From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
Received: (qmail 28220 invoked from network); 13 Jan 2024 04:29:30 -0000
Received: from 9front.inri.net (168.235.81.73)
  by inbox.vuxu.org with ESMTPUTF8; 13 Jan 2024 04:29:30 -0000
Received: from mail-108-mta153.mxroute.com ([136.175.108.153]) by 9front; Fri Jan 12 23:27:21 -0500 2024
Received: from filter006.mxroute.com ([136.175.111.2] filter006.mxroute.com)
 (Authenticated sender: mN4UYu2MZsgR)
 by mail-108-mta153.mxroute.com (ZoneMTA) with ESMTPSA id 18d0112f0830003727.001
 for <9front@9front.org>
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Sat, 13 Jan 2024 04:27:14 +0000
X-Zone-Loop: a035d289b74ca64f4d572c42263c8ae94d8f6d600ee4
X-Originating-IP: [136.175.111.2]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=self.rodeo;
	s=x; h=Content-Transfer-Encoding:Content-Type:Message-ID:References:
	In-Reply-To:Subject:To:From:Date:MIME-Version:Sender:Reply-To:Cc:Content-ID:
	Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
	:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
	List-Post:List-Owner:List-Archive;
	bh=SlM5AxwoDnCD1EQS93JrS9KHzLJBfC9G3zEupaBHVh0=; b=tjGqQY2KcOJfKHvp/nM7tEhTnH
	y4AEHqXI7Qi2i1eJA7uxsxZW4nT/ex3xSRP79lrSQeZ3ZQpTPwE6xXJl+TJ40yhvaMCOeMbeR9VQa
	wYECIZPh95UsaFvUKe9frMnF+HhLHo1P/fqbetZcyHjfrnX4Zocy3IW/+PTUyelWhX5CtBty48bPv
	bwUrLSjnrViJpO76fuwaS7k+eh+lGp3Pa5IRo3R8+3aBsZIHeqtCaD8L9f/M/K7YWFd+IBycyxDT9
	Fl9RyII/i7YsV7eEqy+HtAt8HzNf7MB0s/hFirDJqpMfUk4OzD/TNkbDrTkVlXVUDgqoVysLChEBy
	DvyPhKsQ==;
MIME-Version: 1.0
Date: Fri, 12 Jan 2024 20:27:12 -0800
From: eso@self.rodeo
To: 9front@9front.org
In-Reply-To: <bb47c92d5d2103c644fa44fb4b868833@self.rodeo>
References: <bb47c92d5d2103c644fa44fb4b868833@self.rodeo>
Message-ID: <3f60a52674208801328181dd7b59bfb1@self.rodeo>
X-Sender: eso@self.rodeo
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Id: eso@self.rodeo
List-ID: <9front.9front.org>
List-Help: <http://lists.9front.org>
X-Glyph: ➈
X-Bullshit: decentralized core standard callback-based layer 
Subject: Re: [9front] [patch] improve http challenge documentation in acmed(8)
Reply-To: 9front@9front.org
Precedence: bulk

ping

On 2023-12-19 20:22, eso@self.rodeo wrote:
> working through the example for http challenge in acmed(8) left out a 
> few steps and clarifications. now, following the example with your 
> webserver will (should) give your domain https. i also added 
> /rc/bin/service/!tcp443 as an example service for acmed(8) to 
> reference. while i was at it, i also updated listen(8) to include tcp80 
> and tcp443.
> 
> eso
> 
> 
> diff 66fc6a3e6443d7eb8298f65b0c9803197d196ec7 uncommitted
> --- a/sys/man/8/acmed
> +++ b/sys/man/8/acmed
> @@ -176,11 +176,33 @@
>  .IR webfs (4)
>  to be mounted as the ACME protocol uses HTTP
>  to talk to the provider.
> +.PP
> +Change -o to be the path your webserver
> +will be serving at
> +.br
> +.BI http:// mydomain.com /.well-known/acme-challenge .
>  .IP
>  .EX
> -auth/acmed me@example.com /sys/lib/tls/acmed/mydomain.com.csr \\
> +auth/acmed -o /path/to/webroot/.well-known/acme-challenge/ \\
> +me@example.com /sys/lib/tls/acmed/mydomain.com.csr \\
>  	> /sys/lib/tls/acmed/mydomain.com.crt
>  .EE
> +.PP
> +The
> +.B cert.key
> +must also be loaded into
> +.IR factotum (4).
> +.IP
> +.EX
> +cat cert.key > /mnt/factotum/ctl
> +.EE
> +.PP
> +Now you can configure
> +.BR /rc/bin/service/tcp443
> +to handle
> +.br
> +HTTPS connections with your webserver of choice.
> +.br
>  .PP
>  When using the DNS challenge method,
>  your DNS server
> --- a/sys/man/8/listen
> +++ b/sys/man/8/listen
> @@ -1,6 +1,6 @@
>  .TH LISTEN 8
>  .SH NAME
> -listen, listen1, tcp7, tcp9, tcp19, tcp21, tcp23, tcp25, tcp53, 
> tcp110, tcp113, tcp143, tcp445, tcp513, tcp515, tcp564, tcp565, tcp566, 
> tcp567, tcp993, tcp995, tcp1723, tcp17019, tcp17020 \- listen for calls 
> on a network device
> +listen, listen1, tcp7, tcp9, tcp19, tcp21, tcp23, tcp25, tcp53, tcp80, 
> tcp110, tcp113, tcp143, tcp443, tcp445, tcp513, tcp515, tcp564, tcp565, 
> tcp566, tcp567, tcp993, tcp995, tcp1723, tcp17019, tcp17020 \- listen 
> for calls on a network device
>  .SH SYNOPSIS
>  .B aux/listen
>  .RB [ -iq ]
> @@ -182,6 +182,9 @@
>  .B tcp53
>  TCP port for DNS.
>  .TP
> +.B tcp80
> +HTTP port.
> +.TP
>  .B tcp110
>  POP3 port.
>  .TP
> @@ -192,6 +195,9 @@
>  .TP
>  .B tcp143
>  IMAP4rev1 port.
> +.TP
> +.B tcp443
> +HTTPS port.
>  .TP
>  .B tcp445
>  CIFS/SMB file sharing.
> 
> 
> diff 66fc6a3e6443d7eb8298f65b0c9803197d196ec7 uncommitted
> --- /dev/null
> +++ b/rc/bin/service/!tcp443
> @@ -1,0 +1,4 @@
> +#!/bin/rc
> +
> +# See acmed(8)
> +/bin/tlssrv -c/sys/lib/tls/acmed/mydomain.com.crt 
> /rc/bin/rc-httpd/rc-httpd