Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: TLS certificate configuration 

Fixes #891

Change-Id: I90a7d7c6df90d0296856caed57a1c7cada2c1d74
This commit is contained in:
mpl 2016-12-13 16:24:02 +01:00
parent 947266f042
commit a746c8df31
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/server-config.md
View File

@ -28,12 +28,19 @@ This page documents the simple configuration mode.
your Camlistore server. Useful for when running behind a reverse proxy. your Camlistore server. Useful for when running behind a reverse proxy.
Should not end in a slash. e.g. `https://yourserver.example.com` Should not end in a slash. e.g. `https://yourserver.example.com`
* `https`: if "true", HTTPS is used * `https`: if "true", HTTPS is used.
* `httpsCert`: path to the HTTPS certificate file. This is the public file. * `httpsCert`: path to the HTTPS certificate file. This is the public file.
It should include the concatenation of any required intermediate certs as It should include the concatenation of any required intermediate certs as
well. well.
* `httpsKey`: path to the HTTPS private key file. * `httpsKey`: path to the HTTPS private key file.
* If an explicit certificate and key are not provided, a certificate from
[Let's Encrypt](https://letsencrypt.org) is requested automatically if the
following conditions apply:
* A fully qualified domain name is specified in either `baseURL` or `listen`.
* Camlistore listens on port `443` in order to answer the TLS-SNI challenge
from Let's Encrypt.
* As a fallback, if no FQDN is found, a self-signed certificate is generated.
* `identity`: your GPG fingerprint. A keypair is created for new users on * `identity`: your GPG fingerprint. A keypair is created for new users on
start, but this may be changed if you know what you're doing. start, but this may be changed if you know what you're doing.