ManagementUI over TLS - Githubissues

NHAS / wag

Simple Wireguard 2FA

BSD 3-Clause "New" or "Revised" License

499 stars 27 forks source link

ManagementUI over TLS #30

Closed paulb-smartit closed 1 year ago

paulb-smartit commented 1 year ago

Even with Certpath and KeyPath management UI runs without TLS.

    "ManagementUI": {
        "ListenAddress": "10.0.0.78:8443",
        "Enabled": true,
        "CertPath": "/etc/letsencrypt/live/domain.tld/fullchain.pem",
        "KeyPath": "/etc/letsencrypt/live/domain.tld/privkey.pem"
    },

Evidence

$ curl https://10.0.0.78:8443
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

$ curl http://10.0.0.78:8443 
<a href="/login">Temporary Redirect</a>.

PS. Nice job on the web gui :+1:

NHAS commented 1 year ago

Ah yes. I did just totally overlook this because in my mind the web UI should only ever be accessed via SSH port forward or something similar. As it doesnt support MFA (yes, I know, its mainly pulling the code up to here is more difficult and couples things in a gross way currently).

I will however add this because it makes sense.

NHAS commented 1 year ago

This is now on the unstable branch :)