summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org>2018-10-06 08:45:01 (GMT)
committer Sergey Poznyakoff <gray@gnu.org>2018-10-06 08:45:01 (GMT)
commit4463698e4210bbf5d8c8cc152916bf8b52594141 (patch) (unidiff)
tree24bd011980a098623eb71d7d57543072ca0ae45d
parentab2566689e861fd9308ad986721400dee86f55ee (diff)
downloadacmeman-4463698e4210bbf5d8c8cc152916bf8b52594141.tar.gz
acmeman-4463698e4210bbf5d8c8cc152916bf8b52594141.tar.bz2
Support explicit declaration of server root directory in apache source configuration statement
* acmeman: Document apache source --server-root option. * lib/App/Acmeman/Source/Apache.pm (new): Handle command line option. Declare '--server-root' option. (setup): Improve the SSLCipherSuite settings. (probe): Bail out if unable to determine server root.
Diffstat (more/less context) (ignore whitespace changes)
-rwxr-xr-xacmeman8
-rw-r--r--lib/App/Acmeman/Source/Apache.pm15
2 files changed, 19 insertions, 4 deletions
diff --git a/acmeman b/acmeman
index 83519f7..ea9198a 100755
--- a/acmeman
+++ b/acmeman
@@ -224,3 +224,3 @@ Use this source if all domains are described in the configuration file.
224The B<apache> source module is the default. It scans B<httpd> configuration 224The B<apache> source module is the default. It scans B<httpd> configuration
225files as described in section B<APACHE>. One argument is allowed. If supplied, 225files as described in section B<apache>. One argument is allowed. If supplied,
226it defines the apache configuration layout. Allowed values are: B<debian>, 226it defines the apache configuration layout. Allowed values are: B<debian>,
@@ -367,3 +367,3 @@ setting.
367 [core] 367 [core]
368 source = apache [LAYOUT] 368 source = apache [--server-root=DIR] [LAYOUT]
369 369
@@ -375,2 +375,6 @@ B<rh> (for Red Hat). If not supplied, the layout is determined automatically.
375 375
376Use the B<--server-root> option to supply the name of the server root
377directory, if for some reason the module is unable to determine it
378automatically.
379
376A special directory should be configured for receiving ACME challenges. 380A special directory should be configured for receiving ACME challenges.
diff --git a/lib/App/Acmeman/Source/Apache.pm b/lib/App/Acmeman/Source/Apache.pm
index 2041bb1..b429f89 100644
--- a/lib/App/Acmeman/Source/Apache.pm
+++ b/lib/App/Acmeman/Source/Apache.pm
@@ -11,2 +11,3 @@ use App::Acmeman::Apache::Layout;
11use parent 'App::Acmeman::Source'; 11use parent 'App::Acmeman::Source';
12use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case);
12 13
@@ -14,3 +15,8 @@ sub new {
14 my $class = shift; 15 my $class = shift;
15 bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class; 16 my $server_root;
17 GetOptionsFromArray(\@_,
18 'server-root=s' => \$server_root);
19 my $self = bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class;
20 $self->server_root($server_root) if $server_root;
21 return $self;
16} 22}
@@ -240,3 +246,3 @@ sub setup {
240 SSLHonorCipherOrder on 246 SSLHonorCipherOrder on
241 SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5 247 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
242 SSLCertificateFile /etc/ssl/acme/\$domain/cert.pem 248 SSLCertificateFile /etc/ssl/acme/\$domain/cert.pem
@@ -291,2 +297,7 @@ sub probe {
291 close $nullout; 297 close $nullout;
298 unless ($self->server_root) {
299 ::error("can't deduce server root directory");
300 ::error("use `source = apache --server-root=DIR' in [core] section of /etc/acmeman.conf to declare it");
301 exit(1);
302 }
292} 303}

Return to:

Send suggestions and report system problems to the System administrator.