search

zadam / trilium

Build your personal knowledge base with Trilium Notes
GNU Affero General Public License v3.0
27.38k stars 1.92k forks source link

Is there a way to disbale cert checking #321

Open pcause opened 5 years ago

pcause commented 5 years ago

I have my server on a machine with a self-signed certificate. Is there a way to set a config option to disable checking for the certificate validity?

Also, I have NGINX on the server sitting in front of trilium so as not to expose it to the web directory. I also have basic auth set on the entire server. The browser works fine other than the warning about the self-signed certificate. I enter the URL as

https://name:password@server.com/trilium/

does the code handle this form of URL?

zadam commented 5 years ago

I assume this is about sync setup. Currently it's not possible to disable cert validity check. I don't want to sound rude, but is there a reason to not generate valid and trusted cert from Let's encrypt?

For the basic auth - Trilium doesn't handle this explicitly, but I suspect it should work transparently.

pcause commented 5 years ago

i don't open ports 80 or 443 and use a different port and let's encrypt needs these ports to validate. I tried following the MS stuff to import the cert and that didn't work. will generate a new one and see if I can get the desktop machine to treat it as a valid certificate

joelpet commented 5 years ago

@pcause: You may be interested in looking into DNS based ACME challenges: https://certbot.eff.org/docs/using.html#dns-plugins

pcause commented 5 years ago

that doesn't work for me since i use a free dynamic dns address and can't set anything in the dns records. i also don't open 443 or 80. but thanks.

pcause commented 5 years ago

I found this code, which could be used to solve my issue and might be useful to others:

app.on('certificate-error', (event, webContents, url, error, certificate, callback) => { if (/https:\/\/localhost/g.test(url)) { // Verification logic. event.preventDefault(); callback(true); } else { callback(false); } });

instead of localhost you could add a checkbox when we specify the sync server to ignore certificate arror and then check for the URL on the error to match the URL of the sync server. Remember that the URL specified in a sync server can have a port.

discernment commented 5 years ago

@pcause that code snippet looks valuable. How exactly can I use it? I tried typing something like it into the electron javascript console, and got "Uncaught TypeError: app.on is not a function". I'm not really familiar w/ front-end development. What am I missing? I just want to use my own cert.