diff options
| -rw-r--r-- | Changelog | 2 | ||||
| -rw-r--r-- | snippets/apache2.conf | 30 | ||||
| -rw-r--r-- | snippets/nginx.conf | 4 |
3 files changed, 29 insertions, 7 deletions
@@ -12,6 +12,8 @@ lacme (0.7.1) upstream; * lacme: new flag `--force`, which aliases to `--min-days=-1`, i.e., forces renewal regardless of the expiration date of existing certificates. + + Improve nginx/apache2 snippets for direct serving of challenge files + (with the new 'challenge-directory' logic symlinks can be disabled). - lacme: delay webserver socket shutdown to after the process has terminated. - documentation: suggest to generate private key material with diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 45d7c7f..69d80a7 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -1,11 +1,29 @@ -# Use Apache2 to serve ACME requests by passing them over to a -# locally-bound lacme webserver component. +# Use Apache2 to serve ACME requests; either directly, or by passing +# them over to a locally-bound lacme webserver component. # # This file needs to be sourced to the server directives (at least the # non-ssl one) of each virtual host requiring authorization. +# Alternatively, run `a2enconf lacme` and reload apache2. -<Location /.well-known/acme-challenge/> - ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ - Require all granted -</Location> +# Pass ACME requests to lacme's webserver component +<IfModule mod_proxy_http.c> + <Location /.well-known/acme-challenge/> + ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ + Require all granted + </Location> +</IfModule> + + +## Alternatively, you can let Apache2 serve the requests by +## setting 'challenge-directory' to '/var/www/acme-challenge' in +## lacme's configuration file and uncomment the following: + +#<IfModule mod_alias.c> +# Alias /.well-known/acme-challenge/ /var/www/acme-challenge/ +# <Directory /var/www/acme-challenge/> +# Options none +# AllowOverride none +# Require all granted +# </Directory> +#</IfModule> diff --git a/snippets/nginx.conf b/snippets/nginx.conf index af2e92e..76309f0 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -8,9 +8,11 @@ location ^~ /.well-known/acme-challenge/ { # Pass ACME requests to lacme's webserver component proxy_pass http://unix:@@runstatedir@@/lacme-www.socket; + ## Alternatively, you can let nginx serve the requests by ## setting 'challenge-directory' to '/var/www/acme-challenge' in - ## lacme's configuration file + ## lacme's configuration file and uncomment the following: + # alias /var/www/acme-challenge/; # default_type application/jose+json; # disable_symlinks on; |