-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SSL so hidden services work better! #385
Comments
A ***@***.***> writes:
I've run in to two issues with giving my amusewiki instance an onion
address.
First, the automatic renewal for SSL fails because it tries to
generate/renew a certificate for the .onion address. Will likely need
to filter out those addresses and it might be worth adding .i2p or
other hidden service extensions to the list in case people want to use
those.
Ok, this has been addressed in 18cc073 and should be OK (excluding
.onion, .i2p and .exit).
Second, I think actions that involve authentication (contributing
pages and logging in) only operate over HTTPS, and are thus
unreachable from hidden service because they do not need https. The
login button prepends "https" before the url `<form id="login-form"
method="post" action="https://example.onion/action/text/new">` and the
/login page will not load.
Well, this is fishy. Make sure to have all the 3 SSL configuration
options in the site configuration unchecked. A redirect to the https
version should happen only if the "Use SSL for authenticated users" is
on. Matter of fact, for developing locally amusewiki runs over http://
just fine.
…--
Marco
|
Thanks!
The trouble is, deselecting "Use SSL for authenticated users" disables SSL completely, and I don't want that. Ideally we would serve both http, and https,without any redirects. |
It's 2021 and the traffic is supposed to go via https, so always produce a confing with https, even if using the dummy self-signed certificate. This way we keep the semantic of the configuration option "Use SSL for authenticated users" without disabling https at all. Address #385
Release 2.531 should have addressed that. Please give it a try and close the issue if it's good. Thanks |
That works now, thanks a bunch @melmothx ! |
I've run in to two issues with giving my amusewiki instance an onion address.
First, the automatic renewal for SSL fails because it tries to generate/renew a certificate for the .onion address. Will likely need to filter out those addresses and it might be worth adding .i2p or other hidden service extensions to the list in case people want to use those.
Second, I think actions that involve authentication (contributing pages and logging in) only operate over HTTPS, and are thus unreachable from hidden service because they do not need https. The login button prepends "https" before the url
<form id="login-form" method="post" action="https://example.onion/action/text/new">
and the /login page will not load.The text was updated successfully, but these errors were encountered: