commit 45d17ffa0afd0aaf98051c8a3e6876365fdb99cc Author: David Fifield david@bamsoftware.com Date: Tue Mar 6 19:18:39 2018 -0800

Regen man pages. --- doc/meek-server.1 | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/doc/meek-server.1 b/doc/meek-server.1 index 09d198c..2552dce 100644 --- a/doc/meek-server.1 +++ b/doc/meek-server.1 @@ -2,12 +2,12 @@ ." Title: meek-server ." Author: [FIXME: author] [see http://docbook.sf.net/el/author] ." Generator: DocBook XSL Stylesheets v1.79.1 http://docbook.sf.net/ -." Date: 04/22/2017 +." Date: 03/06/2018 ." Manual: \ & ." Source: \ & ." Language: English ." -.TH "MEEK-SERVER" "1" "04/22/2017" "\ &" "\ &" +.TH "MEEK-SERVER" "1" "03/06/2018" "\ &" "\ &" ." ----------------------------------------------------------------- ." * Define some portability stuff ." ----------------------------------------------------------------- @@ -50,7 +50,7 @@ You will need to configure TLS certificates&. There are two ways to set up cert (with optional \fB--acme-email\fR=\fIEMAIL\fR) will automatically get certificates for \fIHOSTNAME\fR -using Let(cqs Encrypt&. This only works when meek-server is running on port 443&. +using Let(cqs Encrypt&. When you use this option, meek-server will need to be able to listen on port 80&. .RE .sp .RS 4 @@ -95,7 +95,7 @@ ServerTransportPlugin meek exec &./meek-server 8443 --cert cert&.pem --ke .RE .} .sp -To listen on port 443 without needed to run as root, on Linux, you can use the setcap program, part of libcap2: +To listen on ports 80 and 443 without needed to run as root, on Linux, you can use the setcap program, part of libcap2: .sp .if n {\ .RS 4 @@ -116,21 +116,22 @@ Optional email address to register for Let(cqs Encrypt notifications when using .PP \fB--acme-hostnames\fR=\fIHOSTNAME\fR[,\fIHOSTNAME\fR]&... .RS 4 -Comma-separated list of hostnames to honor when getting automatic certificates from Let(cqs Encrypt&. meek-server has to be running on port 443 in order for the -\fB--acme-hostnames\fR -option to work&. The certificates will be cached in the pt_state/meek-certificate-cache directory inside tor state directory&. +Comma-separated list of hostnames to honor when getting automatic certificates from Let(cqs Encrypt&. meek-server will open a special listener on port 80 in order to handle ACME messages; this listener is separate from the one specified by +ServerTransportListenAddr&. The certificates will be cached in the pt_state/meek-certificate-cache directory inside tor state directory&. .RE .PP \fB--cert\fR=\fIFILENAME\fR .RS 4 Name of a PEM-encoded TLS certificate file&. Required unless +\fB--acme-hostnames\fR +or \fB--disable-tls\fR is used&. .RE .sp \fB--disable-tls\fR: Use plain HTTP rather than HTTPS&. This option is only for testing purposes&. Don(cqt use it in production&. .sp -\fB--key\fR=\fIFILENAME\fR: Name of a PEM-encoded TLS private key file&. Required unless \fB--disable-tls\fR is used&. +\fB--key\fR=\fIFILENAME\fR: Name of a PEM-encoded TLS private key file&. Required unless \fB--acme-hostnames\fR or \fB--disable-tls\fR is used&. .PP \fB--log\fR=\fIFILENAME\fR .RS 4 @@ -139,7 +140,9 @@ Name of a file to write log messages to (default stderr)&. .PP \fB--port\fR=\fIPORT\fR .RS 4 -Port to listen on&. Overrides the TOR_PT_SERVER_BINDADDR environment variable set by tor&. In most cases you should set the +Port to listen on&. Overrides the +TOR_PT_SERVER_BINDADDR +environment variable set by tor&. In most cases you should set the \fBServerTransportListenAddr\fR option in torrc, rather than use the \fB--port\fR