Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 26 Mar 2019 10:59:35 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Supporting git access via smart HTTPS protocol for
 musl-libc

On Tue, Mar 26, 2019 at 11:19:27AM +0100, Jens Gustedt wrote:
> Hello,
> 
> On Mon, 25 Mar 2019 22:59:37 -0400 Rich Felker <dalias@...c.org> wrote:
> 
> > > Nginx is bloat free I think. But perhaps not in comparison to
> > > thttpd. I will look how to support cgit http/s with thttpd using a
> > > hook.
> > > 
> > > At skarnet.org, the author is using busybox httpd with cgi support
> > > and cgit cgi hooks to give http/s git access.  
> > 
> > OK, that sounds promising. If it can be done with cgi, it should be
> > easy to setup, assuming the git client is forgiving of thttpd's
> > slightly non-conforming cgi behavior regarding headers.
> 
> One thing you'd have to have in mind is to chose a server for which it
> is possible to update the certificate automatically. For some time I
> used mini_httpd, which is really minimal footprint, but I had to
> update the letsencrypt certificate every three month manually.
> 
> Now I switched to nginx and here automatic update of the certificate
> works like a charm.

Nothing special is needed for this; any httpd that serves from the
filesystem works fine. I already have LE on *.musl-libc.org and other
domains, using acme-tiny from cron:
https://github.com/diafygi/acme-tiny/

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.