aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2019-08-22 00:30:11 +0200
committerGuilhem Moulin <guilhem@fripost.org>2019-08-22 00:34:04 +0200
commit89f8c948d7b39314d7fc997643874adc6be92462 (patch)
tree7c979a4eb191a412888f1ad0030e856db4fec70f
parent454b29d61daaba8f19f0d890d59d259ef1416907 (diff)
Use /run for the listening socket of the webserver component.
-rw-r--r--Changelog8
-rw-r--r--config/lacme.conf2
-rwxr-xr-xlacme2
-rw-r--r--lacme.md4
-rw-r--r--snippets/apache2.conf2
-rw-r--r--snippets/nginx.conf2
6 files changed, 14 insertions, 6 deletions
diff --git a/Changelog b/Changelog
index c7cc0b3..2010c52 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,11 @@
+lacme (0.7) UNRELEASED;
+
+ + Default listening socket for the webserver component is now
+ /run/lacme-www.socket. (It was previously under the legacy directory
+ /var/run.)
+
+ -- Guilhem Moulin <guilhem@debian.org> Thu, 22 Aug 2019 00:31:35 +0200
+
lacme (0.6) upstream;
+ client: poll order URL instead of each authz URL successively.
diff --git a/config/lacme.conf b/config/lacme.conf
index 39c8654..7c3833d 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -62,7 +62,7 @@
# Comma- or space-separated list of addresses to listen on, for instance
# "0.0.0.0:80 [::]:80".
#
-#listen = /var/run/lacme-www.socket
+#listen = /run/lacme-www.socket
# Non-existent directory under which an external HTTP daemon is
# configured to serve GET requests for challenge files under
diff --git a/lacme b/lacme
index d5e8933..5ad28a8 100755
--- a/lacme
+++ b/lacme
@@ -98,7 +98,7 @@ do {
map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/
},
webserver => {
- listen => '/var/run/lacme-www.socket',
+ listen => '/run/lacme-www.socket',
'challenge-directory' => undef,
user => 'www-data',
group => 'www-data',
diff --git a/lacme.md b/lacme.md
index ca9a6a9..5d86f40 100644
--- a/lacme.md
+++ b/lacme.md
@@ -224,12 +224,12 @@ served during certificate issuance.
addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the
`:PORT` suffix is optional and defaults to the HTTP port 80), or an
absolute path of a UNIX-domain socket (created with mode `0666`).
- Default: `/var/run/lacme-www.socket`.
+ Default: `/run/lacme-www.socket`.
**Note**: The default value is only suitable when an external HTTP
daemon is publicly reachable and passes all ACME challenge requests
to the webserver component through the UNIX-domain socket
- `/var/run/lacme-www.socket` (for instance using the provided
+ `/run/lacme-www.socket` (for instance using the provided
`/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration
snippets for each virtual host requiring authorization). If there
is no HTTP daemon bound to port 80 one needs to set *listen* to
diff --git a/snippets/apache2.conf b/snippets/apache2.conf
index 20bf2ad..e1d56a9 100644
--- a/snippets/apache2.conf
+++ b/snippets/apache2.conf
@@ -5,7 +5,7 @@
# non-ssl one) of each virtual host requiring authorization.
<Location /.well-known/acme-challenge/>
- ProxyPass unix:///var/run/lacme-www.socket|http://localhost/.well-known/acme-challenge/
+ ProxyPass unix:///run/lacme-www.socket|http://localhost/.well-known/acme-challenge/
Order allow,deny
Allow from all
</Location>
diff --git a/snippets/nginx.conf b/snippets/nginx.conf
index 981bdc3..86592d2 100644
--- a/snippets/nginx.conf
+++ b/snippets/nginx.conf
@@ -6,7 +6,7 @@
location ^~ /.well-known/acme-challenge/ {
# Pass ACME requests to lacme's webserver component
- proxy_pass http://unix:/var/run/lacme-www.socket;
+ proxy_pass http://unix:/run/lacme-www.socket;
## Alternatively, you can let nginx serve the requests by
## setting 'challenge-directory' to '/var/www/acme-challenge' in