aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-28 22:11:04 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-28 22:33:09 +0200
commit99902d8737cd01b2788ec51b06d314a36135be2c (patch)
tree47a007175163b0a89f87fd92598d1e3f63c2c018
parent40a54d2ad35630b1c8a7cd88791db032a7983d4d (diff)
Provide nginx configuration snippet.
-rw-r--r--Changelog1
-rw-r--r--config/nginx.conf18
2 files changed, 19 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index 0619ffd..59d5153 100644
--- a/Changelog
+++ b/Changelog
@@ -12,6 +12,7 @@ lacme (0.3) upstream;
'iptables' option to Yes.
+ Change 'min-days' default from 10 to 21, to avoid expiration notices
from Let's Encrypt when auto-renewal is done by a cronjob.
+ + Provide nginx configuration snippet.
- Ensure lacme's config file descriptor is not passed to the accountd
or webserver components.
- new-cert: sort section names if not passed explicitely.
diff --git a/config/nginx.conf b/config/nginx.conf
new file mode 100644
index 0000000..f842c12
--- /dev/null
+++ b/config/nginx.conf
@@ -0,0 +1,18 @@
+# Let nginx serve ACME requests directly, or pass them to lacme's
+# webserver component.
+#
+# This file needs to be sourced to the server directives (at least the
+# non-ssl one) of each virtual host requiring authorization.
+
+location /.well-known/acme-challenge/ {
+ # Pass ACME requests to lacme's webserver component
+ proxy_pass http://unix:/var/run/lacme.socket;
+
+ ## Alternatively, you can let nginx serve the requests by
+ ## setting 'challenge-directory' to '/var/www/acme-challenge' in
+ ## lacme's configuration file
+ # alias /var/www/acme-challenge/;
+ # default_type application/jose+json;
+ # disable_symlinks on from=$document_root;
+ # autoindex off;
+}