[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?

Elrond elrond+bugs.debian.org at samba-tng.org
Tue Jun 14 15:01:59 UTC 2016 

Hi,

On Fri, Jun 10, 2016 at 19:58:55 +0000, Mattia Rizzolo wrote:
> On Fri, Jun 10, 2016 at 01:31:29PM +0200, Elrond wrote:
> > On Thu, Jun 02, 2016 at 19:57:23 +0000, Mattia Rizzolo wrote:
> > > On Thu, Jun 02, 2016 at 06:25:48PM +0200, Elrond wrote:
> > For nginx (I *might* provide the snippet in an upcoming
> > wishlist bug) the case is ever harder: The admin needs to
> > add a "include ..." by hand.
> 
> I don't even know what you're talking about here :)
> I always only limited myself to apache2 ^^

The current configuration scheme of nginx is mostly manual. 
That is: The admin has to edit (or replace) config files,
always.

What we can do: Provide a config snippet (for
letsencrypt.sh) that the admin can reference in his/her
manually edited config file.

There currently is no way to auto-activate that snippet.

I have filed a debian bug to create a directory for
snippets that are auto-activated in the default virtual
host. #822792


> > > Is there some thing like dh-apache2 to enable/deal with that conf, etc?
> > 
> > Sadly, there is not.
> > 
> > BUT:
> > 
> > javascript-common:postinst,prerm,postrm have snippets for
> > lighttpd to do what you want!
> 
> Yeah, why not ^^
> Even if I quite hate having manually placed mainter scripts...
> 
> > I *think* most of those should be the default.
> > I will check that and let you know.
> 
> thanks.

dir-listings are disabled by default.
symlinks are enabled by default.
That said, it's probably better to enforce things, just in
case.

I have attached a new version of the config snippet.
Note: I have renamed it from 10-* to 50-*, so that it gets
loaded much later and has a good chance of overriding most
things.


> > That said, I wonder, whether FollowSymlinks is needed at
> > all? /var/lib/letsencrypt.sh/acme-challenges should be a
> > normal directory and the created files in there are files,
> > not symlinks?
> 
> you can never know.  The sysadmin my had removed /var/lib/letsencrypt.sh
> and placed it as a symlink towards something, I want to support such a
> setup.

Good point.


Cheers

    Elrond
-------------- next part --------------
alias.url += (
	"/.well-known/acme-challenge" => "/var/lib/letsencrypt.sh/acme-challenges"
)

$HTTP["url"] =~ "^/.well-known/acme-challenge" {
	server.dir-listing = "disable"
	server.follow-symlink = "enable"
}

More information about the Letsencrypt-devel mailing list