somewhat functional config

Signed-off-by: Ava Hahn <a.hahn@f5.com>
2025-09-25 00:12:36 +00:00 · 2025-09-25 00:12:36 +00:00 · 0428682b66
commit 0428682b66
parent 2ade911283
7 changed files with 68 additions and 4 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,9 @@
+[submodule "nginx"]
+	path = nginx
+	url = git@github.com:nginx/nginx
+[submodule "nginx-acme"]
+	path = nginx-acme
+	url = git@github.com:nginx/nginx-acme
+[submodule "pebble"]
+	path = pebble
+	url = git@github.com:letsencrypt/pebble
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit bc71625dcca1f1cbd0db7450af853feb90ebba85
--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit e929adbf4f31cc27052cae78ed2eb3d664e894e1
--- a/nginx.conf
+++ b/nginx.conf
@ -3,11 +3,13 @@ error_log /dev/stdout notice;
 pid /tmp/pid;
 daemon off;

+events {}
+
 http {
 	resolver 8.8.8.8:53;

-	acme_issuer acme_staging {
-		uri         https://acme-staging-v02.api.letsencrypt.org/directory;
+	acme_issuer local_pebble {
+		uri         https://0.0.0.0:14000/dir;
 		contact     ava@sunnypup.io;
 		state_path  /tmp;
 		accept_terms_of_service;
@ -19,7 +21,7 @@ http {
 		listen 443 ssl;
 		server_name mylocalwebsite.com;

-		acme_certificate acme_staging;
+		acme_certificate local_pebble;

 		ssl_certificate       $acme_certificate;
 		ssl_certificate_key   $acme_certificate_key;
@ -28,7 +30,7 @@ http {
 		ssl_certificate_cache max=2;

 		location / {
-			proxy_pass http://echo.sunnypup.io
+			proxy_pass http://echo.sunnypup.io;
 		}
 	}

--- a/1
+++ b/1
@ -0,0 +1 @@
+Subproject commit b2f382d9128addd7759eb06b060380b20d14b66d
--- a/pebble-config.json
+++ b/pebble-config.json
@ -0,0 +1,22 @@
+{
+  "pebble": {
+    "listenAddress": "0.0.0.0:14000",
+    "managementListenAddress": "0.0.0.0:15000",
+    "certificate": "pebble/test/certs/localhost/cert.pem",
+    "privateKey": "pebble/test/certs/localhost/key.pem",
+    "httpPort": 5002,
+    "tlsPort": 5001,
+    "ocspResponderURL": "",
+    "externalAccountBindingRequired": false,
+    "retryAfter": {
+        "authz": 3,
+        "order": 5
+    },
+    "profiles": {
+      "default": {
+        "description": "The profile you know and love",
+        "validityPeriod": 7776000
+      }
+    }
+  }
+}
--- a/run.sh
+++ b/run.sh
@ -0,0 +1,28 @@
+#!/bin/sh
+set -ex
+
+here=$(dirname $(realpath "$0"))
+
+git submodule update --init --recursive
+mkdir -p pfx/logs
+
+cd pebble
+go build ./cmd/pebble
+cd $here
+
+if ! [ -f nginx/objs/nginx ]; then
+	cd nginx
+	auto/configure --with-compat --with-http_ssl_module \
+		--add-module=$here/nginx-acme --prefix=$here/pfx
+	make -j8
+	cd $here
+fi
+
+PEBBLE_VA_ALWAYS_VALID=1 pebble/pebble -config pebble-config.json &
+sleep 2
+
+nginx/objs/nginx -c $here/nginx.conf &
+sleep 2
+
+# todo xdg open url
+sleep infinity
				`@ -0,0 +1 @@`
				`Subproject commit bc71625dcca1f1cbd0db7450af853feb90ebba85`
				`@ -0,0 +1 @@`
				`Subproject commit e929adbf4f31cc27052cae78ed2eb3d664e894e1`
				`@ -0,0 +1 @@`
				`Subproject commit b2f382d9128addd7759eb06b060380b20d14b66d`