Libretime: Problem: Add support for SSL into the installation process and/or docs

Created on 15 Mar 2017  路  9Comments  路  Source: LibreTime/libretime

This is another longer-term priority, but it would be a good best practice addition.
I'm not sure the best way to approach the actual SSL certs etc, but it makes sense for us as a project to make it easy enough for people to figure out how to do this without needing to learn how to configure Apache by trial and error.

3.0-release-blocker TLS documentation installer security

Most helpful comment

Totally agree that this should be a priority.

All 9 comments

Internal comms (to the DB, RabbitMQ, ...) should be encrypted using TLS as well. For public certs we should point folks to letsencrypt. Adding a security page to the docs that explains how to get up and running with letsencrypt should be easy :) I also see us adding more details concerning security to the preparing the server docs.

Maybe https://certbot.eff.org could be intergrated an optional part of the setup process?

@Robbt, I feel it's an absolute necessity in 2018 to be using SSL, considering mainstream browsers are soon going to be making a big deal out of inputting information into any website that isn't using it.

Seconding @squiggleuk's suggestion of Let's Encrypt. It's worked well for RocketChat.

Totally agree that this should be a priority.

I set up LetsEncrypt on a LibreTime instance recently and it was relatively straightforward. I think we should do this as a default for SSL, and leave the configuration of custom SSL certs up to the system administrator if they'd like to go that route. I can look in to this soon.

I agree. Do you want to document what you needed to do to set it up. We can probably integrate it into the installer as well for internet accessible domains.

Thanks again @mepholic for taking this on! Can you assign yourself this task (or is that something @Robbt or another admin can do)?

@geftactics Certbot is definitely the way to go. 馃憤 I can add a guide sometime this week.

This was fixed by PR #1030 and can be closed

Was this page helpful?
0 / 5 - 0 ratings