Browse Source

Clarification on the use of certificate chains (#12986)

* Clarification on the use of certificate chains

* As per @bagasme

Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Bagas Sanjaya <bagasdotme@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
pull/1052/head
PE1NUT 3 weeks ago
committed by GitHub
parent
commit
f2c29f2d25
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
  1. +1
    -1
      docs/content/doc/advanced/config-cheat-sheet.en-us.md
  2. +1
    -1
      docs/content/doc/usage/https-support.md

+ 1
- 1
docs/content/doc/advanced/config-cheat-sheet.en-us.md View File

@@ -212,7 +212,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.


+ 1
- 1
docs/content/doc/usage/https-support.md View File

@@ -32,7 +32,7 @@ HTTP_PORT = 3000
CERT_FILE = cert.pem
KEY_FILE = key.pem
```
Note that if your certificate is signed by a third party certificate authority (i.e. not self-signed), then cert.pem should contain the certificate chain. The server certificate must be the first entry in cert.pem, followed by the intermediaries in order (if any). The root certificate does not have to be included because the connecting client must already have it in order to estalbish the trust relationship.
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).

### Setting up HTTP redirection


Loading…
Cancel
Save