Comment on Let's encrypt?
IAm_A_Complete_Idiot@sh.itjust.works 8 months agoKanidm wants to directly have access to the letsencrypt cert. It refuses to even serve over HTTP, or put any traffic over it since that could allow potentially bad configurations. It has a really stringent policy surrounding how opinionated it is about security.
lemmyvore@feddit.nl 8 months ago
Do they know about reverse proxies?
IAm_A_Complete_Idiot@sh.itjust.works 8 months ago
Yeah. There’s reasoning for why they do it on their docs, but the reasoning iirc is kanidm is a security critical resource, and it aims to not even allow any kind of insecure configuration. Even on the local network.