Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190326145935.GX23599@brightrain.aerifal.cx>
Date: Tue, 26 Mar 2019 10:59:35 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for
 musl-libc

On Tue, Mar 26, 2019 at 11:19:27AM +0100, Jens Gustedt wrote:
> Hello,
> 
> On Mon, 25 Mar 2019 22:59:37 -0400 Rich Felker <dalias@...c.org> wrote:
> 
> > > Nginx is bloat free I think. But perhaps not in comparison to
> > > thttpd. I will look how to support cgit http/s with thttpd using a
> > > hook.
> > > 
> > > At skarnet.org, the author is using busybox httpd with cgi support
> > > and cgit cgi hooks to give http/s git access.  
> > 
> > OK, that sounds promising. If it can be done with cgi, it should be
> > easy to setup, assuming the git client is forgiving of thttpd's
> > slightly non-conforming cgi behavior regarding headers.
> 
> One thing you'd have to have in mind is to chose a server for which it
> is possible to update the certificate automatically. For some time I
> used mini_httpd, which is really minimal footprint, but I had to
> update the letsencrypt certificate every three month manually.
> 
> Now I switched to nginx and here automatic update of the certificate
> works like a charm.

Nothing special is needed for this; any httpd that serves from the
filesystem works fine. I already have LE on *.musl-libc.org and other
domains, using acme-tiny from cron:
https://github.com/diafygi/acme-tiny/

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.