[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?

Elrond elrond+bugs.debian.org at samba-tng.org
Fri Jun 10 11:31:29 UTC 2016 

Hi,


On Thu, Jun 02, 2016 at 19:57:23 +0000, Mattia Rizzolo wrote:
> On Thu, Jun 02, 2016 at 06:25:48PM +0200, Elrond wrote:
> > could you consider to provide the attached file as
> > 	/etc/lighttpd/conf-available/10-letsencrypt.sh-challenge.conf
> 
> Yes! we were waiting for somebody to provide such file :)

Cool!


> > You might leave activating it to the admin. But having the
> > file already in place might make the admin's live easier.
> [..]
> > I don't think, it's needed to put this in its own package
> > like the -apache2 one.
> 
> the apache2 one activates itself when installing, and I find that a
> feature.

I think, both views are possible.

For nginx (I *might* provide the snippet in an upcoming
wishlist bug) the case is ever harder: The admin needs to
add a "include ..." by hand.


> > It's just a file you ship, that wont
> > hurt anyone.
> 
> and I find shipping unused/useless files in /etc sad.  /etc is already
> bloated enouhg.

Well, they are there to "enhance" another package, namely
lighttpd. Most packages having an "Enhances:" tag ship
stuff that only gets used, if the appropiate enhanced
package is installed.


> Is there some thing like dh-apache2 to enable/deal with that conf, etc?

Sadly, there is not.

BUT:

javascript-common:postinst,prerm,postrm have snippets for
lighttpd to do what you want!


> > alias.url += (
> > 	"/.well-known/acme-challenge" => "/var/lib/letsencrypt.sh/acme-challenges"
> > 	)
> 
> I'm not a lighttpd guy, is this apache2 conf snippet needed/wanted here
> too?
> 
> <Directory /var/lib/letsencrypt.sh/acme-challenges/>
>     Options FollowSymlinks
>     Options -Indexes
>     AllowOverride None
>     Require all granted
> </Directory>

I *think* most of those should be the default.
I will check that and let you know.

That said, I wonder, whether FollowSymlinks is needed at
all? /var/lib/letsencrypt.sh/acme-challenges should be a
normal directory and the created files in there are files,
not symlinks?


Cheers

    Elrond

More information about the Letsencrypt-devel mailing list