Open knoxfighter opened 3 years ago
I saw issue #298 is to request to allow using ssl certs. Is there currently a way to use an ssl cert? or is this just for if/when that feature gets added this should be considered?
Put the manager behind nginx or any other reverse proxy. That will cause all traffic outside of your loopbacks to be encrypted. I have my in a docker-container that is only communicating with traefik, with traefik running as a docker-container as well. So it is a really simple setup for encryption :) I am not sure what happens with the websocket connection, when it is opened with an ssl connection and through a reverse-proxy that only allows ssl connections 🤔
In the old nginx proxy we used with Docker we had an extra route configured to proxy the /ws
traffic to the backend. So it would be TLS at least up to the nginx proxy before the websocket connection is upgraded. https://github.com/OpenFactorioServerManager/factorio-server-manager/blob/dea2c91b500a3c5fb38a839eb224cbf41b6ad9dd/docker/nginx.conf#L45
If the websockets connection is through the SSL reverse proxy I believe the connection is still encrypted but that might depend on configuration. It would be good to see how Traefik works with the websockets endpoint.
If we add TLS support into the application itself then we definitely should add WSS connections as well and eliminate the need for the reverse proxy.
Currently the websocket connection is always made with
ws://
. When using a ssl certificate, we should usewss://
to connect to the websocket.