Closed f4nff closed 6 years ago
I do not understand what your problem is.
To enable and configure HTTPS (that is, HTTP over TLS), just set the values for tls_cert_path
and tls_key_path
in the config.
@mrd0ll4r when you use tls_cert_path
and tls_key_path
on what port chihaya will listen?
Will it listen both on http(80 or another) and https(443 or another)?
@mrd0ll4r r when you use tls_cert_path and tls_key_path on what port chihaya will listen? Will it listen both on http(80 or another) and https(443 or another)?
please~
It should listen, TLS only, on the port you specified in addr
. However, I just tried it and it's broken.
We need to use ListenAndServeTLS
instead of ListenAndServe
.
Thanks for finding this one!
When is the time to fix it?
@mrd0ll4r Would it be complex to listen on both http and https ports? ... leaving the FW to deny or allow access to each of these ports?
I'll fix this today. Listening on both HTTP and HTTPS would only be possible if you used, say, nginx in front of chihaya and did it that way.
... leaving the FW to deny or allow access to each of these ports?
The middleware does not know whether the request came in through HTTP(S) or UDP (which is a good thing! That's what makes it so nice :) )
Tbh, I don't see a reason why any tracker should operate a plain HTTP frontend anymore. Getting certificates is really simple these days, and HTTPS doesn't eat your resources either. What's your use case for operating both HTTP and HTTPS at the same time?
@mrd0ll4r locally(tier3+2) I do not have any issues with plain http but when traffic flows from the outside world ie tier1 ISP's things start to get nasty and for some reason the plain text html page of mine get's all sort of "decorations" in the form of adds and JS content.
I see. I'd run chihaya on localhost on HTTP and reverse proxy through nginx - the outside world with HTTPS, your local stuff with HTTP. What do you think?
@mrd0ll4r if chihaya knows to recognize X-Forward-For or X-Real-IP then it's good enough for me.
How to configure https, only certificate settings, no port, open