Comments (3)
Hello, sorry for my delay.
I'm happy you found a solution to your problem.
As to answer your original question, I don't think it would be worth it to implement TLS certificate management directly into Alexandrie.
There is a lot of things that goes into building a secure TLS server (like correctly handling and verifying certificates, automatically renewing them, accepting or excluding many different cipher suites, supporting both TLS 1.2 and 1.3, ensuring properties like forward secrecy, implementing all sorts of vulnerability mitigations for well-known attacks, etc...).
ssllabs.com can be a good tool to see everything that goes into handling TLS correctly, and the list is quite long.
I know that rustls
could be used to make implementing something like this easier but I think that using it correctly to not risk leaving any vulnerability exposed can still be challenging.
So, I think it is for the best to leave this task to battle-tested reverse-proxies like nginx, caddy or traefik.
I'll therefore close this issue for this reason, feel free to tell me if I missed something in your question, or if the problem you were encountering with the redirect URL is persisting.
from alexandrie.
Since I could not find an integrated TLS option I now added a reverse proxy that handles the encryption.
In combination with GitLab OAUTH I now get the issue that the redirect url that is passed to gitlab is localhost instead of my domain. Alexandrie extracts it from the request URL:
So am I on the wrong track or is this somethingyou would accept a MR for?
We could for example also parse the X-Forwarded-Host headder and use that host instead if it is set.
from alexandrie.
Ok, I just realized that I simply had configured a wrong value for frontend.auth.origin
. So the redirect is fixed now.
from alexandrie.
Related Issues (20)
- Some potential data racing issues
- Self-modifying login form password field interferes with the Firefox remember password feature
- ERROR: insert or update on table "sessions" violates foreign key constraint "sessions_author_id_fkey" HOT 1
- After updating to Merge pull request #116 ,i can't publish new version of crates
- Question about database and build process
- Best method to remove/delete a crate HOT 1
- Enable git HTTPS authentication via username/password
- Cargo checksum verification fails HOT 14
- Running error!!![frontend] missing field `origin` HOT 4
- cargo owner --add error HOT 4
- Consider switching to tokio/axum/hyper stack HOT 9
- Add `WebIdentityProvider` to AWS credentials chain
- IO error: No such file or directory (os error 2) HOT 1
- feat: verdaccio equivalent
- Consider if migrating to `tower-sessions` is appropriate HOT 8
- Option to enable authentication for all cargo API routes HOT 2
- Hide login and register buttons if they are disabled HOT 1
- Adding Categories and Keywords pages to help browsing and discovering of new crates
- Github OAuth breaks on second OAuth attempt, after first prompt was denied by user.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alexandrie.