Forum

Hugo,
Arch Wiki can I believe be considered the howto reference, not only for Arch, but for many distros. This is without saying that Arch itself is getting a lot of traction this year, see the growing popularity of Manjaro, Antergos and ArchLinux on distrowatch.
The Arch Wiki link usually appears in the top 5 and often #2 or #3 reference with DuckDuckGo & Google when searching for "Linux Hiawatha" or "Hiawatha Linux". I am a Arch Wiki contributor and having for the first time a look at the page today I was thinking it may need some improvement.
I wanted to have your opinion before making too many changes so that you indicate from your creator view the main issues or needs for the page. I will trigger the discussion in the wiki talk of the Hiawatha page if others want to give their input.
I strongly believe a good Arch wiki page can be a vector for further adherence to Hiawatha in the linux community.

I don't know much about Arch Linux, so I can't comment on Arch Linux specific things. But I agree that the wiki page can use some attention. Hiawatha has very good Let's Encrypt support, but that's not mentioned on the wiki page. It also states that Hiawatha doesn't have on the fly GZip support. That is no longer true.

yes I noticed it as well and mentioned I intend to change the points you raise in the related discussion page.
I don't think there is much in the ArchWiki for Hiawatha that is Arch specific. What is useful for Arch users is that it gives the package names and ensures it has been tested on Arch. Also, it is a rolling distro and the howto can focus on the latest release with no need to support legacy versions. Thanks for your feedback.

Actually I never needed anything else than your very good howto to install Hiawatha on any system, no need to have the same thing written and maintained in different places as long as you keep updating your howto which I suppose you will. I will then focus on brief examples, Arch specific things and link to your howto in ArchWiki

If you can have a look again at the ArchWiki and give me some feedback.
For LetsEncrypt: One question I have from an Arch point of view is that a package is directly available from the official repo. We don't need to compile from source and I don't think we get the extra directory. Therefore, where should we get the script ? Is my link good or should we anyway download the source ?
thanks

The link is ok. The Let's Encrypt script is included in every Hiawatha release, but the latest version of that script will also be available via the link you mentioned. You could of course add the files in extra/letsencrypt to your package, to be installed in /usr/share, /var/lib/ or something like that.

This is a good idea I think, I have contacted the package maintainer Kyle Keene (packager of Hiawatha since 2014) to see if this could be done for the next release it would be nice.

the feature request for the Arch package has been accepted here https://bugs.archlinux.org/task/55869

Nice! Be aware that Hiawatha's script uses a configuration file and a private key file from the same directory. I think there are two options:

1) Include Hiawatha's Let's Encrypt script as a tarball in /usr/share or /var/lib and instruct users to unpack it somewhere (for example /root) and use it from there.
2) Allow root users to run it from /usr/share or /var/lib, but make sure the access rights of the private key file are correct.

My advice: go for option 1. I will think about improvements for the script, to make it easier to package.

well noted, thanks

will you also provide the letsencrypt-renewal.service and letsencrypt-renewal.timer for systemd automatic renewal?

I had no such plans. I'm not very familiar with systemd (yuck!). I And cronjob already does the job.

Because the systemd timer functionality exists, cron is often not installed by default anymore in new distros. You will say it is easy to install it, yes but it also makes sense to add one job to the existing system scheduling (sudo systemctl list-timers gives the list of active jobs) and have all your jobs regrouped in one place.
I am personally quite neutral, I will just indicate the (very simple) steps to automate the renewal with a systemd timer in the ArchWiki and we can direct people there if there are questions.

done, I have updated the Arch Wiki https://wiki.archlinux.org/index.php/Hiawatha#Let.27s_Encrypt

Great, thanks!!

Comments from the packager "The entire thing is written in PHP? I'm a little surprised, usually Leisink takes security seriously :-)"
Just kidding of course, security is in the implementation rather than in the language. I will test the new package at the end of the week and revert. systemd units were added as well it seems.

I hope he's indeed just kidding, otherwise he has something to learn about software security. Good to hear the packaging is going well!

I confirm the tarball is now included in /usr/share/hiawatha and the systemd timer unit has been added as well inside the tarball.
This following your option 1) above and your advice.
If you can think of a better integration of the letsencrypt script for the future this would be welcome.

I have updated the wiki to tell about the new location /usr/share/hiawatha/letsencrypt.tar.gz for the tarball.
If root could run directly the script from let say /usr/share/ and still handle properly the private key it would be nice as well. Then, not a priority of course, this is cosmetic.

I will look at it for the next release.