Comment on Let's encrypt?
IAm_A_Complete_Idiot@sh.itjust.works 1 year agoKanidm wants to directly have access to the letsencrypt cert. It refuses to even serve over HTTP, or put any traffic over it since that could allow potentially bad configurations. It has a really stringent policy surrounding how opinionated it is about security.
lemmyvore@feddit.nl 1 year ago
Do they know about reverse proxies?
IAm_A_Complete_Idiot@sh.itjust.works 1 year ago
Yeah. There’s reasoning for why they do it on their docs, but the reasoning iirc is kanidm is a security critical resource, and it aims to not even allow any kind of insecure configuration. Even on the local network.