summaryrefslogtreecommitdiffabout
path: root/README
blob: bc2ac0d9679e85791c78c6e2229156124fedd939 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
fileserv README.
See the end of file for copying conditions.

* Overview

This is a simple HTTP server for serving static files. It is suitable
as a lightweight replacement for full-fledged HTTP servers on sites
where only sporadic serving of static data is needed.

One of such use cases is deployment of LetsEncrypt certificates on a
server that runs only proxy software, such as pound[1] or haproxy[2]. In
this case using e.g. Apache or even lighttpd just to serve
LetsEncrypt challenge requests arriving once in 90 days is clearly an
overkill. Instead, fileserv can be used.

Starting the server can be as simple as:

 fileserv -u nobody -a 127.0.0.1:8080 /.well-known/acme-challenge:/var/www/acme
 
This instructs it to run in background with privileges of the user nobody
listening on localhost, port 8080. Requests with URL path beginning
with /.well-known/acme-challenge will be served from directory
/var/www/acme. Other requests will be rejected.

It is more convenient to keep all settings in the configuration file.
Its name is ${sysconfdir}/fileserv.conf, where ${sysconfdir} is
determined when compiling the package. Normally, it is /etc or
/usr/local/etc.

The above command line options are equivalent to the following
configuration:

 user nobody
 listen 127.0.0.1:8080
 mapping /.well-known/acme-challenge:/var/www/acme

If the proxy used is pound[1], define the following service in its
configuration file /etc/pound.conf:

 Service
     URL "^/.well-known/acme-challenge"
     BackEnd
         Address 127.0.0.1
         Port 8080
     End
 End

This will forward LetsEncrypt challenge requests to fileserv. Make
sure this service declaration is located before all other services, so
that it takes precedence over them.

If using haproxy[2], use the following fragment (supposing the default
backend is called dfl) in /etc/haproxy/haproxy.cfg:

 frontend http-in
    bind *:80
    default_backend dfl
    acl letsencrypt path_beg /.well-known/acme-challenge
    use_backend fileserv if letsencrypt

 backend fileserv
    server localhost 127.0.0.1:8080

* Building

To build fileserv you will need GNU Libmicrohttpd library[3]. It is
available for download from http://ftp.gnu.org/gnu/libmicrohttpd.

When building from source package, usual incantations apply:

 ./configure
 make
 make install

If you are building from a clone of the Git repository, you will need
GNU autotools to bootstrap the package first. Run

  autoreconf -f -i -s

in the top level source directory. This will create the configure
script and populate the directory with the missing files. Then proceed
as described above.

* Documentation

Manpage fileserv.8 included. After installing the package, run
man fileserv.
    
* Bug reporting.		

Send bug reports to <gray+fileserv@gnu.org.ua>. 

* References

[1] Pound - http://www.apsis.ch/pound
[2] Haproxy - http://www.haproxy.org
[3] GNU Libmicrohttpd - https://www.gnu.org/software/libmicrohttpd


* Copyright information:

Copyright (C) 2017-2019 Sergey Poznyakoff

   Permission is granted to anyone to make or distribute verbatim copies
   of this document as received, in any medium, provided that the
   copyright notice and this permission notice are preserved,
   thus giving the recipient permission to redistribute in turn.

   Permission is granted to distribute modified versions
   of this document, or of portions of it,
   under the above conditions, provided also that they
   carry prominent notices stating who last changed them.


Local Variables:
mode: outline
paragraph-separate: "[ 	]*$"
version-control: never
End:


Return to:

Send suggestions and report system problems to the System administrator.