新增ssl_self_check目录用于ssl自检部署

roles/ssl-self-check/files/ssl_self_check/certs/common/certs/.gitignore

@@ -0,0 +1,3 @@
+# Generated .pem files are placed in this directory for download.
+*
+!.gitignore

roles/ssl-self-check/files/ssl_self_check/certs/common/common.conf

@@ -0,0 +1,73 @@
+---
+---
+
+# The top-level root is specified by each individual .conf file.
+
+# https://github.com/lgarron/{{ site.domain }}/issues/47
+add_header "Cache-Control" "no-store";
+
+location /test {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+
+  location /test/cors {
+    add_header "Access-Control-Allow-Origin" "*";
+
+    if ($http_referer ~* (youtube.com|ytimg.com|m.facebook.com|google) ) {
+        access_log off;
+    }
+  }
+
+  location /test/basic-auth {
+    auth_basic           "HTTP Basic Auth. Username and password are `test`/`test`.";
+    auth_basic_user_file {{ site.serving-path }}/nginx-includes/basic-auth.htpasswd;
+  }
+}
+
+location /icons {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+  proxy_cache_valid 200 1h;
+}
+
+location = /style.css {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+}
+
+location = /crossdomain.xml {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+}
+
+location = /robots.txt {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+}
+
+location /mixed/ {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+}
+
+location /certs/ {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+}
+
+location /input/ {
+  root {{ site.serving-path }}/common;
+  try_files $uri $uri/ =404;
+
+  location /input/login/submit {
+    error_page 405 =200 $uri;
+  }
+
+  location /input/dynamic-login/submit {
+    error_page 405 =200 $uri;
+  }
+}
+
+location / {
+  try_files $uri $uri/ =404;
+}

roles/ssl-self-check/files/ssl_self_check/certs/common/crossdomain.xml

@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<!-- https://*.badssl.com/crossdomain.xml -->
+<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
+<cross-domain-policy>
+  <allow-access-from domain="*.youtube.com" />
+  <allow-access-from domain="s.ytimg.com" />
+</cross-domain-policy>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/credit-card/index.html

@@ -0,0 +1,27 @@
+---
+title: credit-card
+layout: page
+favicon: gray
+background: gray
+---
+
+<style>
+#content input {
+  font-size: 4vw;
+}
+</style>
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    credit-card
+  </h1>
+  <br><br><br>
+  <form>
+    <input type="text" autofocus autocomplete="cc-number" placeholder="credit card number" maxlength="19"><br><br>
+    <input type="text" autocomplete="cc-csc" placeholder="security code" maxlength="4">
+  </form>
+</div>
+
+<div id="footer">
+  This page contains a credit card input form.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/dynamic-login/index.html

@@ -0,0 +1,64 @@
+---
+title: dynamic-login
+layout: page
+favicon: gray
+background: gray
+---
+
+<style>
+#content button {
+  font-size: 3vw;
+}
+#content input {
+  font-size: 3vw;
+}
+#content #form-wrapper {
+  height: 5em;
+}
+a {
+  font-size: 3vw;
+  color: white;
+  font-family: Helvetica, Tahoma, sans-serif;
+}
+.hidden {
+  display: none;
+}
+</style>
+
+<div id="content">
+  <h1 style="font-size: 4vw;">
+    dynamic-login
+  </h1>
+  <br><br>
+  <a href="" id="show-form">
+    Show login form
+  </a>
+  <div id="form-wrapper">
+    <br>
+    <form id="form" class="hidden" action="./submit/" method="post">
+      <input type="text" autocomplete="username" id="username" placeholder="username field"/><br><br>
+      <input type="password" id="value" placeholder="password input field" value="password"/><br><br>
+      <button type="submit">Submit</button>
+    </form>
+  </div>
+</div>
+
+<div id="footer">
+  This page can show and hide a <code>&lt;form&gt;</code><br>
+  with username and password inputs.
+</div>
+
+<script>
+var showingForm = false;
+document.querySelector("#show-form").addEventListener("click", function(e) {
+  e.preventDefault();
+  if (showingForm) {
+    document.querySelector("#form").classList.add("hidden");
+    document.querySelector("#show-form").textContent = "Show login form";
+  } else {
+    document.querySelector("#form").classList.remove("hidden");
+    document.querySelector("#show-form").textContent = "Hide login form";
+  }
+  showingForm = !showingForm;
+})
+</script>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/dynamic-login/submit/index.html

