[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?
Elrond
elrond+bugs.debian.org at samba-tng.org
Tue Jun 14 15:01:59 UTC 2016
Hi,
On Fri, Jun 10, 2016 at 19:58:55 +0000, Mattia Rizzolo wrote:
> On Fri, Jun 10, 2016 at 01:31:29PM +0200, Elrond wrote:
> > On Thu, Jun 02, 2016 at 19:57:23 +0000, Mattia Rizzolo wrote:
> > > On Thu, Jun 02, 2016 at 06:25:48PM +0200, Elrond wrote:
> > For nginx (I *might* provide the snippet in an upcoming
> > wishlist bug) the case is ever harder: The admin needs to
> > add a "include ..." by hand.
>
> I don't even know what you're talking about here :)
> I always only limited myself to apache2 ^^
The current configuration scheme of nginx is mostly manual.
That is: The admin has to edit (or replace) config files,
always.
What we can do: Provide a config snippet (for
letsencrypt.sh) that the admin can reference in his/her
manually edited config file.
There currently is no way to auto-activate that snippet.
I have filed a debian bug to create a directory for
snippets that are auto-activated in the default virtual
host. #822792
> > > Is there some thing like dh-apache2 to enable/deal with that conf, etc?
> >
> > Sadly, there is not.
> >
> > BUT:
> >
> > javascript-common:postinst,prerm,postrm have snippets for
> > lighttpd to do what you want!
>
> Yeah, why not ^^
> Even if I quite hate having manually placed mainter scripts...
>
> > I *think* most of those should be the default.
> > I will check that and let you know.
>
> thanks.
dir-listings are disabled by default.
symlinks are enabled by default.
That said, it's probably better to enforce things, just in
case.
I have attached a new version of the config snippet.
Note: I have renamed it from 10-* to 50-*, so that it gets
loaded much later and has a good chance of overriding most
things.
> > That said, I wonder, whether FollowSymlinks is needed at
> > all? /var/lib/letsencrypt.sh/acme-challenges should be a
> > normal directory and the created files in there are files,
> > not symlinks?
>
> you can never know. The sysadmin my had removed /var/lib/letsencrypt.sh
> and placed it as a symlink towards something, I want to support such a
> setup.
Good point.
Cheers
Elrond
-------------- next part --------------
alias.url += (
"/.well-known/acme-challenge" => "/var/lib/letsencrypt.sh/acme-challenges"
)
$HTTP["url"] =~ "^/.well-known/acme-challenge" {
server.dir-listing = "disable"
server.follow-symlink = "enable"
}
More information about the Letsencrypt-devel
mailing list