[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?

Mattia Rizzolo mattia at debian.org
Sun Sep 4 20:23:11 UTC 2016 

Hi,

getting back to this getting-old bug...

On Tue, Jun 14, 2016 at 05:01:59PM +0200, Elrond wrote:
> The current configuration scheme of nginx is mostly manual. 
> That is: The admin has to edit (or replace) config files,
> always.
> 
> What we can do: Provide a config snippet (for
> letsencrypt.sh) that the admin can reference in his/her
> manually edited config file.
> 
> There currently is no way to auto-activate that snippet.
> 
> I have filed a debian bug to create a directory for
> snippets that are auto-activated in the default virtual
> host. #822792

I find this behaviour disturbing, and also far from what I come to
expect from a debian package (istr this is also written in some policy
somewhere...)

I subscribed to that bug (and also replied…), but let's get to this.

> > > > Is there some thing like dh-apache2 to enable/deal with that conf, etc?
> > > 
> > > Sadly, there is not.
> > > 
> > > BUT:
> > > 
> > > javascript-common:postinst,prerm,postrm have snippets for
> > > lighttpd to do what you want!
> > 
> > Yeah, why not ^^
> > Even if I quite hate having manually placed mainter scripts...

I stand by my words: there are already maintainer scripts to deal with
conf migrations where upstream doesn't provide a path, that's already
sad enough…

> dir-listings are disabled by default.
> symlinks are enabled by default.
> That said, it's probably better to enforce things, just in
> case.

yep, cool.

> I have attached a new version of the config snippet.
> Note: I have renamed it from 10-* to 50-*, so that it gets
> loaded much later and has a good chance of overriding most
> things.

So, you can see here a wip:
https://anonscm.debian.org/git/letsencrypt/letsencrypt.sh.git/commit/?h=debian/wip/lighttpd&id=dad41045dea17c7fe0814c3f678e93b0c5587656
do you really think that's going to be useful to somebody?
Should a README be also provided (or the comment there expanded) saying
what shall be done to have that enabled, or are lighttpd admins clever
enough to figure it out themselves?


On a related note, adding two more files in debian/* is not going to
hurt us, but that directory is getting quite crowded in such a small
package u.U :D

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/letsencrypt-devel/attachments/20160904/a5339670/attachment.sig>

More information about the Letsencrypt-devel mailing list