@@ -0,0 +1,16 @@
+---
+subdomain: dynamic-login submitted
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    (submitted)
+  </h1>
+</div>
+
+<div id="footer">
+  This is the submission page for <a href="../">a form</a>.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/login/index.html

@@ -0,0 +1,28 @@
+---
+title: login
+layout: page
+favicon: gray
+background: gray
+---
+
+<style>
+#content input {
+  font-size: 4vw;
+}
+</style>
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    login
+  </h1>
+  <br><br><br>
+  <form action="./submit/" method="post">
+    <input type="text" autocomplete="username" id="username" placeholder="username field"/><br><br>
+    <input type="password" id="value" placeholder="password input field" value="password"/><br><br>
+    <button type="submit">Submit</button>
+  </form>
+</div>
+
+<div id="footer">
+  This page contains a <code>&lt;form&gt;</code> with username and password inputs.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/login/submit/index.html

@@ -0,0 +1,16 @@
+---
+titled: login submitted
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    (submitted)
+  </h1>
+</div>
+
+<div id="footer">
+  This is the submission page for <a href="../">a form</a>.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/password/index.html

@@ -0,0 +1,24 @@
+---
+title: password
+layout: page
+favicon: gray
+background: gray
+---
+
+<style>
+#content input {
+  font-size: 4vw;
+}
+</style>
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    password
+  </h1>
+  <br><br><br>
+  <input type="password" id="value" placeholder="password input field" value="password"/>
+</div>
+
+<div id="footer">
+  This page contains a lone password field<br> that is <b>not</b> wrapped in a <tt>&lt;form&gt;</tt> tag.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/textarea/index.html

@@ -0,0 +1,24 @@
+---
+title: textarea
+layout: page
+favicon: gray
+background: gray
+---
+
+<style>
+#content textarea {
+  font-size: 4vw;
+}
+</style>
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    textarea
+  </h1>
+  <br><br><br>
+  <textarea placeholder="Type here." autofocus></textarea>
+</div>
+
+<div id="footer">
+  This page contains a <code>&lt;textarea&gt;</code> input.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/web-payment/index.html

@@ -0,0 +1,21 @@
+---
+title: web-payment
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1>web-payment</h1>
+  <p>
+    <button onclick="handleClick();">Initiate payment</button>
+    <button id="log-toggle" onclick="toggleLogVisibility();">Show log</button>
+    <ul id="log" hidden></ul>
+  </p>
+</div>
+
+<div id="footer">
+  <p>This page requires web payment API.</p>
+</div>
+
+<script src="index.js"></script>

roles/ssl-self-check/files/ssl_self_check/certs/common/input/web-payment/index.js

@@ -0,0 +1,75 @@
+function appendLog(msg) {
+  console.log(msg);
+  let logList = document.getElementById('log');
+  let logEntry = document.createElement('li');
+  let logText = document.createTextNode(msg);
+  logEntry.appendChild(logText);
+  logList.appendChild(logEntry);
+}
+
+function clearLog() {
+  let logList = document.getElementById('log');
+  while (logList.firstChild) {
+    logList.removeChild(logList.firstChild);
+  }
+}
+
+function toggleLogVisibility() {
+  let logList = document.getElementById('log');
+  let logToggle = document.getElementById('log-toggle');
+  if (logList.hidden) {
+    logToggle.innerHTML = 'Hide log';
+    logList.hidden = false;
+  } else {
+    logToggle.innerHTML = 'Show log';
+    logList.hidden = true;
+  }
+}
+
+/**
+ * Builds PaymentRequest for credit cards, but does not show any UI yet.
+ * @return {PaymentRequest} The PaymentRequest object.
+ */
+function initPaymentRequest() {
+  const request = new PaymentRequest(
+      [{
+        supportedMethods: ['basic-card'],
+      }],
+      {
+        total: {
+          label: 'Total',
+          amount: {
+            currency: 'USD',
+            value: '1.00',
+          },
+        },
+      });
+  request.canMakePayment().then(function(result) {
+    appendLog('canMakePayment returned: ' + result);
+  }).catch(function(err) {
+    appendLog('canMakePayment rejected: ' + err.name + ': ' + err.message);
+  });
+  request.hasEnrolledInstrument().then(function(result) {
+    appendLog('hasEnrolledInstrument returned: ' + result);
+  }).catch(function(err) {
+    appendLog('hasEnrolledInstrument rejected: ' + err.name + ': ' + err.message);
+  });
+  return request;
+}
+
+let request = initPaymentRequest();
+
+/** Invokes PaymentRequest for credit cards. */
+function handleClick() {
+  clearLog();
+  request.show().then(function(instrumentResponse) {
+    appendLog('show returned: ' + JSON.stringify(instrumentResponse));
+    request = initPaymentRequest();
+    return instrumentResponse.complete('success');
+  })
+  .catch(function(err) {
+    appendLog('show rejected: ' + err.name + ': ' + err.message);
+    request = initPaymentRequest();
+  });
+
+}

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/css/index.html

@@ -0,0 +1,24 @@
+---
+title: mixed css
+layout: page
+favicon: red
+background: gray
+---
+
+<style>
+  .triggered {
+    display: none;
+  }
+</style>
+
+<div id="content">
+  <h1 style="font-size: 9vw;">
+    mixed css
+  </h1>
+</div>
+
+<div id="footer">
+  This page <span class="not-triggered">triggers</span><span class="triggered">has triggered</span> insecure CSS.
+</div>
+
+<link rel="stylesheet" href="http://{{ site.http-domain }}/resources/stylesheet.css">

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/font/index.html

@@ -0,0 +1,26 @@
+---
+title: mixed font
+layout: page
+favicon: red
+background: gray
+---
+
+<style>
+  @font-face {
+    font-family: Inception;
+    src: url(http://{{ site.http-domain }}/resources/font.ttf) format("truetype");
+  }
+  #content h1 {
+    font-family: Inception !important;
+  }
+</style>
+
+<div id="content">
+  <h1 style="font-size: 9vw;">
+    MIXED FONT
+  </h1>
+</div>
+
+<div id="footer">
+  This page triggers an insecure font using CSS.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/form/index.html

@@ -0,0 +1,17 @@
+---
+title: mixed form
+layout: page
+favicon: yellow
+background: rgb(246, 207, 47)
+---
+
+<div id="content">
+  <h1 style="font-size: 7vw;">
+    mixed form
+  </h1>
+  <br><br>
+  <form action="http://{{ site.http-domain }}/resources/form-submitted.html" method="post">
+    <input type="text" id="value" placeholder="This form submits to HTTP."/>
+    <button type="submit">Submit</button>
+  </form>
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/iframe/index.html

@@ -0,0 +1,22 @@
+---
+title: mixed iframe
+layout: page
+favicon: red
+background: gray
+---
+
+<style>
+  iframe {
+    width: 20vh;
+    height: 10vh;
+    max-width: 256;
+    margin-top: 5vh;
+  }
+</style>
+
+<div id="content">
+  <h1 style="font-size: 7vw;">
+    mixed iframe
+  </h1>
+  <iframe src="http://{{ site.http-domain }}/resources/iframe.html"></iframe>
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/image/index.html

@@ -0,0 +1,15 @@
+---
+title: mixed image
+layout: page
+favicon: yellow
+background: rgb(246, 207, 47)
+---
+
+<div id="content">
+  <h1 style="font-size: 7vw;">
+    mixed image
+  </h1>
+  <div>
+    <img class="mixed" src="http://{{ site.http-domain }}/resources/image.jpg" alt="HTTP image">
+  </div>
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/nonexistent-image/index.html

@@ -0,0 +1,13 @@
+---
+title: mixed nonexistent-image
+layout: page
+favicon: yellow
+background: rgb(246, 207, 47)
+---
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    mixed nonexistent-image
+  </h1>
+  <img class="mixed" src="http://nonexistent.domain/resources/image.jpg" alt="mixed image on nonexistent domain">
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/password/index.html

@@ -0,0 +1,17 @@
+---
+title: mixed password
+layout: page
+favicon: yellow
+background: rgb(246, 207, 47)
+---
+
+<div id="content">
+  <h1 style="font-size: 7vw;">
+    mixed password
+  </h1>
+  <br><br>
+  <form action="http://{{ site.http-domain }}/resources/form-submitted.html" method="post">
+    <input type="password" id="value" placeholder="This form submits to HTTP." value="password"/>
+    <button type="submit">Submit</button>
+  </form>
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/mixed/script/index.html

