From 72afafd14d7e8686b9dce450f1101e20ef9eb50a Mon Sep 17 00:00:00 2001 From: muibusan Date: Thu, 15 Aug 2019 13:27:49 +0200 Subject: [PATCH] Added clarification on file format and file name extensions regarding the ROCKET_TLS command line --- Enabling-HTTPS.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Enabling-HTTPS.md b/Enabling-HTTPS.md index 33c3303..f7ee290 100644 --- a/Enabling-HTTPS.md +++ b/Enabling-HTTPS.md @@ -5,8 +5,11 @@ The values to the option must follow the format: ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} ``` Where: -- certs: a path to a certificate chain in PEM format -- key: a path to a private key file in PEM format for the certificate in certs +* certs: a path to a certificate chain in PEM format +* key: a path to a private key file in PEM format for the certificate in certs + +Note: +* The file name _extensions_ used in the ROCKET_TLS line do not necessarily have to be PEM. Important is the underlying file _format_ which needs to be PEM, i.e. base64-coded. Since the PEM format is openssl's default you can therefore simply rename .cert, .cer, .crt and .key files to .pem and vice versa or - as an alternative - use different file extensions like .crt or .key in the ROCKET_TLS line. ```sh docker run -d --name bitwarden \ @@ -16,7 +19,10 @@ docker run -d --name bitwarden \ -p 443:80 \ bitwardenrs/server:latest ``` -Note that you need to mount ssl files and you need to forward appropriate port. + +You need to mount ssl files (-v argument) and you need to forward appropriate port (-p argument), usually 443 for HTTPS connections. If you choose a different port number than 443 like for example 3456, remember to explicitly provide that port number when you connect to the service, example: `https://bitwarden.local:3456`. + +For further information on how to set up and use a private CA on your local system refer to [this chapter of the wiki.](https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome) Due to what is likely a certificate validation bug in Android, you need to make sure that your certificate includes the full chain of trust. In the case of certbot, this means using `fullchain.pem` instead of `cert.pem`.