affine/ngx-acme-demo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

somewhat functional config

Browse source 
Signed-off-by: Ava Hahn <a.hahn@f5.com>
This commit is contained in:
Ava Hahn 2025-09-25 00:12:36 +00:00
parent 2ade911283
commit 0428682b66
7 changed files with 68 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.gitmodules vendored Normal file
View file

@ -0,0 +1,9 @@
[submodule "nginx"]
path = nginx
url = git@github.com:nginx/nginx
[submodule "nginx-acme"]
path = nginx-acme
url = git@github.com:nginx/nginx-acme
[submodule "pebble"]
path = pebble
url = git@github.com:letsencrypt/pebble

1
nginx Submodule

@ -0,0 +1 @@
Subproject commit bc71625dcca1f1cbd0db7450af853feb90ebba85

1
nginx-acme Submodule

@ -0,0 +1 @@
Subproject commit e929adbf4f31cc27052cae78ed2eb3d664e894e1

10
nginx.conf
View file

@ -3,11 +3,13 @@ error_log /dev/stdout notice;
pid /tmp/pid; pid /tmp/pid;
daemon off; daemon off;
events {}
http { http {
resolver 8.8.8.8:53; resolver 8.8.8.8:53;
acme_issuer acme_staging { acme_issuer local_pebble {
uri https://acme-staging-v02.api.letsencrypt.org/directory; uri https://0.0.0.0:14000/dir;
contact ava@sunnypup.io; contact ava@sunnypup.io;
state_path /tmp; state_path /tmp;
accept_terms_of_service; accept_terms_of_service;
@ -19,7 +21,7 @@ http {
listen 443 ssl; listen 443 ssl;
server_name mylocalwebsite.com; server_name mylocalwebsite.com;
acme_certificate acme_staging; acme_certificate local_pebble;
ssl_certificate $acme_certificate; ssl_certificate $acme_certificate;
ssl_certificate_key $acme_certificate_key; ssl_certificate_key $acme_certificate_key;
@ -28,7 +30,7 @@ http {
ssl_certificate_cache max=2; ssl_certificate_cache max=2;
location / { location / {
proxy_pass http://echo.sunnypup.io proxy_pass http://echo.sunnypup.io;
} }
} }

1
pebble Submodule

@ -0,0 +1 @@
Subproject commit b2f382d9128addd7759eb06b060380b20d14b66d

22
pebble-config.json Normal file
View file

@ -0,0 +1,22 @@
{
"pebble": {
"listenAddress": "0.0.0.0:14000",
"managementListenAddress": "0.0.0.0:15000",
"certificate": "pebble/test/certs/localhost/cert.pem",
"privateKey": "pebble/test/certs/localhost/key.pem",
"httpPort": 5002,
"tlsPort": 5001,
"ocspResponderURL": "",
"externalAccountBindingRequired": false,
"retryAfter": {
"authz": 3,
"order": 5
},
"profiles": {
"default": {
"description": "The profile you know and love",
"validityPeriod": 7776000
}
}
}
}

28
run.sh Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
set -ex
here=$(dirname $(realpath "$0"))
git submodule update --init --recursive
mkdir -p pfx/logs
cd pebble
go build ./cmd/pebble
cd $here
if ! [ -f nginx/objs/nginx ]; then
cd nginx
auto/configure --with-compat --with-http_ssl_module \
--add-module=$here/nginx-acme --prefix=$here/pfx
make -j8
cd $here
fi
PEBBLE_VA_ALWAYS_VALID=1 pebble/pebble -config pebble-config.json &
sleep 2
nginx/objs/nginx -c $here/nginx.conf &
sleep 2
# todo xdg open url
sleep infinity