12
acme-redirect: easy to use acmev2 daemon in rust
source link: https://github.com/kpcyrd/acme-redirect
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
acme-redirect(1)
A minimal http daemon that answers acme challenges and redirects everything else to https.
A minimal configuration looks like this:
# cat /etc/acme-redirect.d/example.com.conf [cert] name = "example.com" dns_names = [ "example.com", "www.example.com", ] exec = [ "systemctl reload nginx", ]
Start the acme-redirect daemon:
systemctl enable --now acme-redirect
Request certificates:
acme-redirect renew
Setup automatic renew:
systemctl enable --now acme-redirect-renew.timer
Your certificate is located here:
/var/lib/acme-redirect/live/example.com/live/fullchain /var/lib/acme-redirect/live/example.com/live/privkey
Installation
Arch Linux
pacman -S acme-redirect
Debian based
Currently supported: buster
apt install debian-keyring gpg -a --export --keyring /usr/share/keyrings/debian-maintainers.gpg [email protected] | apt-key add - apt-key adv --keyserver keyserver.ubuntu.com --refresh-keys [email protected] echo deb https://apt.vulns.sexy stable main >> /etc/apt/sources.list.d/apt-vulns-sexy.list apt update && apt install acme-redirect
Build from source
git clone https://github.com/kpcyrd/acme-redirect.git cd acme-redirect/ cargo build --release install -Dm 755 -t /usr/local/bin \ target/release/acme-redirect install -Dm 644 contrib/confs/acme-redirect.conf -t /etc install -Dm 644 contrib/confs/certs.d/example.com.conf /etc/acme-redirect.d/example.com.conf.sample install -Dm 644 -t /etc/systemd/system \ contrib/systemd/acme-redirect-renew.service \ contrib/systemd/acme-redirect-renew.timer \ contrib/systemd/acme-redirect.service install -Dm 644 contrib/systemd/acme-redirect.sysusers /etc/sysusers.d/acme-redirect.conf install -Dm 644 contrib/systemd/acme-redirect.tmpfiles /etc/tmpfiles.d/acme-redirect.conf sudo systemd-sysusers sudo systemd-tmpfiles --create
Status
I'm using this in production since summer 2020.
Development
mkdir tmp export ACME_CONFIG="$PWD/contrib/confs/acme-redirect.conf" export ACME_CONFIG_DIR="$PWD/contrib/confs/certs.d/" export ACME_CHALL_DIR="$PWD/tmp/" export ACME_DATA_DIR="$PWD/tmp/" cargo run -- status cargo run -- daemon -B '[::]:8080' -v
License
GPLv3+
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK