httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elu...@apache.org
Subject svn commit: r1805197 - in /httpd/httpd/trunk/docs/manual/mod: mod_md.html mod_md.html.en
Date Wed, 16 Aug 2017 13:44:50 GMT
Author: elukey
Date: Wed Aug 16 13:44:49 2017
New Revision: 1805197

URL: http://svn.apache.org/viewvc?rev=1805197&view=rev
Log:
mod_md doc rebuild

Added:
    httpd/httpd/trunk/docs/manual/mod/mod_md.html
    httpd/httpd/trunk/docs/manual/mod/mod_md.html.en

Added: httpd/httpd/trunk/docs/manual/mod/mod_md.html
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.html?rev=1805197&view=auto
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_md.html (added)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.html Wed Aug 16 13:44:49 2017
@@ -0,0 +1,5 @@
+# GENERATED FROM XML -- DO NOT EDIT
+
+URI: mod_md.html.en
+Content-Language: en
+Content-type: text/html; charset=ISO-8859-1

Added: httpd/httpd/trunk/docs/manual/mod/mod_md.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.html.en?rev=1805197&view=auto
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_md.html.en (added)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.html.en Wed Aug 16 13:44:49 2017
@@ -0,0 +1,432 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head>
+<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+<!--
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+              This file is generated from xml source: DO NOT EDIT
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+      -->
+<title>mod_md - Apache HTTP Server Version 2.5</title>
+<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main
stylesheet" />
+<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all"
type="text/css" title="No Sidebar - Default font size" />
+<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css"
/><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" />
+<script src="../style/scripts/prettify.min.js" type="text/javascript">
+</script>
+
+<link href="../images/favicon.ico" rel="shortcut icon" /></head>
+<body>
+<div id="page-header">
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a>
| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a>
| <a href="../sitemap.html">Sitemap</a></p>
+<p class="apache">Apache HTTP Server Version 2.5</p>
+<img alt="" src="../images/feather.png" /></div>
+<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="../images/left.gif"
/></a></div>
+<div id="path">
+<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP
Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a>
&gt; <a href="../">Version 2.5</a> &gt; <a href="./">Modules</a></div>
+<div id="page-content">
+<div id="preamble"><h1>Apache Module mod_md</h1>
+<div class="toplang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_md.html"
title="English">&nbsp;en&nbsp;</a></p>
+</div>
+<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Managing
domains across virtual hosts, certificate provisioning 
+        via the ACME protocol
+    </td></tr>
+<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>md_module</td></tr>
+<tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_md.c</td></tr>
+<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available
in version 2.5.0 and later</td></tr></table>
+<h3>Summary</h3>
+
+        <p>
+        This module manages common properties of domains for one or more virtual hosts. 
+        Specifically it can use the ACME protocol
+        (<a href="https://datatracker.ietf.org/doc/draft-ietf-acme-acme/">RFC Draft</a>)

