diff options
| -rw-r--r-- | Changelog | 2 | ||||
| -rw-r--r-- | config/apache2.conf | 12 | ||||
| -rw-r--r-- | config/nginx.conf | 2 |
3 files changed, 14 insertions, 2 deletions
@@ -12,7 +12,7 @@ lacme (0.3) upstream; 'iptables' option to Yes. + Change 'min-days' default from 10 to 21, to avoid expiration notices from Let's Encrypt when auto-renewal is done by a cronjob. - + Provide nginx configuration snippet. + + Provide nginx and apache2 configuration snippets. - Ensure lacme's config file descriptor is not passed to the accountd or webserver components. - new-cert: sort section names if not passed explicitely. diff --git a/config/apache2.conf b/config/apache2.conf new file mode 100644 index 0000000..20927fa --- /dev/null +++ b/config/apache2.conf @@ -0,0 +1,12 @@ +# Use Apache2 to serve ACME requests by passing them over to a +# locally-bound lacme webserver component. +# +# This file needs to be sourced to the server directives (at least the +# non-ssl one) of each virtual host requiring authorization. + +<Location /.well-known/acme-challenge/> + ProxyPass unix:///var/run/lacme.socket|http://127.0.0.1/.well-known/acme-challenge/ + Order allow,deny + Allow from all +</Location> + diff --git a/config/nginx.conf b/config/nginx.conf index e4ceb0c..6753ff9 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -1,4 +1,4 @@ -# Use nginx to serve ACME requests; either directly, or by passing them +# Use Nginx to serve ACME requests; either directly, or by passing them # over to a locally-bound lacme webserver component. # # This file needs to be sourced to the server directives (at least the |