From df850ee980960abb79b09fb6139334439891f2ea Mon Sep 17 00:00:00 2001 From: Dominic Date: Wed, 19 Nov 2014 09:33:31 +0100 Subject: [PATCH 1/2] Reduce the matching of REWRITE_HTTPS_ARGS and add query string If the backreference of the match is not used, it's enough to match '^' instead of '^.*$'. It's slightly faster. ^ -> Match, if it starts ^.*$` -> Match, if everything matches In addition it might be useful to append the query string with the flag: QSA --- letsencrypt/client/CONFIG.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/client/CONFIG.py b/letsencrypt/client/CONFIG.py index 8c7c4b6d4..910e5c881 100644 --- a/letsencrypt/client/CONFIG.py +++ b/letsencrypt/client/CONFIG.py @@ -56,4 +56,4 @@ CHALLENGE_PREFERENCES = ["dvsni", "recoveryToken"] EXCLUSIVE_CHALLENGES = [set(["dvsni", "simpleHttps"])] # Rewrite rule arguments used for redirections to https vhost -REWRITE_HTTPS_ARGS = ["^.*$", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,R=permanent]"] +REWRITE_HTTPS_ARGS = ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"] From 92dbc4f4eb3560b735e8f7668ef4d3a3de8302e3 Mon Sep 17 00:00:00 2001 From: James Kasten Date: Fri, 31 Jul 2015 09:55:02 -0700 Subject: [PATCH 2/2] Finish merge of #17 --- .../letsencrypt_apache/constants.py | 2 +- letsencrypt/client/CONFIG.py | 59 ------------------- 2 files changed, 1 insertion(+), 60 deletions(-) delete mode 100644 letsencrypt/client/CONFIG.py diff --git a/letsencrypt-apache/letsencrypt_apache/constants.py b/letsencrypt-apache/letsencrypt_apache/constants.py index cb75276b2..7e7e127f5 100644 --- a/letsencrypt-apache/letsencrypt_apache/constants.py +++ b/letsencrypt-apache/letsencrypt_apache/constants.py @@ -20,5 +20,5 @@ MOD_SSL_CONF_SRC = pkg_resources.resource_filename( distribution.""" REWRITE_HTTPS_ARGS = [ - "^.*$", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,R=permanent]"] + "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"] """Apache rewrite rule arguments used for redirections to https vhost""" diff --git a/letsencrypt/client/CONFIG.py b/letsencrypt/client/CONFIG.py deleted file mode 100644 index 910e5c881..000000000 --- a/letsencrypt/client/CONFIG.py +++ /dev/null @@ -1,59 +0,0 @@ -# CA hostname -# If you create your own server... change this line -# Note: the server certificate must be trusted in order to avoid -# further modifications to the client -ACME_SERVER = "letsencrypt-demo.org" -# Apache server root directory -SERVER_ROOT = "/etc/apache2/" -# Configuration file directory for letsencrypt -CONFIG_DIR = "/etc/letsencrypt/" -# Working directory for letsencrypt -WORK_DIR = "/var/lib/letsencrypt/" -# Directory where configuration backups are stored -BACKUP_DIR = WORK_DIR + "backups/" -# Replaces MODIFIED_FILES, directory where temp checkpoint is created -TEMP_CHECKPOINT_DIR = WORK_DIR + "temp_checkpoint/" -# Directory used before a permanent checkpoint is finalized -IN_PROGRESS_DIR = BACKUP_DIR + "IN_PROGRESS/" -# Directory where all certificates/keys are stored - used for easy revocation -CERT_KEY_BACKUP = WORK_DIR + "keys-certs/" -# Where all keys should be stored -KEY_DIR = SERVER_ROOT + "ssl/" -# Certificate storage -CERT_DIR = SERVER_ROOT + "certs/" - -# Used by openssl to sign challenge certificate with letsencrypt extension -# No longer used -#CHOC_CERT_CONF = CONFIG_DIR + "choc_cert_extensions.cnf" -# Contains standard Apache SSL directives -OPTIONS_SSL_CONF = CONFIG_DIR + "options-ssl.conf" -# Let's Encrypt SSL vhost configuration extension -LE_VHOST_EXT = "-le-ssl.conf" -# Temporary file for challenge virtual hosts -APACHE_CHALLENGE_CONF = CONFIG_DIR + "le_dvsni_cert_challenge.conf" - -# Byte size of S and Nonce -S_SIZE = 32 -NONCE_SIZE = 16 - -# Key Sizes -RSA_KEY_SIZE = 2048 - -# bits of hashcash to generate -difficulty = 23 - -# Let's Encrypt cert and chain files -CERT_PATH = CERT_DIR + "cert-letsencrypt.pem" -CHAIN_PATH = CERT_DIR + "chain-letsencrypt.pem" - -#Invalid Extension -INVALID_EXT = ".acme.invalid" - -# Challenge Preferences Dict for currently supported challenges -CHALLENGE_PREFERENCES = ["dvsni", "recoveryToken"] - -# Mutually Exclusive Challenges - only solve 1 -EXCLUSIVE_CHALLENGES = [set(["dvsni", "simpleHttps"])] - -# Rewrite rule arguments used for redirections to https vhost -REWRITE_HTTPS_ARGS = ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"]