Closed NLZ closed 6 months ago
aptalca
commented
6 months ago They are set to whatever's appropriate for each app. Various apps only listen for https connections and they have self signed certs. The proxy confs we provide should work out of the box when it comes to the proto.
Roxedus
commented
6 months ago Most of these comes with a self signed cert. When we approve additions to this repo, this is one of the things we check. Personally i check the protocol against the upstream documentation before i merge.
NLZ
commented
6 months ago I see, my bad. Then it only seems to be the PrivateBin.
Do you remember which PrivateBin container you tested with?
I'm using the official image but it explicitly says to use a proxy for https:
The Nginx setup supports only HTTP, so make sure that you run a reverse proxy in front of this for HTTPS offloading and reducing the attack surface on your TLS stack.
Maybe they changed it since 2021
Is this a new feature request?
Wanted change
In some templates
upstream_protois set tohttps, eg: https://github.com/linuxserver/reverse-proxy-confs/blob/20c5dbdcff92442262ed8907385e477935ea9336/privatebin.subdomain.conf.sample#L42I would propose to set
upstream_prototohttpin all the templates. Only a few configs seems to have it:Reason for change
The https upstream_proto requires the website to already have a working https config, but the templates are made for same docker network proxying, so they almost never have a proper cert. And this unexpected default https can cause headaces to troubleshoot for newbies. If someone wants to proxy services with existing https they more likely to know what they are doing. Some configs might require https, but I don't know all of those services to make judgement. But for example privatebin is definitely not needing it.
Proposed code change
No response