search

jeansaad / chalet

🏩 A simple process manager for developers. Start apps from your browser and access them using local domains
MIT License
156 stars 19 forks source link

fix self signed certificate compatibility #18

Closed sonnyp closed 2 years ago

sonnyp commented 3 years ago

Fixes #17

Default keySize is 1024 which is not enough nowadays. Default algorithm is sha1 which is deprecated. https://security.googleblog.com/2014/09/gradually-sunsetting-sha-1.html

See https://github.com/jfromaniello/selfsigned/blob/c5ac42bdb5949bce47679221284331cab71a1e1e/README.md#options

sonnyp commented 3 years ago

Unfortunately https://github.com/jeansaad/chalet/issues/17 is silent to the user and because of the current design it's difficult to make it explicit.

Ideally chalet would self-heal in this case but that would introduce quite a lot of complexity.

Maybe I can add a note to the README.md or create an issue that you can pin ?

What do you think is best?

sonnyp commented 3 years ago

Self signed certificate work fine (as in browser will let me proceed) with these new settings:

Chromium 90 / Fedora 34 Screenshot from 2021-05-27 14-34-59

Firefox Developer Edition 89.0b15 / Fedora 34 Screenshot from 2021-05-27 14-34-36

jeansaad commented 2 years ago

@sonnyp, thanks for putting in the time for this. I actually steer clear of using the self-signed certificates in chalet, mostly cause they cause a headache with things like Safari.

My personal setup is Caddy + dnsmasq, with a delegation to chalet for configurable command line reverse proxy. Probably not the easiest setup, but I wonder if there is a place here where chalet can improve on.

I'm all for adding a note in the README.md for those that want to re-generate their certificates. It should be as simple as deleting the certs and it will get re-built.

jeansaad commented 2 years ago

Alternatively we can write an FAQ and link it in the README, cause this issue probably will happen when a self-signed certificate expires.

Edit: Created one here that u can link to https://github.com/jeansaad/chalet/wiki/Frequently-Asked-Questions#what-can-i-do-if-my-certificate-expires-or-i-have-a-certificate-problem

sonnyp commented 2 years ago

This PR solves a different problem than self signed certificates expiring.

jeansaad commented 2 years ago

Yes, fair enough; however, the solution to regenerate the certs is the same, no?

sonnyp commented 2 years ago

I understand now you were talking about letting users know how to "heal" the problem.

I've added an entry in the FAQ.

jeansaad commented 2 years ago

@sonnyp, this has been merged and released! Thanks for the contribution!