@@ -0,0 +1,18 @@
+---
+title: mixed script
+layout: page
+favicon: red
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 9vw;">
+    mixed script
+  </h1>
+</div>
+
+<div id="footer">
+  This page triggers active mixed content<br>(a script from an insecure URL).
+</div>
+
+<script src="http://{{ site.http-domain }}/resources/script.js"></script>

roles/ssl-self-check/files/ssl_self_check/certs/common/robots.txt

@@ -0,0 +1,2 @@
+User-agent: Browsershots
+Disallow:

roles/ssl-self-check/files/ssl_self_check/certs/common/style.css

@@ -0,0 +1,88 @@
+html, body {
+  height: 100%;
+  margin: 0;
+  padding: 0;
+}
+
+body {
+  background: gray;
+  display: flex;
+  flex-direction: column;
+}
+
+#content {
+  text-align: center;
+
+  /* Fill the entire height of the page above the footer. */
+  flex: 1;
+
+  /* Center child items */
+  display: flex;
+  flex-direction: column;
+  align-items: center;
+  justify-content: center;
+}
+
+#content h1 {
+  margin: 0em auto;
+  color: white;
+  font-weight: bold;
+  font-family: "Source Code Pro", Monaco, Consolas, "Courier New", monospace, Impact;
+  font-size: 7vw;
+  text-shadow:
+    0 0 20px rgba(255, 255, 255, 0.5),
+    0 0 40px rgba(255, 255, 255, 0.5),
+    0 0 60px rgba(255, 255, 255, 0.5);
+}
+
+#content img.mixed {
+  width: 20vh;
+  max-width: 256;
+  margin-top: 5vh;
+}
+
+#content input {
+  min-width: 15em;
+}
+
+#content input, button {
+  text-align: center;
+  font-size: 2vw;
+}
+
+#log {
+  list-style: none;
+  padding-inline-start: 0px;
+  color: white;
+  font-family: Helvetica, Tahoma, sans-serif;
+  font-size: 2vw;
+}
+
+#footer {
+  padding: 2vh 2vw;
+  background: rgba(0, 0, 0, 0.25);
+  color: white;
+  text-align: center;
+  font-family: Helvetica, Tahoma, sans-serif;
+  font-size: 3vw;
+
+  /* Size based on content */
+  flex: 0 0 content;
+}
+
+#footer a {
+  color: white;
+  transition: all 150ms;
+}
+
+#footer a:hover {
+  text-shadow:
+    0px 0px 20px rgba(255, 255, 255, 0.5),
+    0px 0px 40px rgba(255, 255, 255, 0.5),
+    0px 0px 60px rgba(255, 255, 255, 0.5);
+}
+
+#footer #http-vs-https {
+  height: 1.5em;
+  vertical-align: middle;
+}

roles/ssl-self-check/files/ssl_self_check/certs/common/test/basic-auth/index.html

@@ -0,0 +1,16 @@
+---
+title: basic-auth
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 10vw;">
+    basic-auth
+  </h1>
+</div>
+
+<div id="footer">
+  This page is protected using <a href="https://en.wikipedia.org/wiki/Basic_access_authentication">HTTP Basic Authentication</a>.
+</div>

roles/ssl-self-check/files/ssl_self_check/certs/common/test/canceled-image/index.html

@@ -0,0 +1,20 @@
+---
+title: canceled-image
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 5vw;">
+    canceled-image
+  </h1>
+</div>
+
+
+<script>
+  var xhr= new XMLHttpRequest();
+  xhr.open("GET", "https://google.com/image.jpg");
+  xhr.send();
+  xhr.abort();
+</script

roles/ssl-self-check/files/ssl_self_check/certs/common/test/cors/cors.json

@@ -0,0 +1,3 @@
+{
+  "value": "success"
+}

roles/ssl-self-check/files/ssl_self_check/certs/common/test/dashboard/small-text-file.txt

@@ -0,0 +1 @@
+The rain in Spain stays mainly in the plain.

roles/ssl-self-check/files/ssl_self_check/certs/common/test/imported.js

@@ -0,0 +1 @@
+message = "loaded";

roles/ssl-self-check/files/ssl_self_check/certs/common/test/theme-color/index.html

@@ -0,0 +1,32 @@
+---
+title: theme-color
+layout: page
+favicon: gray
+background: gray
+---
+
+<div id="content">
+  <h1 style="font-size: 9vw;">
+    <input id="color" type="color" name="color" value="#00e000">
+  </h1>
+</div>
+
+<div id="footer">
+  This page allows setting a dynamic theme color.<br>
+  The color defaults to bright green, and will update with the page background.
+</div>
+
+<script>
+var themeColor = document.createElement("meta");
+themeColor.name = "theme-color";
+document.head.appendChild(themeColor);
+
+var colorElem = document.querySelector("#color");
+var updateColor = function() {
+  themeColor.content = colorElem.value;
+  document.body.style.backgroundColor = colorElem.value;
+}
+
+updateColor();
+colorElem.addEventListener("change", updateColor);
+</script>