summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Eissing <icing@apache.org>2022-06-06 14:20:09 +0000
committerStefan Eissing <icing@apache.org>2022-06-06 14:20:09 +0000
commit575058189b314a334be57a5220f743784908eed8 (patch)
tree2e40e4f256db504a544945e17a442cc80e7ed296
parent95eab63cfd01dced16c5b0761a05f99c53c175e4 (diff)
downloadhttpd-2.4.54-rc3-candidate.tar.gz
Post 2.4.54-rc3 tag updates2.4.54-rc3-candidate
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/tags/2.4.54-rc3-candidate@1901702 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--docs/manual/convenience.map2
-rw-r--r--docs/manual/mod/mod_authz_dbd.html.en2
-rw-r--r--docs/manual/mod/mod_md.html.en74
-rw-r--r--docs/manual/rewrite/flags.html.en3
-rw-r--r--include/ap_release.h2
5 files changed, 68 insertions, 15 deletions
diff --git a/docs/manual/convenience.map b/docs/manual/convenience.map
index 19befc854a..93d3f44f65 100644
--- a/docs/manual/convenience.map
+++ b/docs/manual/convenience.map
@@ -410,6 +410,8 @@ mdprivatekeys mod/mod_md.html#mdprivatekeys
mdrenewmode mod/mod_md.html#mdrenewmode
mdrenewwindow mod/mod_md.html#mdrenewwindow
mdrequirehttps mod/mod_md.html#mdrequirehttps
+mdretrydelay mod/mod_md.html#mdretrydelay
+mdretryfailover mod/mod_md.html#mdretryfailover
mdserverstatus mod/mod_md.html#mdserverstatus
mdstapleothers mod/mod_md.html#mdstapleothers
mdstapling mod/mod_md.html#mdstapling
diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en
index 22343407c3..ae69ba6c67 100644
--- a/docs/manual/mod/mod_authz_dbd.html.en
+++ b/docs/manual/mod/mod_authz_dbd.html.en
@@ -90,7 +90,7 @@
user to gain access.</p>
<pre class="prettyprint lang-config">Require dbd-group team
-AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"</pre>
+AuthzDBDQuery "SELECT user_group FROM authz WHERE user = %s"</pre>
diff --git a/docs/manual/mod/mod_md.html.en b/docs/manual/mod/mod_md.html.en
index d9a6a1f2b5..db55c31737 100644
--- a/docs/manual/mod/mod_md.html.en
+++ b/docs/manual/mod/mod_md.html.en
@@ -351,6 +351,8 @@
<li><img alt="" src="../images/down.gif" /> <a href="#mdrenewmode">MDRenewMode</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mdrenewwindow">MDRenewWindow</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mdrequirehttps">MDRequireHttps</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdretrydelay">MDRetryDelay</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#mdretryfailover">MDRetryFailover</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mdserverstatus">MDServerStatus</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mdstapleothers">MDStapleOthers</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#mdstapling">MDStapling</a></li>
@@ -446,27 +448,34 @@
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MDCertificateAuthority" id="MDCertificateAuthority">MDCertificateAuthority</a> <a name="mdcertificateauthority" id="mdcertificateauthority">Directive</a></h2>
<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL of the ACME Certificate Authority service.</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The URL(s) of the ACME Certificate Authority to use.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDCertificateAuthority <var>url</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDCertificateAuthority letsencrypt</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
</table>
<p>
- The URL where the CA offers its service.
+ The URL(s) where the CA offers its service.
+ Instead of the actual URL, you may use 'letsencrypt' or 'buypass'.
</p><p>
- Let's Encrypt offers, right now, four such URLs. Two for
- the own legacy version of the ACME protocol, commonly named ACMEv1.
- And two for the RFC 8555 version, named ACMEv2.
+ If you configure more than one URL, each one is tried in a round-robin
+ fashion after a number of failures. You can configure how quickly or
+ delayed that happens via the <code class="directive">MDRetryDelay</code> and
+ <code class="directive">MDRetryFailover</code> directives. The default setting
+ makes a failover after about half a day of trying.
</p><p>
- Each version has 2 endpoints, as their is a production endpoint and a
- "staging" endpoint for testing. The testing endpoint works the same, but will
- not give you certificates recognized by browsers. However, it also has
- very relaxed rate limits. This allows testing of the service repeatedly
- without you blocking yourself.
+ All other settings apply to each of these URLs. It is therefore
+ not possible to have two with different
+ <code class="directive">MDExternalAccountBinding</code>s, for example.
+ </p><p>
+ For testing, CAs commonly offer a second service URL.
+ The 'test' service does not give certificates valid in a browser,
+ but are more relaxed in regard to rate limits.
+ This allows for verfication of your own setup before switching
+ to the production service URL.
</p>
- <div class="example"><h3>LE Staging Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre>
+ <div class="example"><h3>LE Test Setup</h3><pre class="prettyprint lang-config">MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory</pre>
</div>
</div>
@@ -1192,6 +1201,47 @@ MDRenewWindow 10%</pre>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDRetryDelay" id="MDRetryDelay">MDRetryDelay</a> <a name="mdretrydelay" id="mdretrydelay">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryDelay <var>duration</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryDelay 5s</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr>
+</table>
+ <p>
+ The amount of time to wait after an error before trying
+ to renew a certificate again. This duration is doubled after
+ each consecutive error with a maximum of 24 hours.
+ </p>
+ <p>
+ It is kept separate for each certificate renewal. Meaning an error
+ on one MDomain does not delay the renewals of other domains.
+ </p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="MDRetryFailover" id="MDRetryFailover">MDRetryFailover</a> <a name="mdretryfailover" id="mdretryfailover">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td /></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>MDRetryFailover <var>number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>MDRetryFailover 13</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_md</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in version 2.4.54 and later</td></tr>
+</table>
+ <p>
+ The number of consecutive errors on renewing a certificate before
+ another CA is selected. This only applies to configurations that
+ have more than one <code class="directive">MDCertificateAuthority</code>
+ specified.
+ </p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="MDServerStatus" id="MDServerStatus">MDServerStatus</a> <a name="mdserverstatus" id="mdserverstatus">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Control if Managed Domain information is added to server-status.</td></tr>
diff --git a/docs/manual/rewrite/flags.html.en b/docs/manual/rewrite/flags.html.en
index 7cd4990755..686330c6ea 100644
--- a/docs/manual/rewrite/flags.html.en
+++ b/docs/manual/rewrite/flags.html.en
@@ -468,7 +468,8 @@ example.</p>
<h2><a name="flag_ne" id="flag_ne">NE|noescape</a></h2>
<p>By default, special characters, such as <code>&amp;</code> and
<code>?</code>, for example, will be converted to their hexcode
-equivalent. Using the [NE] flag prevents that from happening.
+equivalent for rules that result in external redirects.
+Using the [NE] flag prevents that from happening.
</p>
<pre class="prettyprint lang-config">RewriteRule "^/anchor/(.+)" "/bigpage.html#$1" [NE,R]</pre>
diff --git a/include/ap_release.h b/include/ap_release.h
index 91251781d7..0cb21ab21d 100644
--- a/include/ap_release.h
+++ b/include/ap_release.h
@@ -44,7 +44,7 @@
#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 4
#define AP_SERVER_PATCHLEVEL_NUMBER 54
-#define AP_SERVER_DEVBUILD_BOOLEAN 1
+#define AP_SERVER_DEVBUILD_BOOLEAN 0
/* Synchronize the above with docs/manual/style/version.ent */
View Lorry Controller Status