Hi,
Thanks so much for this patch! I'll review it soon.
Could you re-send it using `git send-mail' or whatever you used when you sent
the gitignore patch? That was recognized by SourceHut:
https://lists.sr.ht/~ancarda/tls-redirector/patches/16073
But this email wasn't for some reason.
Kindest Regards,
Mark
December 21, 2020 3:45 PM, me@somini.xyz wrote:
> - Default to using systemd socket activation> - Improve security for service> - Automatically create the folder for ACME usage> > This is implemented here:> https://aur.archlinux.org/packages/tls-redirector
Regarding the AUR package, I'm really glad to see it's been published!
Is it possible you can change the license to AGPLv3? I can sign up to
AUR if it's possible for me to make changes there.
> ---> > This is the correct format, I think.> > systemd/tls-redirector.service | 18 ++++++++++++------> systemd/tls-redirector.socket | 2 +-> systemd/tls-redirector.tmpfiles.conf | 4 ++++> 3 files changed, 17 insertions(+), 7 deletions(-)> create mode 100644 systemd/tls-redirector.tmpfiles.conf> > diff --git a/systemd/tls-redirector.service b/systemd/tls-redirector.service> index 34f09f1..29a037c 100644> --- a/systemd/tls-redirector.service> +++ b/systemd/tls-redirector.service> @@ -1,10 +1,16 @@> [Unit]> -Description=TLS Redirector (http to https)> -After=tls-redirector.socket> +Description=TLS Redirector> > [Service]> -#Environment=ACME_CHALLENGE_DIR=/tmp> -Type=simple> ExecStart=/usr/bin/tls-redirector> -Restart=on-failure> -User=nobody> +# Use SystemD activation> +Environment=PORT=systemd> +Environment=ACME_CHALLENGE_DIR=%C/acme-challenge/.well-known/acme-challenge> +# Security> +DynamicUser=yes> +ProtectHome=tmpfs> +PrivateDevices=yes> +ProtectHostname=yes> +## No need to be able to bind to sockets> +CapabilityBoundingSet=> +RestrictNamespaces=> diff --git a/systemd/tls-redirector.socket b/systemd/tls-redirector.socket> index ffc8c67..0c4d70c 100644> --- a/systemd/tls-redirector.socket> +++ b/systemd/tls-redirector.socket> @@ -1,5 +1,5 @@> [Unit]> -Description=TLS Redirector Port 80 (socket)> +Description=TLS Redirector Socket> After=network.target> > [Socket]> diff --git a/systemd/tls-redirector.tmpfiles.conf b/systemd/tls-redirector.tmpfiles.conf> new file mode 100644> index 0000000..af19de3> --- /dev/null> +++ b/systemd/tls-redirector.tmpfiles.conf> @@ -0,0 +1,4 @@> +#Type Path Mode User Group Age Argument> +d %C/acme-challenge 0755 - - - -> +d %C/acme-challenge/.well-known 0755 - - - -> +d %C/acme-challenge/.well-known/acme-challenge 0755 - - - -> -- 2.29.2
On 2020-12-21 16:47, Mark Dain wrote:
> Regarding the AUR package, I'm really glad to see it's been published!> Is it possible you can change the license to AGPLv3? I can sign up to> AUR if it's possible for me to make changes there.
That was an oversight on my part, will change this.