From 956764d11c9445c835f992a782d90d8de90fe565 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 14 Feb 2021 20:40:29 +0100 Subject: Improve nginx/apache2 snippets for direct serving of challenge files. With the new 'challenge-directory' logic symlinks can be disabled. --- snippets/apache2.conf | 30 ++++++++++++++++++++++++------ snippets/nginx.conf | 4 +++- 2 files changed, 27 insertions(+), 7 deletions(-) (limited to 'snippets') diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 45d7c7f..69d80a7 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -1,11 +1,29 @@ -# Use Apache2 to serve ACME requests by passing them over to a -# locally-bound lacme webserver component. +# Use Apache2 to serve ACME requests; either directly, or by passing +# them over to a locally-bound lacme webserver component. # # This file needs to be sourced to the server directives (at least the # non-ssl one) of each virtual host requiring authorization. +# Alternatively, run `a2enconf lacme` and reload apache2. - - ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ - Require all granted - +# Pass ACME requests to lacme's webserver component + + + ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/ + Require all granted + + + + +## Alternatively, you can let Apache2 serve the requests by +## setting 'challenge-directory' to '/var/www/acme-challenge' in +## lacme's configuration file and uncomment the following: + +# +# Alias /.well-known/acme-challenge/ /var/www/acme-challenge/ +# +# Options none +# AllowOverride none +# Require all granted +# +# diff --git a/snippets/nginx.conf b/snippets/nginx.conf index af2e92e..76309f0 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -8,9 +8,11 @@ location ^~ /.well-known/acme-challenge/ { # Pass ACME requests to lacme's webserver component proxy_pass http://unix:@@runstatedir@@/lacme-www.socket; + ## Alternatively, you can let nginx serve the requests by ## setting 'challenge-directory' to '/var/www/acme-challenge' in - ## lacme's configuration file + ## lacme's configuration file and uncomment the following: + # alias /var/www/acme-challenge/; # default_type application/jose+json; # disable_symlinks on; -- cgit v1.2.3