Fossil

Diff
Login

Diff

Annotate Patch Unified Diff

Differences From Artifact [857c82fac2]:

To Artifact [b78e0a9c5d]:

224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

If you attempt to connect to a server which requests a client
certificate, but don't provide one, fossil will show an error message
which explains what to do to authenticate with the server.


<h2 id="server">Fossil TLS Configuration: Server Side</h2>

Fossil's built-in HTTP server feature does not currently have a built-in
way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked
Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put
it behind some kind of HTTPS proxy. We have a number of documents
elsewhere in this repository that cover your options for [./server/
| serving Fossil repositories]. A few of the most useful of these are:

  *  <a id="stunnel"  href="./server/any/stunnel.md">Serving via stunnel</a>
  *  <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a>
  *  <a id="nginx"    href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a>


<h2 id="enforcing">Enforcing TLS Access</h2>








|
|
|
|
|
|








224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243

If you attempt to connect to a server which requests a client
certificate, but don't provide one, fossil will show an error message
which explains what to do to authenticate with the server.


<h2 id="server">Fossil TLS Configuration: Server Side</h2>

Fossil's built-in HTTP server feature did not add [./ssl-server.md|support HTTP over TLS]
(a.k.a. HTTPS) until version 2.18 (2022).  Prior to that, system administrators
that wanted to add HTTPS support to a Fossil server had to put Fossil
behind a web-server or reverse-proxy that would do the HTTPS to HTTP
translation.  [./server/ | Instructions for doing so] are found elsewhere
in this documentation.  A few of the most useful of these are:

  *  <a id="stunnel"  href="./server/any/stunnel.md">Serving via stunnel</a>
  *  <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a>
  *  <a id="nginx"    href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a>


<h2 id="enforcing">Enforcing TLS Access</h2>