ACME: use HTTP for the Nginx readyness check #595

dpausp · 2020-06-12T10:04:22Z

This avoids conflicts with other services that want to use port 443.
Our current use case for this is a TURN server using 443.
Nginx can be configured to only listen on port 80 now.
The acme client uses HTTP for challenges.

Case 126629

@flyingcircusio/release-managers

Release process

Impact:

Changelog:

Fix port conflict on 443 when Letsencrypt is used. This makes it possible to run a TURN server on 443 with automated letsencrypt certs, for example.

Security implications

Security requirements defined? (WHERE)
- only affects an internal check on a port that must be open anyways for letsencrypt
Security requirements tested? (EVIDENCE)
- nothing to test

This avoids conflicts with other services that want to use port 443. Our current use case for this is a TURN server using 443. Nginx can be configured to only listen on port 80 now. The acme client uses HTTP for challenges. Case 126629

ACME: use HTTP for the Nginx readyness check

61194f0

This avoids conflicts with other services that want to use port 443. Our current use case for this is a TURN server using 443. Nginx can be configured to only listen on port 80 now. The acme client uses HTTP for challenges. Case 126629

ckauhaus merged commit 2782498 into nixos-19.03 Jun 12, 2020

ckauhaus deleted the 126629-acme-avoid-443-conflict branch June 12, 2020 10:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ACME: use HTTP for the Nginx readyness check #595

ACME: use HTTP for the Nginx readyness check #595

dpausp commented Jun 12, 2020

ACME: use HTTP for the Nginx readyness check #595

ACME: use HTTP for the Nginx readyness check #595

Conversation

dpausp commented Jun 12, 2020

Release process

Security implications