From 8349b801a5f7e5f11b0a758d7ab28d8b79eb08ea Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 8 Jul 2017 20:59:11 +0200 Subject: mv config/{apache2.conf,nginx.conf} snippets/ --- snippets/apache2.conf | 12 ++++++++++++ snippets/nginx.conf | 18 ++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 snippets/apache2.conf create mode 100644 snippets/nginx.conf (limited to 'snippets') diff --git a/snippets/apache2.conf b/snippets/apache2.conf new file mode 100644 index 0000000..471791c --- /dev/null +++ b/snippets/apache2.conf @@ -0,0 +1,12 @@ +# Use Apache2 to serve ACME requests by passing them over to a +# locally-bound lacme webserver component. +# +# This file needs to be sourced to the server directives (at least the +# non-ssl one) of each virtual host requiring authorization. + + + ProxyPass unix:///var/run/lacme.socket|http://localhost/.well-known/acme-challenge/ + Order allow,deny + Allow from all + + diff --git a/snippets/nginx.conf b/snippets/nginx.conf new file mode 100644 index 0000000..6753ff9 --- /dev/null +++ b/snippets/nginx.conf @@ -0,0 +1,18 @@ +# Use Nginx to serve ACME requests; either directly, or by passing them +# over to a locally-bound lacme webserver component. +# +# This file needs to be sourced to the server directives (at least the +# non-ssl one) of each virtual host requiring authorization. + +location ^~ /.well-known/acme-challenge/ { + # Pass ACME requests to lacme's webserver component + proxy_pass http://unix:/var/run/lacme.socket; + + ## Alternatively, you can let nginx serve the requests by + ## setting 'challenge-directory' to '/var/www/acme-challenge' in + ## lacme's configuration file + # alias /var/www/acme-challenge/; + # default_type application/jose+json; + # disable_symlinks on from=$document_root; + # autoindex off; +} -- cgit v1.2.3 From 8cdd29841d0dbb89e866aad36173bb26182d0c97 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 8 Jul 2017 21:02:36 +0200 Subject: Bind webserver to /var/run/lacme-www.socket by default. --- snippets/apache2.conf | 2 +- snippets/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'snippets') diff --git a/snippets/apache2.conf b/snippets/apache2.conf index 471791c..20bf2ad 100644 --- a/snippets/apache2.conf +++ b/snippets/apache2.conf @@ -5,7 +5,7 @@ # non-ssl one) of each virtual host requiring authorization. - ProxyPass unix:///var/run/lacme.socket|http://localhost/.well-known/acme-challenge/ + ProxyPass unix:///var/run/lacme-www.socket|http://localhost/.well-known/acme-challenge/ Order allow,deny Allow from all diff --git a/snippets/nginx.conf b/snippets/nginx.conf index 6753ff9..981bdc3 100644 --- a/snippets/nginx.conf +++ b/snippets/nginx.conf @@ -6,7 +6,7 @@ location ^~ /.well-known/acme-challenge/ { # Pass ACME requests to lacme's webserver component - proxy_pass http://unix:/var/run/lacme.socket; + proxy_pass http://unix:/var/run/lacme-www.socket; ## Alternatively, you can let nginx serve the requests by ## setting 'challenge-directory' to '/var/www/acme-challenge' in -- cgit v1.2.3