-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Feature: Support for HTTPS (TLS/SSL) #916
Comments
one of the possible workaround - is to wrap wekan with apache and do smoething like that:
where 8085 - is your local wekan's port Don't know where ... but somewhere I saw such installation .. |
I don't have root access to that server. |
@NoodleBB, did you set up HTTPS in webserver config correctly? If you trying to start "stock" wekan in HTTPS mode (doesn't matter docker instance or compiled from source), it will not work, because wekan needs webserver proxying it with SSL. Offtop: IMHO, SSL is not the function Wekan itself must provide. It's an app. Commutity must be concentrated on functions and stability of the primary service. |
Here is my .htaccess.
When i access a sample page on that host, it redirects me to the secured page. This works fine. But when i add the last line to redirect to Wekan it fails. Respond to OT:
P.S.: There exist a Meteor package for that. force-ssl |
Does Meteor / Node.js have support for virtual hosts, redirects, let's encrypt etc? URL? |
That force-ssl seems to just redirect |
Yes. Im not an Node.js (or Meteor) expert. But Node supports TLS and HTTPS. How-Tos:
This could be possibly helpful. |
Does somebody use only Node.js in production? In all articles I found with Google search, Nginx/Caddy/some other webserver is used for load balancing and delivering static content in front of Node.js. |
@xet7, i tried to tell this. Wekan is a backend application. User can have multiple wekan instances and a load balancer proxying them. It's a classic practice. The best example for me is a Ghost Blogging Platform. It can be run standalone, but developpers assume that it is always behind Nginx/Apache/whatever. I use Caddy to provide Wekan HTTPS access, and i have almost no problems. @NoodleBB doesn't have root access to server, that's his main problem. With all possible respect, it's not Wekan functionality problem. |
@iAdanos |
It's important which Control Panel your hoster/ISP use, if it's Plesk or CPanel you have not much problems depending on the restrictions. I use Wekan on my own little root server with Deb 8, Plesk 17, a nginx proxy and Lets Encrypt SSL Certificate 😄 and it runs perfectly. |
I don't use a control panel. I use SSH and GeoTrust certificates. But i'm sure the most users do use Plesk & Lets Encrypt. |
@NoodleBB Which kind of access you have on your server trough SSH, do you can modify stuff in /etc, /var & /opt or install new packages? |
Nope. Just read. |
Ok thats a bit hard. You need to check which modules are available in the apache2 instance. If there are proxy modules avaible you can setup a reserve proxy like @davydov-vyacheslav's workaround. These lines can be added into a .htaccess file too.
|
@REJack |
@xet7 |
I prefer using reverse proxy with nginx instead of exposing the nodejs socket to internet so https goes on nginx. Better practice |
I all, I tried to configure Apache for SSL connection. I have SSL connections until I opened a card. Indeed, the URL switch to the URL which are configured on the URL_ROOT line. Do you know why? Regards |
Try to set the protocol of the URL_ROOT to https:// |
Hi, It's work! Thanks :) |
why not? I'm using official docker image behind nginx reverse proxy with
let's encrypt certificates.
2017 eka. 13 15:35 erabiltzaileak hau idatzi du ("bitsandnumbers" <
[email protected]>):
… @Zokormazo <https://github.com/zokormazo> and what if you use docker ?
the dockerfile wekan team provide does not include a web server (nginx,
apache) other than node.js, so reverse-proxy with https won't work : no way
to set ssl keys (setting them in nginx proxy host is not enough it seems).
Or am I missing something ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#916 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABYVoAbi-bjCorv05fDZygFGBxsJhWxpks5sDpACgaJpZM4MfKQN>
.
|
@Zokormazo Yeah, sorry I deleted my comment after realizing that it could work. I actually found my solution. |
Hey all, we are using Wekan with Stunnel4 to support encrypted connections over SSL and want to activate HSTS. Would it possible to integrate this in a future release? As far I can see it's already supported by Node: |
Does that http-proxy include support for SSL ? Otherwise, if it requires separate install of stunnel, it's the same as using Nginx/Caddy etc in front of Wekan. |
Hi @xet7 Yes, the proxy supports SSL/TLS. |
Is stunnel included inside http-proxy npm package? So there is no need for stunnel setup separately? |
@xet7 I don't know if this is the case. |
@NoodleBB As you are the main author of https://github.com/wekan/wekan/wiki/Install-latest-Wekan-release-on-Uberspace, I guess this issue is related to that platform. Have you in the meantime been able to server Wekan on uberspace with https? |
is there news about this feature? |
Securing the http port with TLS is important. |
Having Nginx/Apache/Caddy/Stunnel/Traefik to provide SSL in front of Wekan is already possible. This issue is only about having SSL in Wekan's node.js server itself. |
little more help? :) |
When setting the
ROOT_URL
tohttps
, restarting Wekan and try to access wekan via browser and the https-URL i just get:Tested with Wekan v.0.13, v.0.12, v.0.10.1 Manual installation on CentOS
The text was updated successfully, but these errors were encountered: