Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added a standalone server for the http01 challenges #227

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Added a standalone server for the http01 challenges #227

wants to merge 1 commit into from

Conversation

TheStaticTurtle
Copy link

Hi,

This is a basic standalone provider for a http-01 challenge.

The server host and port are configurable when creating the provider. The server starts and stops by itself when a new challenge is set up and when there isn't any challenge left

@mmaney
Copy link
Collaborator

mmaney commented Dec 22, 2022

An interesting idea, but my initial reaction is that this is not something I can see being part of sewer - it has focused on managing the ACME side of things while handing the challenges off to an external service. There was really minimal support (more like preparation to add support) for http-1 challenges years ago, but it never went anywhere. Frankly, if I had been more active for the last two years, even that stub might have been removed as unused baggage.

But if you can see your way past an in-process HTTP server, this could be an opportunity to make use of that. I'd imagine it would look something like this:

  • standalone server that consults a file, initially empty, of challenges
  • an http-1 Provider that writes challenges to (creates?) that file and removes them (it?) when completed
  • there are probably other changes that will suggest themselves if this is to be integrated into the cli

I'm not sure about having sewer directly manage (start and stop) the external server. I don't really see the need for that as it can be done easily enough by a script that runs both the server and sewer, and this is almost certainly better for shutting the server down in the even sewer takes an error exit. I am also entirely uninterested in taking on even hypothetically the burden of maintaining that HTTP server as a part of sewer. Heck, I've been thinking that the DNS provider modules ought to be moved into a "contrib" category. Visibly, that is - it's certainly the reality of it.

Anyway, that's my first take on this to get the discussion going. Thanks, as always, for the interest in sewer.

@TheStaticTurtle
Copy link
Author

Hi,

Yeah, I agree, don't know how useful that would be in the CLI version (which I just realized existed 😅). I shared it more as an example for the http-01 challenge because there are loads of example for DNS, but none that really give an example for HTTP.

For example, I use a version of this standalone server on my TrueACME project because TrueNAS doesn't have an HTTP acme client and I wanted to avoid touching the UI files. In this case, the nginx config forwards /.well-known/acme-challegenges to the standalone server.

I don't mind if it doesn't get in the repo, but it would be nice to have a concrete example somewhere.

Also, thanks for this lib, it really takes care of the heavy-lifting of talking to an acme server.

Samuel

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TheStaticTurtle @mmaney