Closed NLZ closed 6 months ago
They are set to whatever's appropriate for each app. Various apps only listen for https connections and they have self signed certs. The proxy confs we provide should work out of the box when it comes to the proto.
Most of these comes with a self signed cert. When we approve additions to this repo, this is one of the things we check. Personally i check the protocol against the upstream documentation before i merge.
I see, my bad. Then it only seems to be the PrivateBin.
Do you remember which PrivateBin container you tested with?
I'm using the official image but it explicitly says to use a proxy for https:
The Nginx setup supports only HTTP, so make sure that you run a reverse proxy in front of this for HTTPS offloading and reducing the attack surface on your TLS stack.
Maybe they changed it since 2021
Is this a new feature request?
Wanted change
In some templates
upstream_proto
is set tohttps
, eg: https://github.com/linuxserver/reverse-proxy-confs/blob/20c5dbdcff92442262ed8907385e477935ea9336/privatebin.subdomain.conf.sample#L42I would propose to set
upstream_proto
tohttp
in all the templates. Only a few configs seems to have it:Reason for change
The https upstream_proto requires the website to already have a working https config, but the templates are made for same docker network proxying, so they almost never have a proper cert. And this unexpected default https can cause headaces to troubleshoot for newbies. If someone wants to proxy services with existing https they more likely to know what they are doing. Some configs might require https, but I don't know all of those services to make judgement. But for example privatebin is definitely not needing it.
Proposed code change
No response