search

bluesky-social / pds

Bluesky PDS (Personal Data Server) container image, compose file, and documentation
Other
1.47k stars 134 forks source link

Drop port 80 requirement #137

Open sfescape opened 1 week ago

sfescape commented 1 week ago

I only expose port 443 for my website and likewise only want to expose port 443 for PDS. If browsers don't need port 80, can PDS also drop the port 80 requirement?

BrianCArnold commented 1 day ago

The requirement is only really there's for caddy to get the tls cert, afaik. If you do your certs through letsencrypt any other way, like through traefik, and use that to do your reverse proxy, you should be able to drop the port 80 entirely.

I did, anyway.

sfescape commented 23 hours ago

That's good to know, perhaps the issue can be resolved with documentation.

pfaffman commented 14 hours ago

I'm fairly certain that Let's Encrypt requires port 80 to get an initial certificate (with Caddy, traefik, or anything else), though I don't think port 80 is required for renewals.

If you're using DNS with let's encrypt then you don't need any ports open (as far as getting certs is concerned).