mbiryukova/lego
1
0
Fork 0
forked from TrueCloudLab/lego
Code Pull requests Activity

Adapt README and CHANGELOG to latest changes

Browse source
This commit is contained in:
xenolf 2015-12-27 20:34:30 +01:00
parent 3a3baf1597
commit 7c60c45e2c
2 changed files with 35 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
CHANGELOG.md
View file

@ -2,8 +2,22 @@
## [Unreleased] ## [Unreleased]
### Added:
- CLI: The `--exclude` or `-x` switch. To exclude a challenge from being solved.
- CLI: The `--httpPort`. To set the listen port of HTTP based challenges.
- CLI: The `--tlsPort`. To set the listen port of TLS based challenges.
- lib: ExcludeChallenges function. Pass an array of challenge identifiers to exclude them from solving.
- lib: SetHTTPPort function. Pass a port to set the listen port for HTTP based challenges.
- lib: SetTLSPort function. Pass a port to set the listen port of TLS based challenges.
### Changed:
- lib: NewClient does no longer accept the optPort parameter
### Removed:
- CLI: The `--port` switch was removed.
### Fixed: ### Fixed:
- CLI: Fix logic using the --days parameter - CLI: Fix logic using the `--days` parameter for renew
## [0.1.1] - 2015-12-18 ## [0.1.1] - 2015-12-18

28
README.md
View file

@ -45,15 +45,19 @@ The CLI does not require root permissions but needs to bind to port 80 and 443 f
To run the CLI without sudo, you have two options: To run the CLI without sudo, you have two options:
- Use setcap 'cap_net_bind_service=+ep' /path/to/program - Use setcap 'cap_net_bind_service=+ep' /path/to/program
- Pass the `--port` option and specify a custom port to bind to. In this case you have to forward port 443 to this custom port. - Pass the `--httpPort` or/and the `--tlsPort` option and specify a custom port to bind to. In this case you have to forward port 80/443 to these custom ports (see [Port Usage](#port-usage)).
#### Port Usage #### Port Usage
By default lego assumes it is able to bind to ports 80 and 443 to solve challenges. By default lego assumes it is able to bind to ports 80 and 443 to solve challenges.
If this is not possible in your environment, you can use the `--port` option to instruct If this is not possible in your environment, you can use the `--httpPort` and `--tlsPort` options to instruct
lego to listen on that port for any incoming challenges. lego to listen on that port for any incoming challenges.
If you are using this option, make sure you proxy all of the following traffic to that port: If you are using this option, make sure you proxy all of the following traffic to these ports.
HTTP Port:
- All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge. - All plaintext HTTP requests to port 80 which begin with a request path of `/.well-known/acme-challenge/` for the HTTP-01 challenge.
TLS Port:
- All TLS handshakes on port 443 for TLS-SNI-01. - All TLS handshakes on port 443 for TLS-SNI-01.
This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding. This traffic redirection is only needed as long as lego solves challenges. As soon as you have received your certificates you can deactivate the forwarding.
@ -68,7 +72,7 @@ USAGE:
./lego [global options] command [command options] [arguments...] ./lego [global options] command [command options] [arguments...]
VERSION: VERSION:
0.1.0 0.2.0
COMMANDS: COMMANDS:
run Register an account, then create and install a certificate run Register an account, then create and install a certificate
@ -82,7 +86,9 @@ GLOBAL OPTIONS:
--email, -m Email used for registration and recovery contact. --email, -m Email used for registration and recovery contact.
--rsa-key-size, -B "2048" Size of the RSA key. --rsa-key-size, -B "2048" Size of the RSA key.
--path "${CWD}" Directory to use for storing the data --path "${CWD}" Directory to use for storing the data
--port Challenges will use this port to listen on. Please make sure to forward port 443 to this port on your machine. Otherwise use setcap on the binary --exclude, -x [--exclude option --exclude option] Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
--httpPort Set the port to use for HTTP based challenges to listen on.
--tlsPort Set the port to use for TLS based challenges to listen on.
--help, -h show help --help, -h show help
--version, -v print the version --version, -v print the version
@ -141,14 +147,18 @@ myUser := MyUser{
// A client facilitates communication with the CA server. This CA URL is // A client facilitates communication with the CA server. This CA URL is
// configured for a local dev instance of Boulder running in Docker in a VM. // configured for a local dev instance of Boulder running in Docker in a VM.
// We specify an optPort of 5001 because we aren't running as root and can't client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize)
// bind a listener to port 80 or 443 (used later when we attempt to pass challenges).
// Keep in mind that we still need to proxy challenge traffic to port 5001.
client, err := acme.NewClient("http://192.168.99.100:4000", &myUser, rsaKeySize, "5001")
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
// We specify an httpPort of 5002 and an tlsPort of 5001 because we aren't running as
// root and can't bind a listener to port 80 and 443
// (used later when we attempt to pass challenges).
// Keep in mind that we still need to proxy challenge traffic to port 5002 and 5001.
client.SetHTTPPort("5002")
client.SetTLSPort("5001")
// New users will need to register; be sure to save it // New users will need to register; be sure to save it
reg, err := client.Register() reg, err := client.Register()
if err != nil { if err != nil {