summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org>2018-10-06 08:45:01 (GMT)
committer Sergey Poznyakoff <gray@gnu.org>2018-10-06 08:45:01 (GMT)
commit4463698e4210bbf5d8c8cc152916bf8b52594141 (patch) (unidiff)
tree24bd011980a098623eb71d7d57543072ca0ae45d
parentab2566689e861fd9308ad986721400dee86f55ee (diff)
downloadacmeman-4463698e4210bbf5d8c8cc152916bf8b52594141.tar.gz
acmeman-4463698e4210bbf5d8c8cc152916bf8b52594141.tar.bz2
Support explicit declaration of server root directory in apache source configuration statement
* acmeman: Document apache source --server-root option. * lib/App/Acmeman/Source/Apache.pm (new): Handle command line option. Declare '--server-root' option. (setup): Improve the SSLCipherSuite settings. (probe): Bail out if unable to determine server root.
Diffstat (more/less context) (ignore whitespace changes)
-rwxr-xr-xacmeman8
-rw-r--r--lib/App/Acmeman/Source/Apache.pm15
2 files changed, 19 insertions, 4 deletions
diff --git a/acmeman b/acmeman
index 83519f7..ea9198a 100755
--- a/acmeman
+++ b/acmeman
@@ -223,5 +223,5 @@ Use this source if all domains are described in the configuration file.
223 223
224The B<apache> source module is the default. It scans B<httpd> configuration 224The B<apache> source module is the default. It scans B<httpd> configuration
225files as described in section B<APACHE>. One argument is allowed. If supplied, 225files as described in section B<apache>. One argument is allowed. If supplied,
226it defines the apache configuration layout. Allowed values are: B<debian>, 226it defines the apache configuration layout. Allowed values are: B<debian>,
227B<slackware>, B<suse> and B<rh> (for Red Hat). Without arguments, the layout 227B<slackware>, B<suse> and B<rh> (for Red Hat). Without arguments, the layout
@@ -366,5 +366,5 @@ setting.
366 366
367 [core] 367 [core]
368 source = apache [LAYOUT] 368 source = apache [--server-root=DIR] [LAYOUT]
369 369
370This is the default source. It assumes Apache httpd, version 2.4 or later 370This is the default source. It assumes Apache httpd, version 2.4 or later
@@ -374,4 +374,8 @@ files. Allowed layout values are: B<debian>, B<slackware>, B<suse> and
374B<rh> (for Red Hat). If not supplied, the layout is determined automatically. 374B<rh> (for Red Hat). If not supplied, the layout is determined automatically.
375 375
376Use the B<--server-root> option to supply the name of the server root
377directory, if for some reason the module is unable to determine it
378automatically.
379
376A special directory should be configured for receiving ACME challenges. 380A special directory should be configured for receiving ACME challenges.
377 381
diff --git a/lib/App/Acmeman/Source/Apache.pm b/lib/App/Acmeman/Source/Apache.pm
index 2041bb1..b429f89 100644
--- a/lib/App/Acmeman/Source/Apache.pm
+++ b/lib/App/Acmeman/Source/Apache.pm
@@ -10,8 +10,14 @@ use IPC::Open3;
10use App::Acmeman::Apache::Layout; 10use App::Acmeman::Apache::Layout;
11use parent 'App::Acmeman::Source'; 11use parent 'App::Acmeman::Source';
12use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case);
12 13
13sub new { 14sub new {
14 my $class = shift; 15 my $class = shift;
15 bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class; 16 my $server_root;
17 GetOptionsFromArray(\@_,
18 'server-root=s' => \$server_root);
19 my $self = bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class;
20 $self->server_root($server_root) if $server_root;
21 return $self;
16} 22}
17 23
@@ -239,5 +245,5 @@ sub setup {
239 SSLProtocol all -SSLv2 -SSLv3 245 SSLProtocol all -SSLv2 -SSLv3
240 SSLHonorCipherOrder on 246 SSLHonorCipherOrder on
241 SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5 247 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
242 SSLCertificateFile /etc/ssl/acme/\$domain/cert.pem 248 SSLCertificateFile /etc/ssl/acme/\$domain/cert.pem
243 SSLCertificateKeyFile /etc/ssl/acme/\$domain/privkey.pem 249 SSLCertificateKeyFile /etc/ssl/acme/\$domain/privkey.pem
@@ -290,4 +296,9 @@ sub probe {
290 close $nullin; 296 close $nullin;
291 close $nullout; 297 close $nullout;
298 unless ($self->server_root) {
299 ::error("can't deduce server root directory");
300 ::error("use `source = apache --server-root=DIR' in [core] section of /etc/acmeman.conf to declare it");
301 exit(1);
302 }
292} 303}
293 304

Return to:

Send suggestions and report system problems to the System administrator.