diff options
| -rw-r--r-- | Changelog | 8 | ||||
| -rw-r--r-- | config/lacme.conf | 2 | ||||
| -rwxr-xr-x | lacme | 2 | ||||
| -rw-r--r-- | lacme.md | 4 | ||||
| -rw-r--r-- | snippets/apache2.conf | 2 | ||||
| -rw-r--r-- | snippets/nginx.conf | 2 | 
6 files changed, 14 insertions, 6 deletions
| @@ -1,3 +1,11 @@ +lacme (0.7) UNRELEASED; + +  + Default listening socket for the webserver component is now +    /run/lacme-www.socket.  (It was previously under the legacy directory +    /var/run.) + + -- Guilhem Moulin <guilhem@debian.org>  Thu, 22 Aug 2019 00:31:35 +0200 +  lacme (0.6) upstream;   + client: poll order URL instead of each authz URL successively. diff --git a/config/lacme.conf b/config/lacme.conf index 39c8654..7c3833d 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -62,7 +62,7 @@  # Comma- or space-separated list of addresses to listen on, for instance  # "0.0.0.0:80 [::]:80".  # -#listen = /var/run/lacme-www.socket +#listen = /run/lacme-www.socket  # Non-existent directory under which an external HTTP daemon is  # configured to serve GET requests for challenge files under @@ -98,7 +98,7 @@ do {              map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/          },          webserver => { -            listen                => '/var/run/lacme-www.socket', +            listen                => '/run/lacme-www.socket',              'challenge-directory' => undef,              user                  => 'www-data',              group                 => 'www-data', @@ -224,12 +224,12 @@ served during certificate issuance.      addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the      `:PORT` suffix is optional and defaults to the HTTP port 80), or an      absolute path of a UNIX-domain socket (created with mode `0666`). -    Default: `/var/run/lacme-www.socket`. +    Default: `/run/lacme-www.socket`.      **Note**: The default value is only suitable when an external HTTP      daemon is publicly reachable and passes all ACME challenge requests      to the webserver component through the UNIX-domain socket -    `/var/run/lacme-www.socket` (for instance using the provided +    `/run/lacme-www.socket` (for instance using the provided      `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration      snippets for each virtual host requiring authorization).  If there      is no HTTP daemon bound to port 80 one needs to set *listen* to diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 20bf2ad..e1d56a9 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -5,7 +5,7 @@  # non-ssl one) of each virtual host requiring authorization.  <Location /.well-known/acme-challenge/> -  ProxyPass unix:///var/run/lacme-www.socket|http://localhost/.well-known/acme-challenge/ +  ProxyPass unix:///run/lacme-www.socket|http://localhost/.well-known/acme-challenge/    Order allow,deny    Allow from all  </Location> diff --git a/snippets/nginx.conf b/snippets/nginx.conf index 981bdc3..86592d2 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -6,7 +6,7 @@  location ^~ /.well-known/acme-challenge/ {      # Pass ACME requests to lacme's webserver component -    proxy_pass http://unix:/var/run/lacme-www.socket; +    proxy_pass http://unix:/run/lacme-www.socket;      ## Alternatively, you can let nginx serve the requests by      ## setting 'challenge-directory' to '/var/www/acme-challenge' in | 
