GLOBALEAKS
-
|
Can I disable automatic redirection from HTTP to HTTPS? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Thank you for your question @mvldebian Unfortunately no. This is an intentional design choice based on our security model. We aim to ensure that all communications are always protected end-to-end between the user and the Globaleaks server. Allowing HTTP configurations - even as an option - would significantly increase the risk of insecure or misconfigured deployments, especially in sensitive whistleblowing environments. |
Beta Was this translation helpful? Give feedback.
-
|
Primarily a matter of cost. Servers, additional IPs, and other necessary infrastructure are charged in dollars, and living in Brazil makes the cost quite high as our currency is 5 to 1 compared to the dollar. Using a proxy allows me to share multiple systems on the same IP. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for clarifying @mvldebian ; of course what you say makes sense. What prevents you to keep the proxy terminating HTTPS but then internally connect the proxy to globaleaks still using HTTPS? In this case for example the proxy can listen on 8.8.8.8 and globaleaks .on 10.0.0.1:443 and all all will work with you like a charm just using the self signed certificate that globaleaks generates at installation time. |
Beta Was this translation helpful? Give feedback.
Thank you for your question @mvldebian
Unfortunately no.
This is an intentional design choice based on our security model. We aim to ensure that all communications are always protected end-to-end between the user and the Globaleaks server.
Allowing HTTP configurations - even as an option - would significantly increase the risk of insecure or misconfigured deployments, especially in sensitive whistleblowing environments.