Clarification on the use of certificate chains (#12986)
* Clarification on the use of certificate chains * As per @bagasme Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>release/v1.15
parent
615e784150
commit
f2c29f2d25
|
@ -212,7 +212,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
|
||||||
- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
|
- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
|
||||||
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
|
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
|
||||||
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
|
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
|
||||||
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
|
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
|
||||||
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
|
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
|
||||||
- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
|
- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
|
||||||
- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.
|
- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.
|
||||||
|
|
|
@ -32,7 +32,7 @@ HTTP_PORT = 3000
|
||||||
CERT_FILE = cert.pem
|
CERT_FILE = cert.pem
|
||||||
KEY_FILE = key.pem
|
KEY_FILE = key.pem
|
||||||
```
|
```
|
||||||
|
Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.
|
||||||
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
|
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
|
||||||
|
|
||||||
### Setting up HTTP redirection
|
### Setting up HTTP redirection
|
||||||
|
|
Loading…
Reference in New Issue