diff options
Diffstat (limited to 'snippets')
-rw-r--r-- | snippets/apache2-static.conf | 16 | ||||
-rw-r--r-- | snippets/apache2.conf | 15 | ||||
-rw-r--r-- | snippets/nginx-static.conf | 15 | ||||
-rw-r--r-- | snippets/nginx.conf | 17 |
4 files changed, 43 insertions, 20 deletions
diff --git a/snippets/apache2-static.conf b/snippets/apache2-static.conf new file mode 100644 index 0000000..9262179 --- /dev/null +++ b/snippets/apache2-static.conf @@ -0,0 +1,16 @@ +# Use Apache2 to serve ACME requests directly. +# This snippet requires setting challenge-directory = /var/www/acme-challenge +# in /etc/lacme/lacme.config, and creating this file with write +# permissions for the lacme client user. +# +# This file needs to be sourced to the server directives (at least the +# non-ssl one) of each virtual host requiring authorization. + +<IfModule mod_alias.c> + Alias /.well-known/acme-challenge/ /var/www/acme-challenge/ + <Directory /var/www/acme-challenge/> + Options none + AllowOverride none + Require all granted + </Directory> +</IfModule> diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 45d7c7f..31dd95a 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -1,11 +1,12 @@ -# Use Apache2 to serve ACME requests by passing them over to a -# locally-bound lacme webserver component. +# Use Apache2 to proxy ACME requests to a locally-bound lacme webserver. # # This file needs to be sourced to the server directives (at least the # non-ssl one) of each virtual host requiring authorization. +# Alternatively, run `a2enconf lacme` and reload apache2. -<Location /.well-known/acme-challenge/> - ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ - Require all granted -</Location> - +<IfModule mod_proxy_http.c> + <Location /.well-known/acme-challenge/> + ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ + Require all granted + </Location> +</IfModule> diff --git a/snippets/nginx-static.conf b/snippets/nginx-static.conf new file mode 100644 index 0000000..febe4dc --- /dev/null +++ b/snippets/nginx-static.conf @@ -0,0 +1,15 @@ +# Use Nginx to serve ACME requests directly. +# This snippet requires setting challenge-directory = /var/www/acme-challenge +# in /etc/lacme/lacme.config, and creating this file with write +# permissions for the lacme client user. +# +# One of the nginx*.conf file needs to be sourced to the server +# directives (at least the non-ssl one) of each virtual host requiring +# authorization. + +location ^~ /.well-known/acme-challenge/ { + alias /var/www/acme-challenge/; + default_type application/jose+json; + disable_symlinks on; + autoindex off; +} diff --git a/snippets/nginx.conf b/snippets/nginx.conf index 6775489..891a834 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -1,18 +1,9 @@ -# Use Nginx to serve ACME requests; either directly, or by passing them -# over to a locally-bound lacme webserver component. +# Use Nginx to proxy ACME requests to a locally-bound lacme webserver. # -# This file needs to be sourced to the server directives (at least the -# non-ssl one) of each virtual host requiring authorization. +# One of the nginx*.conf file needs to be sourced to the server +# directives (at least the non-ssl one) of each virtual host requiring +# authorization. location ^~ /.well-known/acme-challenge/ { - # Pass ACME requests to lacme's webserver component proxy_pass http://unix:@@runstatedir@@/lacme-www.socket; - - ## Alternatively, you can let nginx serve the requests by - ## setting 'challenge-directory' to '/var/www/acme-challenge' in - ## lacme's configuration file - # alias /var/www/acme-challenge/; - # default_type application/jose+json; - # disable_symlinks on from=$document_root; - # autoindex off; } |