From e51b5c34ac3c189f52e543d6e4dcdfe6ae2a50e8 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 26 Jul 2020 09:54:16 +0300 Subject: fix: ewww.md to say server is startd by something like systemd --- ewww.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ewww.md b/ewww.md index 6ccafe1..f0404e2 100644 --- a/ewww.md +++ b/ewww.md @@ -63,10 +63,10 @@ tls-key: /etc/letsencrypt/live/certname/privkey.pem The hosts are aliases; the first host on the list is the main one, the others automatically redirect to it. -The server is started as `root`, reads in the TLS private key and -cert, binds to the ports, then drops privileges to `nobody`. The -configuration specifies for each port if plain HTTP or HTTPS is -expected. +The server is started via systemd or other mechanism that binds to +privileged ports and handles process management: daemonization, +restarting, etc. The configuration specifies for each port if plain +HTTP or HTTPS is expected. The server automatically listens on both port 80 (http) and 443 (https) so that it can serve the Let's Encrypt files. It only serves -- cgit v1.2.1 From 6ad6df1977c64dda8a2fdc20836f6a486d1db811 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 26 Jul 2020 09:55:55 +0300 Subject: fix: ewww.md to say only one config supplied at startup --- ewww.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ewww.md b/ewww.md index f0404e2..1ce0d6f 100644 --- a/ewww.md +++ b/ewww.md @@ -44,9 +44,8 @@ minimal. This is a thin layer on top of the Rust warp crate. It does minimal processing for each request, and does not cache anything. -At startup, the server is provided with a directory and it reads all -configuration files in that directory. Each configuration file looks -like this: +At startup, the server is provided with a single configuration file, +which looks like this: ~~~yaml webroot: /srv/http/example.com -- cgit v1.2.1 From 10379aab6aeffd3962c50ba300bb107a1c578464 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 26 Jul 2020 09:57:06 +0300 Subject: doc: link to warp crate in ewww.md --- ewww.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ewww.md b/ewww.md index 1ce0d6f..cfc4ac1 100644 --- a/ewww.md +++ b/ewww.md @@ -41,7 +41,9 @@ minimal. # Architecture -This is a thin layer on top of the Rust warp crate. It does minimal +[warp crate]: https://crates.io/crates/warp + +This is a thin layer on top of the Rust [warp crate][]. It does minimal processing for each request, and does not cache anything. At startup, the server is provided with a single configuration file, -- cgit v1.2.1 From fae5a188e480fbebd5a30b5a52fe57ddc2b18eef Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 26 Jul 2020 09:58:50 +0300 Subject: doc: allow plain HTTP for things other then LE, but be explicit --- ewww.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ewww.md b/ewww.md index cfc4ac1..c2a5277 100644 --- a/ewww.md +++ b/ewww.md @@ -25,8 +25,9 @@ expressed as _scenarios_ in the acceptance criteria chapter. on my Thinkpad T480 laptop. A self-signed certificate is OK. * Fast, time from starting server to having served first HTTPS request should be at most 100 ms. -* Serves only HTTPS, except what Let's Encrypt needs to be served over - plain HTTP. +* Serves only HTTPS, except what needs to be served over plain HTTP, + e.g., for Let's Encrypt certificate validation. Any plain HTTP + access must be explicitly allowed. I don't need flexibility, and I don't want to configure anything that's not essential for this. Hardcoded assumptions are A-OK, if my -- cgit v1.2.1 From 3f38723a181558cfa020ac553b248144c3a75c61 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 26 Jul 2020 10:00:01 +0300 Subject: doc: clarify that ewww doesn't create/renew TLS cert --- ewww.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ewww.md b/ewww.md index c2a5277..f2d1778 100644 --- a/ewww.md +++ b/ewww.md @@ -7,7 +7,8 @@ simple to configure, simple to keep running, and fast. * I have files in a directory, and a domain name pointing at the host. I want to serve the files using HTTPS. I want the TLS certificate to - come from Let's Encrypt, and get renewed automatically. + come from Let's Encrypt, but the web server doesn't need to be + involved in its creation or renewal. * Same, but I have multiple domain names and each should serve from different directories and potentially have their own certificates. -- cgit v1.2.1