New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: Add support for SSL into the installation process and/or docs #88
Comments
Internal comms (to the DB, RabbitMQ, ...) should be encrypted using TLS as well. For public certs we should point folks to letsencrypt. Adding a security page to the docs that explains how to get up and running with letsencrypt should be easy :) I also see us adding more details concerning security to the preparing the server docs. |
Maybe https://certbot.eff.org could be intergrated an optional part of the setup process? |
@Robbt, I feel it's an absolute necessity in 2018 to be using SSL, considering mainstream browsers are soon going to be making a big deal out of inputting information into any website that isn't using it. Seconding @squiggleuk's suggestion of Let's Encrypt. It's worked well for RocketChat. |
Totally agree that this should be a priority. |
I set up LetsEncrypt on a LibreTime instance recently and it was relatively straightforward. I think we should do this as a default for SSL, and leave the configuration of custom SSL certs up to the system administrator if they'd like to go that route. I can look in to this soon. |
I agree. Do you want to document what you needed to do to set it up. We can probably integrate it into the installer as well for internet accessible domains. |
@geftactics Certbot is definitely the way to go. 👍 I can add a guide sometime this week. |
This was fixed by PR #1030 and can be closed |
This is another longer-term priority, but it would be a good best practice addition.
I'm not sure the best way to approach the actual SSL certs etc, but it makes sense for us as a project to make it easy enough for people to figure out how to do this without needing to learn how to configure Apache by trial and error.
The text was updated successfully, but these errors were encountered: