diff options
author | Sergey Poznyakoff <gray@gnu.org> | 2023-08-22 13:48:02 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org> | 2023-08-22 13:48:02 +0300 |
commit | 34da8acec06dc6e7ad17e2be96c63b34d6865762 (patch) | |
tree | 965e4ec2df01685e66549990e61a80605b950013 /acmeman | |
parent | 1e14416916046acb2e90a9cef9256b33f132a24e (diff) | |
download | acmeman-master.tar.gz acmeman-master.tar.bz2 |
Diffstat (limited to 'acmeman')
-rwxr-xr-x | acmeman | 77 |
1 files changed, 67 insertions, 10 deletions
@@ -295,16 +295,16 @@ matching algorithm. If serving several host names, use the B<Match OR> block. After these two steps, your listener section will look like: ListenHTTP - Address 0.0.0.0 - Port 80 - ACME "/var/lib/pound/acme/.well-known/acme-challenge" + Address 0.0.0.0 + Port 80 + ACME "/var/lib/pound/acme/.well-known/acme-challenge" Service Match OR Host "www.example.org" Host "example.org" End - ... - End + ... + End End =over 4 @@ -823,7 +823,8 @@ from the input files will form the list of its alternative names. [core] source = pound [--config=FILE] [--host=HOST] \ - [--type=http|https] [--listener=NAME] + [--type=http|https] [--listener=NAME] \ + [--comment=TEXT] Domain names will be read from I<FILE> or, if it is not supplied, from the default B<pound> configuration file F</etc/pound.cfg>. By default, @@ -841,6 +842,62 @@ appear as arguments to B<Host> statements. If B<--listener> option is used, module will scan only the named listener. To select multiple listeners, use several B<--listener> options. +The B<--comment> option defines a text, which, when appearing at the +start of a comment line, enables host name collection. Such I<pragmatical> +comments may appear anywhere within listener and service sections and their +scope is limited by the corresponding section. When this option is used, +host collection is disabled by default. For example, assuming +B<--comment=acme>, the following configuration snippet (with irrelevant +statements replaced by ellipses) will result in issuing certificate for +C<example.org> and C<www.example.org>: + + ListenerHTTP + # acme + Service + Host -exact "example.org" + ... + End + + Service + Host -exact "www.example.org" + ... + End + End + +In contrast, when processing the following snippet, B<acmeman> will issue +certificate for C<example.org> only: + + ListenerHTTP + Service + # acme + Host -exact "example.org" + ... + End + + Service + Host -exact "www.example.org" + ... + End + End + +Furthermore, using B<no-I<TEXT>> at the start of a comment cancels +the effect of the previous pragmatic comment. This can be used for +better control of host selection: + + ListenerHTTP + Service + Match OR + # acme + Host -exact "example.org" + Host -exact "www.example.org" + # no-acme + Host -exact "test.example.org" + End + ... + End + End + + If the B<--host> (B<-h>) option is used, only one certificate will be issued. The I<HOST> will be used as its B<CN>. All the domain names read from the input files will form the list of its alternative names. @@ -856,9 +913,9 @@ cope with it. When declaring multiple hosts, always use the B<Match OR> section, like this: Match OR - Host "host1" - Host "host2" - Host "host3" + Host -exact "host1" + Host -exact "host2" + Host -exact "host3" End =item 2. These B<Host> statements (or the enclosing B<Match OR> section) @@ -967,5 +1024,5 @@ GPLv3+: GNU GPL version 3 or later, see L<http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. - + =cut |