Merge branch 'subplot-fixes' into 'master'

Subplot fixes Closes #24, #22, #21, #20, and #19 See merge request larswirzenius/ewww!10
author: Lars Wirzenius <liw@liw.fi> 2020-07-26 07:02:27 +0000
committer: Lars Wirzenius <liw@liw.fi> 2020-07-26 07:02:27 +0000
commit: 2713af54b0cf89b665c05c769365572b0c4621f3 (patch)
tree: ed0657939e8ec97ed3922107ab80e994a88bd7a7
parent: 0a04bf846a18788642669ab968825db3253010eb (diff)
parent: 3f38723a181558cfa020ac553b248144c3a75c61 (diff)
download: ewww-2713af54b0cf89b665c05c769365572b0c4621f3.tar.gz
1 files changed, 14 insertions, 11 deletions
diff --git a/ewww.md b/ewww.md
index 6ccafe1..f2d1778 100644
--- a/ewww.md
+++ b/ewww.md
@@ -7,7 +7,8 @@ simple to configure, simple to keep running, and fast.
 
 * I have files in a directory, and a domain name pointing at the host.
   I want to serve the files using HTTPS. I want the TLS certificate to
-  come from Let's Encrypt, and get renewed automatically.
+  come from Let's Encrypt, but the web server doesn't need to be
+  involved in its creation or renewal.
 
 * Same, but I have multiple domain names and each should serve from
   different directories and potentially have their own certificates.
@@ -25,8 +26,9 @@ expressed as _scenarios_ in the acceptance criteria chapter.
   on my Thinkpad T480 laptop. A self-signed certificate is OK.
 * Fast, time from starting server to having served first HTTPS request
   should be at most 100 ms.
-* Serves only HTTPS, except what Let's Encrypt needs to be served over
-  plain HTTP.
+* Serves only HTTPS, except what needs to be served over plain HTTP,
+  e.g., for Let's Encrypt certificate validation. Any plain HTTP
+  access must be explicitly allowed.
 
 I don't need flexibility, and I don't want to configure anything
 that's not essential for this. Hardcoded assumptions are A-OK, if my
@@ -41,12 +43,13 @@ minimal.
 
 # Architecture
 
-This is a thin layer on top of the Rust warp crate. It does minimal
+[warp crate]: https://crates.io/crates/warp
+
+This is a thin layer on top of the Rust [warp crate][]. It does minimal
 processing for each request, and does not cache anything. 
 
-At startup, the server is provided with a directory and it reads all
-configuration files in that directory. Each configuration file looks
-like this:
+At startup, the server is provided with a single configuration file,
+which looks like this:
 
 ~~~yaml
 webroot: /srv/http/example.com
@@ -63,10 +66,10 @@ tls-key: /etc/letsencrypt/live/certname/privkey.pem
 The hosts are aliases; the first host on the list is the main one, the
 others automatically redirect to it.
 
-The server is started as `root`, reads in the TLS private key and
-cert, binds to the ports, then drops privileges to `nobody`. The
-configuration specifies for each port if plain HTTP or HTTPS is
-expected.
+The server is started via systemd or other mechanism that binds to
+privileged ports and handles process management: daemonization,
+restarting, etc. The configuration specifies for each port if plain
+HTTP or HTTPS is expected.
 
 The server automatically listens on both port 80 (http) and 443
 (https) so that it can serve the Let's Encrypt files. It only serves
author	Lars Wirzenius <liw@liw.fi>	2020-07-26 07:02:27 +0000
committer	Lars Wirzenius <liw@liw.fi>	2020-07-26 07:02:27 +0000
commit	2713af54b0cf89b665c05c769365572b0c4621f3 (patch)
tree	ed0657939e8ec97ed3922107ab80e994a88bd7a7
parent	0a04bf846a18788642669ab968825db3253010eb (diff)
parent	3f38723a181558cfa020ac553b248144c3a75c61 (diff)
download	ewww-2713af54b0cf89b665c05c769365572b0c4621f3.tar.gz