From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14012 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: Supporting git access via smart HTTPS protocol for musl-libc Date: Tue, 26 Mar 2019 10:59:35 -0400 Message-ID: <20190326145935.GX23599@brightrain.aerifal.cx> References: <20190324103306.GB1830@localhost> <20190326003411.GC1872@localhost> <20190326010933.GC3713@localhost> <397c5906-090a-460e-7ea8-8f9248e0be59@adelielinux.org> <20190326013706.GV23599@brightrain.aerifal.cx> <20190326015434.GB8855@localhost> <20190326025937.GW23599@brightrain.aerifal.cx> <20190326111927.62882e67@inria.fr> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="78989"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-14028-gllmg-musl=m.gmane.org@lists.openwall.com Tue Mar 26 15:59:51 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1h8nYN-000KSN-55 for gllmg-musl@m.gmane.org; Tue, 26 Mar 2019 15:59:51 +0100 Original-Received: (qmail 22040 invoked by uid 550); 26 Mar 2019 14:59:48 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 22022 invoked from network); 26 Mar 2019 14:59:48 -0000 Content-Disposition: inline In-Reply-To: <20190326111927.62882e67@inria.fr> Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:14012 Archived-At: On Tue, Mar 26, 2019 at 11:19:27AM +0100, Jens Gustedt wrote: > Hello, > > On Mon, 25 Mar 2019 22:59:37 -0400 Rich Felker wrote: > > > > Nginx is bloat free I think. But perhaps not in comparison to > > > thttpd. I will look how to support cgit http/s with thttpd using a > > > hook. > > > > > > At skarnet.org, the author is using busybox httpd with cgi support > > > and cgit cgi hooks to give http/s git access. > > > > OK, that sounds promising. If it can be done with cgi, it should be > > easy to setup, assuming the git client is forgiving of thttpd's > > slightly non-conforming cgi behavior regarding headers. > > One thing you'd have to have in mind is to chose a server for which it > is possible to update the certificate automatically. For some time I > used mini_httpd, which is really minimal footprint, but I had to > update the letsencrypt certificate every three month manually. > > Now I switched to nginx and here automatic update of the certificate > works like a charm. Nothing special is needed for this; any httpd that serves from the filesystem works fine. I already have LE on *.musl-libc.org and other domains, using acme-tiny from cron: https://github.com/diafygi/acme-tiny/ Rich