open tls keys/certificate as root, pass fd's to the unprivileged child process

makes it easier to use tls keys/certs managed by other tools, with or without acme. the root process has access to open such files. the child process reads the key from the file descriptor, then closes the file. for issue #30 by inigoserna, thanks!
2025-07-12 12:24:38 +03:00 · 2023-05-31 14:09:53 +02:00
parent dd0cede4f9
commit 70d07c5459
6 changed files with 119 additions and 36 deletions
--- a/config/doc.go
+++ b/config/doc.go
@ -125,6 +125,8 @@ describe-static" and "mox config describe-domains":
 				# (optional)
 				ACME:

+				# Key and certificate files are opened by the privileged root process and passed
+				# to the unprivileged mox process, so no special permissions are required.
 				# (optional)
 				KeyCerts:
 					-