From 944407621f313c15f6cfd53267da1ddbdaceec9f Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 28 Jun 2017 17:19:46 +0200
Subject: webserver: allow listening to multiple addresses.

(Useful when dual-stack IPv4/IPv6 is not supported.)  Also, change the
default to listen to a UNIX-domain socket </var/run/lacme.socket>.

Moreover temporary iptables rules are no longer installed.  Hosts
without a public HTTP daemon listening on port 80 need to set the
'listen' option to [::] and/or 0.0.0.0, and possibly set the 'iptables'
option to Yes.
---
 Changelog | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index b23191f..fdb0775 100644
--- a/Changelog
+++ b/Changelog
@@ -3,6 +3,13 @@ lacme (0.3) upstream;
   + When parsing config-cert files and directories (default "lacme-certs.conf
     lacme-certs.conf.d"), import the default section of files read earlier.
   + new-cert: create certificate files atomically.
+  + webserver: allow listening to multiple addresses (useful when
+    dual-stack IPv4/IPv6 is not supported).  Listen to a UNIX-domain
+    socket by default </var/run/lacme.socket>.
+  + webserver: don't install temporary iptables by default.  Hosts
+    without a public HTTP daemon listening on port 80 need to set the
+    'listen' option to [::] and/or 0.0.0.0, and possibly set the
+    'iptables' option to Yes.
   - Ensure lacme's config file descriptor is not passed to the accountd
     or webserver components.
   - new-cert: sort section names if not passed explicitely.
-- 
cgit v1.2.3