From 89f8c948d7b39314d7fc997643874adc6be92462 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Thu, 22 Aug 2019 00:30:11 +0200
Subject: Use /run for the listening socket of the webserver component.

---
 Changelog             | 8 ++++++++
 config/lacme.conf     | 2 +-
 lacme                 | 2 +-
 lacme.md              | 4 ++--
 snippets/apache2.conf | 2 +-
 snippets/nginx.conf   | 2 +-
 6 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/Changelog b/Changelog
index c7cc0b3..2010c52 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,11 @@
+lacme (0.7) UNRELEASED;
+
+  + Default listening socket for the webserver component is now
+    /run/lacme-www.socket.  (It was previously under the legacy directory
+    /var/run.)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Thu, 22 Aug 2019 00:31:35 +0200
+
 lacme (0.6) upstream;
 
  + client: poll order URL instead of each authz URL successively.
diff --git a/config/lacme.conf b/config/lacme.conf
index 39c8654..7c3833d 100644
--- a/config/lacme.conf
+++ b/config/lacme.conf
@@ -62,7 +62,7 @@
 # Comma- or space-separated list of addresses to listen on, for instance
 # "0.0.0.0:80 [::]:80".
 #
-#listen = /var/run/lacme-www.socket
+#listen = /run/lacme-www.socket
 
 # Non-existent directory under which an external HTTP daemon is
 # configured to serve GET requests for challenge files under
diff --git a/lacme b/lacme
index d5e8933..5ad28a8 100755
--- a/lacme
+++ b/lacme
@@ -98,7 +98,7 @@ do {
             map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/
         },
         webserver => {
-            listen                => '/var/run/lacme-www.socket',
+            listen                => '/run/lacme-www.socket',
             'challenge-directory' => undef,
             user                  => 'www-data',
             group                 => 'www-data',
diff --git a/lacme.md b/lacme.md
index ca9a6a9..5d86f40 100644
--- a/lacme.md
+++ b/lacme.md
@@ -224,12 +224,12 @@ served during certificate issuance.
     addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the
     `:PORT` suffix is optional and defaults to the HTTP port 80), or an
     absolute path of a UNIX-domain socket (created with mode `0666`).
-    Default: `/var/run/lacme-www.socket`.
+    Default: `/run/lacme-www.socket`.
 
     **Note**: The default value is only suitable when an external HTTP
     daemon is publicly reachable and passes all ACME challenge requests
     to the webserver component through the UNIX-domain socket
-    `/var/run/lacme-www.socket` (for instance using the provided
+    `/run/lacme-www.socket` (for instance using the provided
     `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration
     snippets for each virtual host requiring authorization).  If there
     is no HTTP daemon bound to port 80 one needs to set *listen* to
diff --git a/snippets/apache2.conf b/snippets/apache2.conf
index 20bf2ad..e1d56a9 100644
--- a/snippets/apache2.conf
+++ b/snippets/apache2.conf
@@ -5,7 +5,7 @@
 # non-ssl one) of each virtual host requiring authorization.
 
 <Location /.well-known/acme-challenge/>
-  ProxyPass unix:///var/run/lacme-www.socket|http://localhost/.well-known/acme-challenge/
+  ProxyPass unix:///run/lacme-www.socket|http://localhost/.well-known/acme-challenge/
   Order allow,deny
   Allow from all
 </Location>
diff --git a/snippets/nginx.conf b/snippets/nginx.conf
index 981bdc3..86592d2 100644
--- a/snippets/nginx.conf
+++ b/snippets/nginx.conf
@@ -6,7 +6,7 @@
 
 location ^~ /.well-known/acme-challenge/ {
     # Pass ACME requests to lacme's webserver component
-    proxy_pass http://unix:/var/run/lacme-www.socket;
+    proxy_pass http://unix:/run/lacme-www.socket;
 
     ## Alternatively, you can let nginx serve the requests by
     ## setting 'challenge-directory' to '/var/www/acme-challenge' in
-- 
cgit v1.2.3