Hey everyone,
Just a quick question, let’s encrypt, what is it and how can I take advantage of its services?
For a bit of background I’m trying to setup KanIDM and the need for a ca certificate is needed, I was told to use let’s encrypt to create it.
Just looking for knowledge.
Thanks!
Use Caddy as a web server and forget about setting up certificates forever. This masterpiece will take care of it.
Kanidm wants to directly have access to the letsencrypt cert. It refuses to even serve over HTTP, or put any traffic over it since that could allow potentially bad configurations. It has a really stringent policy surrounding how opinionated it is about security.
Do they know about reverse proxies?
Yeah. There’s reasoning for why they do it on their docs, but the reasoning iirc is kanidm is a security critical resource, and it aims to not even allow any kind of insecure configuration. Even on the local network. All traffic to and from kanidm should be encrypted with TLS. I think they let you use self signed certs though?
Thanks for mentioning Caddy. 'Will consider that for my next project.
You’re welcome :) If you have any questions, feel free to contact me.
Love caddy. Took a little bit for me to understand but it’s an amazing tool. I barely use a fraction of its capabilities.
I had been using Nginx for years until I finally switched to Caddy a few months ago, I’m disappointed in myself that I didn’t check it out sooner lol. Caddy is to Nginx like what Nginx is to Apache.
I have like 15 reverse proxies setup and it takes the same amount of code that about 4 or 5 would take in Nginx.
Thanks for the feedback on Caddy. 'Will consider that for my next project.