aboutsummaryrefslogtreecommitdiffstats
path: root/snippets
diff options
context:
space:
mode:
Diffstat (limited to 'snippets')
-rw-r--r--snippets/apache2-static.conf16
-rw-r--r--snippets/apache2.conf15
-rw-r--r--snippets/nginx-static.conf15
-rw-r--r--snippets/nginx.conf17
4 files changed, 43 insertions, 20 deletions
diff --git a/snippets/apache2-static.conf b/snippets/apache2-static.conf
new file mode 100644
index 0000000..9262179
--- /dev/null
+++ b/snippets/apache2-static.conf
@@ -0,0 +1,16 @@
+# Use Apache2 to serve ACME requests directly.
+# This snippet requires setting challenge-directory = /var/www/acme-challenge
+# in /etc/lacme/lacme.config, and creating this file with write
+# permissions for the lacme client user.
+#
+# This file needs to be sourced to the server directives (at least the
+# non-ssl one) of each virtual host requiring authorization.
+
+<IfModule mod_alias.c>
+ Alias /.well-known/acme-challenge/ /var/www/acme-challenge/
+ <Directory /var/www/acme-challenge/>
+ Options none
+ AllowOverride none
+ Require all granted
+ </Directory>
+</IfModule>
diff --git a/snippets/apache2.conf b/snippets/apache2.conf
index 45d7c7f..31dd95a 100644
--- a/snippets/apache2.conf
+++ b/snippets/apache2.conf
@@ -1,11 +1,12 @@
-# Use Apache2 to serve ACME requests by passing them over to a
-# locally-bound lacme webserver component.
+# Use Apache2 to proxy ACME requests to a locally-bound lacme webserver.
#
# This file needs to be sourced to the server directives (at least the
# non-ssl one) of each virtual host requiring authorization.
+# Alternatively, run `a2enconf lacme` and reload apache2.
-<Location /.well-known/acme-challenge/>
- ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
- Require all granted
-</Location>
-
+<IfModule mod_proxy_http.c>
+ <Location /.well-known/acme-challenge/>
+ ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
+ Require all granted
+ </Location>
+</IfModule>
diff --git a/snippets/nginx-static.conf b/snippets/nginx-static.conf
new file mode 100644
index 0000000..febe4dc
--- /dev/null
+++ b/snippets/nginx-static.conf
@@ -0,0 +1,15 @@
+# Use Nginx to serve ACME requests directly.
+# This snippet requires setting challenge-directory = /var/www/acme-challenge
+# in /etc/lacme/lacme.config, and creating this file with write
+# permissions for the lacme client user.
+#
+# One of the nginx*.conf file needs to be sourced to the server
+# directives (at least the non-ssl one) of each virtual host requiring
+# authorization.
+
+location ^~ /.well-known/acme-challenge/ {
+ alias /var/www/acme-challenge/;
+ default_type application/jose+json;
+ disable_symlinks on;
+ autoindex off;
+}
diff --git a/snippets/nginx.conf b/snippets/nginx.conf
index 6775489..891a834 100644
--- a/snippets/nginx.conf
+++ b/snippets/nginx.conf
@@ -1,18 +1,9 @@
-# Use Nginx to serve ACME requests; either directly, or by passing them
-# over to a locally-bound lacme webserver component.
+# Use Nginx to proxy ACME requests to a locally-bound lacme webserver.
#
-# This file needs to be sourced to the server directives (at least the
-# non-ssl one) of each virtual host requiring authorization.
+# One of the nginx*.conf file needs to be sourced to the server
+# directives (at least the non-ssl one) of each virtual host requiring
+# authorization.
location ^~ /.well-known/acme-challenge/ {
- # Pass ACME requests to lacme's webserver component
proxy_pass http://unix:@@runstatedir@@/lacme-www.socket;
-
- ## Alternatively, you can let nginx serve the requests by
- ## setting 'challenge-directory' to '/var/www/acme-challenge' in
- ## lacme's configuration file
- # alias /var/www/acme-challenge/;
- # default_type application/jose+json;
- # disable_symlinks on from=$document_root;
- # autoindex off;
}