224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
|
-
-
-
-
-
-
+
+
+
+
+
+
|
If you attempt to connect to a server which requests a client
certificate, but don't provide one, fossil will show an error message
which explains what to do to authenticate with the server.
<h2 id="server">Fossil TLS Configuration: Server Side</h2>
Fossil's built-in HTTP server feature does not currently have a built-in
way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked
Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put
it behind some kind of HTTPS proxy. We have a number of documents
elsewhere in this repository that cover your options for [./server/
| serving Fossil repositories]. A few of the most useful of these are:
Fossil's built-in HTTP server feature did not add [./ssl-server.md|support HTTP over TLS]
(a.k.a. HTTPS) until version 2.18 (2022). Prior to that, system administrators
that wanted to add HTTPS support to a Fossil server had to put Fossil
behind a web-server or reverse-proxy that would do the HTTPS to HTTP
translation. [./server/ | Instructions for doing so] are found elsewhere
in this documentation. A few of the most useful of these are:
* <a id="stunnel" href="./server/any/stunnel.md">Serving via stunnel</a>
* <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a>
* <a id="nginx" href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a>
<h2 id="enforcing">Enforcing TLS Access</h2>
|