aboutsummaryrefslogtreecommitdiffstats
path: root/Changelog
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2017-06-28 17:19:46 +0200
committerGuilhem Moulin <guilhem@fripost.org>2017-06-28 22:09:43 +0200
commit944407621f313c15f6cfd53267da1ddbdaceec9f (patch)
tree1602c3136d28ac54dafec995a7b6d0a6e83ff8e2 /Changelog
parentf4af28d7e526bd56a78225daf84d11cdf96bd611 (diff)
webserver: allow listening to multiple addresses.
(Useful when dual-stack IPv4/IPv6 is not supported.) Also, change the default to listen to a UNIX-domain socket </var/run/lacme.socket>. Moreover temporary iptables rules are no longer installed. Hosts without a public HTTP daemon listening on port 80 need to set the 'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables' option to Yes.
Diffstat (limited to 'Changelog')
-rw-r--r--Changelog7
1 files changed, 7 insertions, 0 deletions
diff --git a/Changelog b/Changelog
index b23191f..fdb0775 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,13 @@ lacme (0.3) upstream;
+ When parsing config-cert files and directories (default "lacme-certs.conf
lacme-certs.conf.d"), import the default section of files read earlier.
+ new-cert: create certificate files atomically.
+ + webserver: allow listening to multiple addresses (useful when
+ dual-stack IPv4/IPv6 is not supported). Listen to a UNIX-domain
+ socket by default </var/run/lacme.socket>.
+ + webserver: don't install temporary iptables by default. Hosts
+ without a public HTTP daemon listening on port 80 need to set the
+ 'listen' option to [::] and/or 0.0.0.0, and possibly set the
+ 'iptables' option to Yes.
- Ensure lacme's config file descriptor is not passed to the accountd
or webserver components.
- new-cert: sort section names if not passed explicitely.