+        to automate certificate provisioning. These will be configured for managed domains
and
+        their virtual hosts automatically. This includes renewal of certificates before they
+        expire. The most famous Certificate Autority currently implementing the ACME protocol
+        is <a href="https://letsencrypt.org/">Let's Encrypt</a>.</p>
+        
+        <div class="warning"><h3>Warning</h3>
+            <p>This module is experimental. Its behaviors, directives, and 
+                defaults are subject to more change from release to 
+                release relative to other standard modules. Users are encouraged to 
+                consult the "CHANGES" file for potential updates.</p>
+        </div>
+
+        <p>Simple configuration example:</p>
+        
+        <div class="note"><h3>TLS in a VirtualHost context</h3>
+        <pre class="prettyprint lang-config">ManagedDomain example.org
+
+&lt;VirtualHost *:443&gt;
+    ServerName example.org
+    DocumentRoot htdocs/a
+
+    SSLEngine on
+    # no certificates specification needed!
+&lt;/VirtualHost&gt;</pre>
+
+        <p>
+            This setup will, on server start, contact
+            <a href="https://letsencrypt.org/">Let's Encrypt</a>
+            to request a certificate for the domain. If Let's Encrypt can verify the ownership
+            of the domain, the module will retrieve the certificate and its chain, store
it
+            in the local file system (see <code class="directive"><a href="#mdstoredir">MDStoreDir</a></code>)
+            and provide it, on next restart, to mod_ssl.
+        </p><p>
+            This happens while the server is already running. All other hosts will continue
+            to work as before. While a certificate is not available, requests for the managed
+            domain will be answered with a '503 Service Unavailable'. 
+        </p>
+        </div>
+
+    </div>
+<div id="quickview"><h3 class="directives">Directives</h3>
+<ul id="toc">
+<li><img alt="" src="../images/down.gif" /> <a href="#manageddomain">ManagedDomain</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#manageddomainsection">&lt;ManagedDomain&gt;</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdcachallenges">MDCAChallenges</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdcertificateagreement">MDCertificateAgreement</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdcertificateauthority">MDCertificateAuthority</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdcertificateprotocol">MDCertificateProtocol</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mddrivemode">MDDriveMode</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdmember">MDMember</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdportmap">MDPortMap</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdrenewwindow">MDRenewWindow</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdstoredir">MDStoreDir</a></li>
+</ul>
+<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd
changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&amp;list_id=144532&amp;product=Apache%20httpd-2&amp;query_format=specific&amp;order=changeddate%20DESC%2Cpriority%2Cbug_severity&amp;component=mod_md">Known
issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&amp;component=mod_md">Report
a bug</a></li></ul><h3>See also</h3>
+<ul class="seealso">
+<li><a href="#comments_section">Comments</a></li></ul></div>
+
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="ManagedDomain" id="ManagedDomain">ManagedDomain</a>
<a name="manageddomain" id="manageddomain">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Define
list of domain names that belong to one group</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ManagedDomain
<var>dns-name</var> [ <var>other-dns-name</var>... ]</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                All the names in the list are managed as one Managed Domain (MD). 
+                mod_md will request one single certificate that is valid for all these names.
This
+                directive uses the global settings (see other MD directives below). If you
+                need specific settings for one MD, use
+                the <code class="directive"><a href="#manageddomainsection">&lt;ManagedDomain&gt;</a></code>.
+            </p><p>
+                There are 2 additional settings that are necessary for a Managed Domain:
+                <code class="directive"><a href="../mod/core.html#serveradmin">ServerAdmin</a></code>
+                and <code class="directive"><a href="#mdcertificateagreement">MDCertificateAgreement</a></code>.
+                The mail address of <code class="directive"><a href="../mod/core.html#serveradmin">ServerAdmin</a></code>
+                is used to register at the CA (Let's Encrypt by default).
+                The CA may use it to notify you about
+                changes in its service or status of your certificates.
+            </p><p>
+                The second setting, <code class="directive"><a href="#mdcertificateagreement">MDCertificateAgreement</a></code>,

+                is the URL of the Terms of Service of the CA. When you configure the URL,

+                you confirm that you have read and agree to the terms described in the linked

+                document. Before you do that, the CA will  not hand out certificates to you.
+            </p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">ServerAdmin mailto:admin@example.org
+MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
+ManagedDomain example.org www.example.org
+
+&lt;VirtualHost *:443&gt;
+    ServerName example.org
+    DocumentRoot htdocs/root
+
+    SSLEngine on
+&lt;/VirtualHost&gt;
+
+&lt;VirtualHost *:443&gt;
+    ServerName www.example.org
+    DocumentRoot htdocs/www
+
+    SSLEngine on
+&lt;/VirtualHost&gt;</pre>
+</div>
+            <p>
+                There are two special names that you may use in this directive: 'manual'
+                and 'auto'. This determines if a Managed Domain shall have exactly the 
+                name list as is configured ('manual') or offer more convenince. With 'auto'
+                all names of a virtual host are added to a MD.
+            </p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">ManagedDomain example.org
+
+&lt;VirtualHost *:443&gt;
+    ServerName example.org
+    ServerAlias www.example.org
+    DocumentRoot htdocs/root
+
+    SSLEngine on
+&lt;/VirtualHost&gt;</pre>
+</div>
+            <p>
+                In this example, the domain 'www.example.org' is automatically added to
+                the MD 'example.org'. And when you add more ServerAlias names to this
+                virtual host, they will be added as well.
+            </p><p>
+                If this is too much automagic for you, define 'manual' mode. 
+                <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
will then complain if the names do not match.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="ManagedDomainsection" id="ManagedDomainsection">&lt;ManagedDomain&gt;</a>
<a name="manageddomainsection" id="manageddomainsection">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Container
for directives applied to the same managed domains</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;ManagedDomain
<var>dns-name</var> [ <var>other-dns-name</var>... ]&gt;...&lt;/ManagedDomain&gt;</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                This directive allows you to define a Managed Domain (MD) with specific
+                settings, different from the global MD* ones. For example, you can have
+                such an MD use another CA then Let's Encrypt, have its unique renewal duration
+                etc.
+            </p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">&lt;ManagedDomain sandbox.example.org&gt;
+    MDDriveMode manual
+    MDCertificateAuthority   https://someotherca.com/ACME
+    MDCertificateAgreement   https://someotherca.com/terms/v_1.02.pdf
+&lt;/ManagedDomain&gt;</pre>
+</div>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDCAChallenges" id="MDCAChallenges">MDCAChallenges</a>
<a name="mdcachallenges" id="mdcachallenges">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td
/></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCAChallenges
name [ name ... ]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCAChallenges
tls-sni-01 http-01</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                This tells <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
which challenge types it shall use in
+                which order when proving domain ownership. The names are protocol specific.
The
+                current ACME protocol version that Let's Encrypt speaks defines two challenge
+                types that are supported by <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>.
By default, it will try
+                the one on port 443 when available.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDCertificateAgreement" id="MDCertificateAgreement">MDCertificateAgreement</a>
<a name="mdcertificateagreement" id="mdcertificateagreement">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
URL of the Terms-of-Service document, that the CA server requires you to accept.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateAgreement
url-of-terms-of-service</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>When you use <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
to obtain a certificate, you become a customer of the CA (e.g. Let's Encrypt). That means
you need to read and agree to their Terms of Service, 
+            so that you understand what they offer and what they might exclude or require
from you. 
+            <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
cannot, by itself, agree to such a thing. 
+            </p>
+            <p>In case of Let's Encrypt, their current <a href="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf">Terms
of Service are here</a>. 
+            Those terms might (and probably will) change over time. So, the certificate renewal
might require you to update this agreement URL.</p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
+ManagedDomain example.org www.example.org mail.example.org</pre>
+</div>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDCertificateAuthority" id="MDCertificateAuthority">MDCertificateAuthority</a>
<a name="mdcertificateauthority" id="mdcertificateauthority">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
URL of the ACME CA service</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateAuthority
url</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority
https://acme-v01.api.letsencrypt.org/directory</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                The URL where the CA offers its service.
+            </p><p>
+                Let's Encrypt offers, right now, two such URLs. One for the real certificates
and
+                one for testing (their staging area, athttps://acme-staging.api.letsencrypt.org/directory).
+                In order to have <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
use this testing service, configure your
+                server like this: 
+            </p>
+            <div class="example"><h3>LE Staging Setup</h3><pre class="prettyprint
lang-config">MDCertificateAuthority https://acme-staging.api.letsencrypt.org/directory
+MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf</pre>
+</div>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDCertificateProtocol" id="MDCertificateProtocol">MDCertificateProtocol</a>
<a name="mdcertificateprotocol" id="mdcertificateprotocol">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The
protocol to use with the CA</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateProtocol
protocol</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateProtocol
ACME</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>Specifies the protocol to use. Currently, only <code>ACME</code>
is supported.</p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDDriveMode" id="MDDriveMode">MDDriveMode</a>
<a name="mddrivemode" id="mddrivemode">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls
when <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
will try to obtain/renew certificates.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDDriveMode
 always|auto|manual</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDDriveMode
 auto</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>In 'auto' mode, <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
will <em>drive</em> a Managed Domain's
+            properties (e.g. certicate management) whenever necessary. When a MD is not used
+            in any virtual host, the module will do nothing. When a certificate is missing,
it
+            will try to get one. When a certificate expires soon (see 
+            <code class="directive"><a href="#mdrenewwindow">MDRenewWindow</a></code>),
it will
+            renew it.
+            </p><p>
+            In 'manual' mode, it is your duty to  do all this. The module will provide existing
+            ceriticate to mod_ssl, if available. But it will not contact the CA for signup/renewal.
+            This can be useful in clustered setups where you want just one node to perform
+            the driving.
+            </p><p>
+            The third mode 'always' is like 'auto' only that <code class="module"><a
href="../mod/mod_md.html">mod_md</a></code> will not
+            check if the MD is actually used somewhere. 
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDMember" id="MDMember">MDMember</a>
<a name="mdmember" id="mdmember">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Additional
hostname for the managed domain</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDMember
hostname</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+            Instead of listing all dns names on the same line, you may use
+            <code class="directive"><a href="#mdmember">MDMember</a></code>
to add such names
+            to a managed domain.
+            </p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">&lt;ManagedDomain example.org&gt;
+    MDMember www.example.org
+    MDMember mail.example.org
+&lt;/ManagedDomain example.org&gt;</pre>
+</div>
+            <p>
+                If you use it in the global context, outside a specific MD, you can only
+                specify one value, 'auto' or 'manual' as the default for all other MDs. See
+                <code class="directive"><a href="#manageddomainsection">&lt;ManagedDomain&gt;</a></code>
for a
+                description of these special values.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDPortMap" id="MDPortMap">MDPortMap</a>
<a name="mdportmap" id="mdportmap">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td
/></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDPortMap
map1 [ map2 ]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDPortMap
80:80 443:443</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                The ACME protocol provides two method to verify domain ownership: one that
uses
+                port 80 and one for port 443. If your server is not reachable by at least
one
+                of the two, ACME will not work for you.
+            </p><p>
+                <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
will look at your server configuration and try to figure
+                out which of those are available. Then it can select the proper ACME challenge
+                to create a certificate for your site.
+            </p><p>
+                However if you have some fancy port forwarding in place, your server may
be
+                reachable from the Internet on port 443, but the local port that httpd uses
is
+                another one. Your server might only listen on ports 5001 and 5002, but be
reached
+                on ports 443 and 80. How should <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
figure that one out?
+            </p><p>
+                With MDPortMap you can tell it which 'Internet port' corresponds to which
local
+                port.
+            </p>
+            <div class="example"><h3>Example</h3><pre class="prettyprint
lang-config">MDPortMap 80:- 443:5002</pre>
+</div>
+            <p>
+                This example says that the server is not reachable on port 80 from the outside,
but
+                local port 5002 is the one responding to https: requests.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDRenewWindow" id="MDRenewWindow">MDRenewWindow</a>
<a name="mdrenewwindow" id="mdrenewwindow">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td
/></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRenewWindow
duration</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRenewWindow
14d</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                Tells mod_md when to renew a certificate. The default means 14 days before
a
+                certificate actually expires. If you configure this too short, a CA might
+                not be reachable in time and your server will show an invalid certificate.
If
+                you do it too long, the CA might think you are a bother and block your requests.
+                Let's Encrypt has a certificate expiration of 90 days. So, if you configure
the
+                renew window to 89 days, <code class="module"><a href="../mod/mod_md.html">mod_md</a></code>
will renew the certificate
+                every day and Let's Encrypt will block you.
+            </p>
+        
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="directive-section"><h2><a name="MDStoreDir" id="MDStoreDir">MDStoreDir</a>
<a name="mdstoredir" id="mdstoredir">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td
/></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDStoreDir
path</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDStoreDir
md</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+</table>
+            <p>
+                Defines where on the local file system the Managed Domain data is stored.
This is
+                an absolute path or interpreted relative to the server root. The default
will create
+                a directory 'md' in your server root.
+            </p><p>
+                If you move this and have already data, be sure to move/copy the data first
to
+                the new location, reconfigure and then restart the server. If you reconfigure
+                and restart first, the server will try to get new certificates that it thinks
+                are missing.
+            </p>
+        
+</div>
+</div>
+<div class="bottomlang">
+<p><span>Available Languages: </span><a href="../en/mod/mod_md.html"
title="English">&nbsp;en&nbsp;</a></p>
+</div><div class="top"><a href="#page-header"><img src="../images/up.gif"
alt="top" /></a></div><div class="section"><h2><a id="comments_section"
name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br
/>This is not a Q&amp;A section. Comments placed here should be pointed towards suggestions
on improving the documentation or server, and may be removed again by our moderators if they
are either implemented or considered invalid/off-topic. Questions on how to manage the Apache
HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to
our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
+<script type="text/javascript"><!--//--><![CDATA[//><!--
+var comments_shortname = 'httpd';
+var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_md.html';
+(function(w, d) {
+    if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
+        d.write('<div id="comments_thread"><\/div>');
+        var s = d.createElement('script');
+        s.type = 'text/javascript';
+        s.async = true;
+        s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname
+ '&page=' + comments_identifier;
+        (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+    }
+    else {
+        d.write('<div id="comments_thread">Comments are disabled for this page at the
moment.<\/div>');
+    }
+})(window, document);
+//--><!]]></script></div><div id="footer">
+<p class="apache">Copyright 2017 The Apache Software Foundation.<br />Licensed
under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version
2.0</a>.</p>
+<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a>
| <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a>
| <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
+if (typeof(prettyPrint) !== 'undefined') {
+    prettyPrint();
+}
+//--><!]]></script>
+</body></html>
\ No newline at end of file



Mime
View raw message