSHxYw/HnW
ZoCCWDgHzDfxlVcufxN5t3GeCYJGgazvRFM+OJ4hYQSvyQi/gyLgVFdpd/BXWp3K
ngkP/+3+xPeXj8S2Hj28KaUcXr7irGjE51ERhZDVLY4y0VN5xUuTcypy4jyHn9D9
GBJEtaJ+jRGYVtVKn7yG7GrmKHkmm4KjZ+fsr91ulX+H4FF3Yn0/bOKavQrVhhIl
YQVOUu1Dc38/4NjqELu3gwIDAQABo4ICSDCCAkQwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud
DgQWBBQV1wmDWFNDvF7RNV/nPoeyRSzYAzAfBgNVHSMEGDAWgBQULrMXt1hWy65Q
CUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9y
My5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3Jn
LzAZBgNVHREEEjAQgg56YXRscy5wbGlwLmNvbTBMBgNVHSAERTBDMAgGBmeBDAEC
ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl
bmNyeXB0Lm9yZzCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2ALc++yTfnE26dfI5
xbpY9Gxd/ELPep81xJ4dCYEl7bSZAAABhDn8XFAAAAQDAEcwRQIgH+Pv09GIS2Ic
e1c1d/oqcyOWHwnkxWs90GKPm+RSKAECIQDwtiQKvBCxGjZsQ35YTyPmmZCYQ61d
0Bm4NBQzAM3/EQB1AHoyjFTYty22IOo44FIe6YQWcDIThU070ivBOlejUutSAAAB
hDn8XG0AAAQDAEYwRAIgeGZ/WhRzFuP+32vbcFc1JK80Ke1HRkSG1hW6gLI6jC4C
IDFlzMC2AvYnunVxyZxlhmCrz0g+7tO7ku8sCSKxU4MsMA0GCSqGSIb3DQEBCwUA
A4IBAQCLS943/pmynUCZxGSaMT+WStzIAIMMTAAoU72PTRxGAcJDbMkSN08F46/B
0xf33GNwwhiTjFSMa6WYu1AduCSTAmU4CHVxXmFqmNjJKwXkQjK5dlZHWXsUTFKd
ILZnlqrfKKxIEo4rY2XeFE1QnR3z0qLNnYgtd+O8mEAF7NLJHhG5XDEAcR5T40Uk
9VhUtyEd/IyyhfgRuJf262N6ttSXyslSpkFCvR6x99d5ocyBRBaMvF3CzhxkWwJY
MnixYKsIuA0ZRG9lK2xXqePNZbPT2qyXmbOQtqTgjNw/IJZSOLPoty7LisPNbhag
HQtjLKUBvLorJytMAOZUThBwO8CT
-----END CERTIFICATE-----
[Wed Nov 2 20:15:51 UTC 2022] Your cert is in: /root/.acme.sh/zatls.plip.com/zatls.plip.com.cer
[Wed Nov 2 20:15:51 UTC 2022] Your cert key is in: /root/.acme.sh/zatls.plip.com/zatls.plip.com.key
[Wed Nov 2 20:15:51 UTC 2022] The intermediate CA cert is in: /root/.acme.sh/zatls.plip.com/ca.cer
[Wed Nov 2 20:15:51 UTC 2022] And the full chain certs is there: /root/.acme.sh/zatls.plip.com/fullchain.cer
[Wed Nov 2 20:15:51 UTC 2022] Installing key to: /etc/nginx/private/key.pem
[Wed Nov 2 20:15:51 UTC 2022] Installing full chain to: /etc/nginx/private/cert.pem
SSL Cert installed.
Launching Nginx
User: Admin Site: local/docker Platform: MacOs, Linux, Windows / Chrome, Firefox Test Steps: Steps for test
1. Check if there is documentation for this > for all OS we support 2. Check that it works Expected Result: User should have comprehensive documentation. No error during installation and/or update