Re: acme-client(1): replace httpd(8) location block in manpage by better match

Tue, 03 Nov 2020 01:37:49 -0800 


On 2020-11-03 09:56, Florian Obser wrote:
> On Mon, Nov 02, 2020 at 02:35:48PM +0100, Matthias Pressfreund wrote:
>> The patch below updates the acme-client(1) manpage by providing a
>> closer match for the httpd(8) location block accepting acme challenge
>> responses.
> 
> How is this better?
> 
> When the requested file exits in /var/www/acme/ I get a 200 in both cases.
> When the file does not exists I get a 404 in both cases.
> 

It is better because I may not want the server to return 404 if the file
does not exist. Instead, I may want to let the server fall back to its
default behavior as shown in the example below where it would simply drop
the connection.

server "example.com" {
        ...
        block drop
        location found "/.well-known/acme-challenge/*" { ... }
        ...
}

> If /var/www/acme itself is missing I get 404 without this and 500 with
> this patch. Why is 500 better?
> 

Even in this case I like the 500 better as it reflects the state of my
server, like if I point a location's root to a directory that does not
exist, my server truly suffers from an 'internal server error'.


> Thanks,
> Florian
>>
>>
>> Index: usr.sbin/acme-client/acme-client.1
>> ===================================================================
>> RCS file: /cvs/src/usr.sbin/acme-client/acme-client.1,v
>> retrieving revision 1.34
>> diff -u -p -u -p -r1.34 acme-client.1
>> --- usr.sbin/acme-client/acme-client.1       10 May 2020 12:06:18 -0000      
>> 1.34
>> +++ usr.sbin/acme-client/acme-client.1       2 Nov 2020 13:18:12 -0000
>> @@ -14,7 +14,7 @@
>>  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>>  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>  .\"
>> -.Dd $Mdocdate: May 10 2020 $
>> +.Dd $Mdocdate: November 2 2020 $
>>  .Dt ACME-CLIENT 1
>>  .Os
>>  .Sh NAME
>> @@ -58,7 +58,7 @@ can be served by
>>  with this location block,
>>  which will properly map response challenges:
>>  .Bd -literal -offset indent
>> -location "/.well-known/acme-challenge/*" {
>> +location found "/.well-known/acme-challenge/*" {
>>      root "/acme"
>>      request strip 2
>>  }
>>
>

Reply via email to