aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-29 22:43:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-29 22:43:33 +0200
commitd93660085ceba3f81631bba4744b23af7984cd9d (patch)
treeb240c1faeedea7a5e4ddb77da7bfe02bff40ba58
parent96dc4add445c5a48632bef6f8a4f0440c70f03d0 (diff)
Improve docs.
-rw-r--r--lacme.md14
1 files changed, 9 insertions, 5 deletions
diff --git a/lacme.md b/lacme.md
index d18b176..0f6f3ee 100644
--- a/lacme.md
+++ b/lacme.md
@@ -234,12 +234,15 @@ served during certificate issuance.
absolute path of a UNIX-domain socket (created with mode `0666`).
Default: `/var/run/lacme.socket`.
- Note: The default value is only suitable when an external HTTP
+ **Note**: The default value is only suitable when an external HTTP
daemon is publicly reachable and passes all ACME challenge requests
to the webserver component through the UNIX-domain socket
- `/var/run/lacme.socket`; if that's not the case, one needs to set
- *listen* to `[::]` (or `0.0.0.0 [::]` when dual IPv4/IPv6 stack is
- disabled or unavailable), and possibly also set *iptables* to `Yes`.
+ `/var/run/lacme.socket` (for instance using the provided
+ `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration
+ snippets for each virtual host requiring authorization). If there
+ is no HTTP daemon bound to port 80 one needs to set *listen* to
+ `[::]` (or `0.0.0.0 [::]` when dual IPv4/IPv6 stack is disabled or
+ unavailable), and possibly also set *iptables* to `Yes`.
*challenge-directory*
@@ -267,7 +270,8 @@ served during certificate issuance.
*command*
: Path to the [ACME] webserver executable. A separate process is
- spawned for each address to *listen* on.
+ spawned for each address to *listen* on. (In particular no
+ webserver process is forked when the *listen* option is empty.)
Default: `/usr/lib/lacme/webserver`.
*iptables*