gnu-social/docs/administrator/src/install/tls.md

34 lines
1.5 KiB
Markdown
Raw Normal View History

## Configuring TLS/SSL
You should configure a valid certificate and use TLS/SSL in most cases,
one exception being wanting to use the Tor network.
The `bin/configure` script is capable of setting this up for you if you use a
Docker container. Otherwise, using [certbot](https://certbot.eff.org/) and
[Let's Encrypt](https://letsencrypt.org/) is recommended
There are multiple approaches to achieve this, among which are using
your own (non-self) signed certificate, or using a proxy service
capable of either proxying an HTTP connection to HTTPS (not
recommended) or an HTTPS connection to HTTPS. For this approach,
follow the instructions of your proxy service provider, but generally
you'll use a self signed certificate, which the configuration script
can generate.
TODO Mail server configuration (links below)
GNU social can be configured to send emails for various reasons. See
[mail server configuration](). You'll need a certificate for your web
domain and your mail domain, which may or may not be the same (if you
use the same hostname for both, or a certificate valid for both).
TODO improve external certificate handling
If you prefer to not use Let's Encrypt, or the docker container, pick
`mixed` and uncheck the `certbot` service or pick `external`.
Place your certificate in the folder
`docker/certbot/.files/live/$HOSTNAME/`, where `$HOSTNAME` is the name
where you want to host your node, such as `social.yourdomain`.
Remember you also need a certificate for your mail server.