doc: allow plain HTTP for things other then LE, but be explicit

author: Lars Wirzenius <liw@liw.fi> 2020-07-26 09:58:50 +0300
committer: Lars Wirzenius <liw@liw.fi> 2020-07-26 09:58:50 +0300
commit: fae5a188e480fbebd5a30b5a52fe57ddc2b18eef (patch)
tree: 13acf1f524280e4ba0b67f2ce964e2b6723b5d55
parent: 10379aab6aeffd3962c50ba300bb107a1c578464 (diff)
download: ewww-fae5a188e480fbebd5a30b5a52fe57ddc2b18eef.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/ewww.md b/ewww.md
index cfc4ac1..c2a5277 100644
--- a/ewww.md
+++ b/ewww.md
@@ -25,8 +25,9 @@ expressed as _scenarios_ in the acceptance criteria chapter.
   on my Thinkpad T480 laptop. A self-signed certificate is OK.
 * Fast, time from starting server to having served first HTTPS request
   should be at most 100 ms.
-* Serves only HTTPS, except what Let's Encrypt needs to be served over
-  plain HTTP.
+* Serves only HTTPS, except what needs to be served over plain HTTP,
+  e.g., for Let's Encrypt certificate validation. Any plain HTTP
+  access must be explicitly allowed.
 
 I don't need flexibility, and I don't want to configure anything
 that's not essential for this. Hardcoded assumptions are A-OK, if my
author	Lars Wirzenius <liw@liw.fi>	2020-07-26 09:58:50 +0300
committer	Lars Wirzenius <liw@liw.fi>	2020-07-26 09:58:50 +0300
commit	fae5a188e480fbebd5a30b5a52fe57ddc2b18eef (patch)
tree	13acf1f524280e4ba0b67f2ce964e2b6723b5d55
parent	10379aab6aeffd3962c50ba300bb107a1c578464 (diff)
download	ewww-fae5a188e480fbebd5a30b5a52fe57ddc2b18eef.tar.gz