From 89f8c948d7b39314d7fc997643874adc6be92462 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 22 Aug 2019 00:30:11 +0200 Subject: Use /run for the listening socket of the webserver component. --- Changelog | 8 ++++++++ config/lacme.conf | 2 +- lacme | 2 +- lacme.md | 4 ++-- snippets/apache2.conf | 2 +- snippets/nginx.conf | 2 +- 6 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Changelog b/Changelog index c7cc0b3..2010c52 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,11 @@ +lacme (0.7) UNRELEASED; + + + Default listening socket for the webserver component is now + /run/lacme-www.socket. (It was previously under the legacy directory + /var/run.) + + -- Guilhem Moulin Thu, 22 Aug 2019 00:31:35 +0200 + lacme (0.6) upstream; + client: poll order URL instead of each authz URL successively. diff --git a/config/lacme.conf b/config/lacme.conf index 39c8654..7c3833d 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -62,7 +62,7 @@ # Comma- or space-separated list of addresses to listen on, for instance # "0.0.0.0:80 [::]:80". # -#listen = /var/run/lacme-www.socket +#listen = /run/lacme-www.socket # Non-existent directory under which an external HTTP daemon is # configured to serve GET requests for challenge files under diff --git a/lacme b/lacme index d5e8933..5ad28a8 100755 --- a/lacme +++ b/lacme @@ -98,7 +98,7 @@ do { map {$_ => undef} qw/server timeout SSL_verify SSL_version SSL_cipher_list/ }, webserver => { - listen => '/var/run/lacme-www.socket', + listen => '/run/lacme-www.socket', 'challenge-directory' => undef, user => 'www-data', group => 'www-data', diff --git a/lacme.md b/lacme.md index ca9a6a9..5d86f40 100644 --- a/lacme.md +++ b/lacme.md @@ -224,12 +224,12 @@ served during certificate issuance. addresses are of the form `IPV4:PORT`, `[IPV6]:PORT` (where the `:PORT` suffix is optional and defaults to the HTTP port 80), or an absolute path of a UNIX-domain socket (created with mode `0666`). - Default: `/var/run/lacme-www.socket`. + Default: `/run/lacme-www.socket`. **Note**: The default value is only suitable when an external HTTP daemon is publicly reachable and passes all ACME challenge requests to the webserver component through the UNIX-domain socket - `/var/run/lacme-www.socket` (for instance using the provided + `/run/lacme-www.socket` (for instance using the provided `/etc/lacme/apache2.conf` or `/etc/lacme/nginx.conf` configuration snippets for each virtual host requiring authorization). If there is no HTTP daemon bound to port 80 one needs to set *listen* to diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 20bf2ad..e1d56a9 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -5,7 +5,7 @@ # non-ssl one) of each virtual host requiring authorization. - ProxyPass unix:///var/run/lacme-www.socket|http://localhost/.well-known/acme-challenge/ + ProxyPass unix:///run/lacme-www.socket|http://localhost/.well-known/acme-challenge/ Order allow,deny Allow from all diff --git a/snippets/nginx.conf b/snippets/nginx.conf index 981bdc3..86592d2 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -6,7 +6,7 @@ location ^~ /.well-known/acme-challenge/ { # Pass ACME requests to lacme's webserver component - proxy_pass http://unix:/var/run/lacme-www.socket; + proxy_pass http://unix:/run/lacme-www.socket; ## Alternatively, you can let nginx serve the requests by ## setting 'challenge-directory' to '/var/www/acme-challenge' in -- cgit v1.2.3