aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xacmeman8
-rw-r--r--lib/App/Acmeman/Source/Apache.pm15
2 files changed, 19 insertions, 4 deletions
diff --git a/acmeman b/acmeman
index 83519f7..ea9198a 100755
--- a/acmeman
+++ b/acmeman
@@ -224,3 +224,3 @@ Use this source if all domains are described in the configuration file.
The B<apache> source module is the default. It scans B<httpd> configuration
-files as described in section B<APACHE>. One argument is allowed. If supplied,
+files as described in section B<apache>. One argument is allowed. If supplied,
it defines the apache configuration layout. Allowed values are: B<debian>,
@@ -367,3 +367,3 @@ setting.
[core]
- source = apache [LAYOUT]
+ source = apache [--server-root=DIR] [LAYOUT]
@@ -375,2 +375,6 @@ B<rh> (for Red Hat). If not supplied, the layout is determined automatically.
+Use the B<--server-root> option to supply the name of the server root
+directory, if for some reason the module is unable to determine it
+automatically.
+
A special directory should be configured for receiving ACME challenges.
diff --git a/lib/App/Acmeman/Source/Apache.pm b/lib/App/Acmeman/Source/Apache.pm
index 2041bb1..b429f89 100644
--- a/lib/App/Acmeman/Source/Apache.pm
+++ b/lib/App/Acmeman/Source/Apache.pm
@@ -11,2 +11,3 @@ use App::Acmeman::Apache::Layout;
use parent 'App::Acmeman::Source';
+use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case);
@@ -14,3 +15,8 @@ sub new {
my $class = shift;
- bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class;
+ my $server_root;
+ GetOptionsFromArray(\@_,
+ 'server-root=s' => \$server_root);
+ my $self = bless { _layout => new App::Acmeman::Apache::Layout(@_) }, $class;
+ $self->server_root($server_root) if $server_root;
+ return $self;
}
@@ -240,3 +246,3 @@ sub setup {
SSLHonorCipherOrder on
- SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLCertificateFile /etc/ssl/acme/\$domain/cert.pem
@@ -291,2 +297,7 @@ sub probe {
close $nullout;
+ unless ($self->server_root) {
+ ::error("can't deduce server root directory");
+ ::error("use `source = apache --server-root=DIR' in [core] section of /etc/acmeman.conf to declare it");
+ exit(1);
+ }
}

Return to:

Send suggestions and report system problems to the System administrator.