Improve nginx/apache2 snippets for direct serving of challenge files.

With the new 'challenge-directory' logic symlinks can be disabled.

1 files changed, 24 insertions, 6 deletions

diff --git a/snippets/apache2.conf b/snippets/apache2.conf
index 45d7c7f..69d80a7 100644
--- a/snippets/apache2.conf
+++ b/snippets/apache2.conf
@@ -1,11 +1,29 @@
-# Use Apache2 to serve ACME requests by passing them over to a
-# locally-bound lacme webserver component.
+# Use Apache2 to serve ACME requests; either directly, or by passing
+# them over to a locally-bound lacme webserver component.
 #
 # This file needs to be sourced to the server directives (at least the
 # non-ssl one) of each virtual host requiring authorization.
+# Alternatively, run `a2enconf lacme` and reload apache2.
 
-<Location /.well-known/acme-challenge/>
-  ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
-  Require all granted
-</Location>
 
+# Pass ACME requests to lacme's webserver component
+<IfModule mod_proxy_http.c>
+  <Location /.well-known/acme-challenge/>
+    ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
+    Require all granted
+  </Location>
+</IfModule>
+
+
+## Alternatively, you can let Apache2 serve the requests by
+## setting 'challenge-directory' to '/var/www/acme-challenge' in
+## lacme's configuration file and uncomment the following:
+
+#<IfModule mod_alias.c>
+#  Alias /.well-known/acme-challenge/ /var/www/acme-challenge/
+#  <Directory /var/www/acme-challenge/>
+#    Options none
+#    AllowOverride none
+#    Require all granted
+#  </Directory>
+#</IfModule>