Allow http without auto redirect to https for reverse proxies

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is free, open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

https://www.globaleaks.org

Other

1.23k stars 270 forks source link

Allow http without auto redirect to https for reverse proxies #3773

Open dev-kalleno opened 11 months ago

dev-kalleno commented 11 months ago

Proposal

Please allow http per tickbox so we can hide the application behind a reverse proxy.

Motivation and context

Especially in Docker environments, this would be very helpful. At the current stage, I just can provide an onion link but I wanted to provide that form on our website.

evilaliv3 commented 2 weeks ago

Thank you @dev-kalleno

I'm sorry for the delay in the answer.

Are you still encountering problems and do you really think this is a necessity? We prefer that any connection is always encrypted even a reverse proxy is in place.

dev-kalleno commented 2 weeks ago

Thanks for your answer. Yes, this is still an issue for us and a necessity. At the current state we cant generate an Let's Encrypt certificate, because http is a no no. Add a huge warning that there is no encryption in place when not using https, but please let us choose. :)

evilaliv3 commented 2 weeks ago

@dev-kalleno : Would you please clarify why you can't generate let'encrpt?

We implement automatic redirect on every path, except the paths that are used by the let'sencrytpt protocol. Actually 99% of the setups of globaleaks use lets'encrypt successfully.