mwild1
commented
3 months ago Hi, thanks for the contribution!
Although I know a few people have their Snikket set up this way, we generally don't recommend this approach.
One big reason is that there is a "chicken and egg" problem - the reverse proxy requires certificates to run, but Snikket won't be able to obtain certificates if the reverse proxy isn't running. It worked for you because you were using a certificate in the reverse proxy (an incorrect one, but that didn't matter).
On a clean installation, it would require the following steps:
- Install (but don't run) Snikket
- Configure the reverse proxy to only proxy HTTP requests (keep HTTPS disabled)
- Run Snikket, which will obtain certificates
- Configure the reverse proxy for HTTPS with Snikket's certificates
As you can see, it's not impossible, but a bit annoying. We have many people who using Snikket who are barely familiar with nginx configuration and self-hosting, and they can get lost at every step.
On the other hand, most people who are using a web server/proxy already have some kind of mechanism for obtaining certificates for their domains. They are likely already familiar with it, so we recommend they stick with whatever process they are familiar with, as that will likely be the easiest setup for them and we're here to make the setup as smooth as possible.
I hate declining contributions, but I hope this explanation clarifies why I won't merge this change. I hope it doesn't deter you from any future contributions you would be inclined to make! Thanks again :heart:
use the certs generated by snikket
It took me a while figure why I can't share files in the chat and it was due my cert doesn't include share nor groups
with this "hack" we can use the certs generated by the included certbot directly in nginx