From 956764d11c9445c835f992a782d90d8de90fe565 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 14 Feb 2021 20:40:29 +0100
Subject: Improve nginx/apache2 snippets for direct serving of challenge files.

With the new 'challenge-directory' logic symlinks can be disabled.
---
 snippets/apache2.conf | 30 ++++++++++++++++++++++++------
 snippets/nginx.conf   |  4 +++-
 2 files changed, 27 insertions(+), 7 deletions(-)

(limited to 'snippets')

diff --git a/snippets/apache2.conf b/snippets/apache2.conf
index 45d7c7f..69d80a7 100644
--- a/snippets/apache2.conf
+++ b/snippets/apache2.conf
@@ -1,11 +1,29 @@
-# Use Apache2 to serve ACME requests by passing them over to a
-# locally-bound lacme webserver component.
+# Use Apache2 to serve ACME requests; either directly, or by passing
+# them over to a locally-bound lacme webserver component.
 #
 # This file needs to be sourced to the server directives (at least the
 # non-ssl one) of each virtual host requiring authorization.
+# Alternatively, run `a2enconf lacme` and reload apache2.
 
-<Location /.well-known/acme-challenge/>
-  ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
-  Require all granted
-</Location>
 
+# Pass ACME requests to lacme's webserver component
+<IfModule mod_proxy_http.c>
+  <Location /.well-known/acme-challenge/>
+    ProxyPass unix://@@runstatedir@@/lacme-www.socket|http://localhost/.well-known/acme-challenge/
+    Require all granted
+  </Location>
+</IfModule>
+
+
+## Alternatively, you can let Apache2 serve the requests by
+## setting 'challenge-directory' to '/var/www/acme-challenge' in
+## lacme's configuration file and uncomment the following:
+
+#<IfModule mod_alias.c>
+#  Alias /.well-known/acme-challenge/ /var/www/acme-challenge/
+#  <Directory /var/www/acme-challenge/>
+#    Options none
+#    AllowOverride none
+#    Require all granted
+#  </Directory>
+#</IfModule>
diff --git a/snippets/nginx.conf b/snippets/nginx.conf
index af2e92e..76309f0 100644
--- a/snippets/nginx.conf
+++ b/snippets/nginx.conf
@@ -8,9 +8,11 @@ location ^~ /.well-known/acme-challenge/ {
     # Pass ACME requests to lacme's webserver component
     proxy_pass http://unix:@@runstatedir@@/lacme-www.socket;
 
+
     ## Alternatively, you can let nginx serve the requests by
     ## setting 'challenge-directory' to '/var/www/acme-challenge' in
-    ## lacme's configuration file
+    ## lacme's configuration file and uncomment the following:
+
     # alias /var/www/acme-challenge/;
     # default_type application/jose+json;
     # disable_symlinks on;
-- 
cgit v1.2.3