Fossil SCM
Cross-link the ssl-server.md and ssl.wiki documents. Both of them still need improvements. Some Pikchr diagrams would be a great addition.
Commit
939753d046ced49cce93d55cb380e1fdd8bdd2cd0a96cc61d74b96e2598d360b
Parent
168eb71643a4754…
2 files changed
+2
-1
+6
-6
+2
-1
| --- www/ssl-server.md | ||
| +++ www/ssl-server.md | ||
| @@ -1,17 +1,18 @@ | ||
| 1 | 1 | # SSL/TLS Server Mode |
| 2 | 2 | |
| 3 | 3 | ## History |
| 4 | 4 | |
| 5 | -Fossil has supported client-side SSL/TLS since [2010][1]. This means | |
| 5 | +Fossil has supported [client-side SSL/TLS][0] since [2010][1]. This means | |
| 6 | 6 | that commands like "[fossil sync](/help?cmd=sync)" could use SSL/TLS when |
| 7 | 7 | contacting a server. But on the server side, commands like |
| 8 | 8 | "[fossil server](/help?cmd=server)" operated in clear-text only. To implement |
| 9 | 9 | an encrypted server, you had to put Fossil behind a web server or reverse |
| 10 | 10 | proxy that handled the SSL/TLS decryption/encryption and passed cleartext |
| 11 | 11 | down to Fossil. |
| 12 | 12 | |
| 13 | +[0]: ./ssl.wiki | |
| 13 | 14 | [1]: /timeline?c=b05cb4a0e15d0712&y=ci&n=13 |
| 14 | 15 | |
| 15 | 16 | Beginning in [late December 2021](/timeline?c=f6263bb64195b07f&y=a&n=13), |
| 16 | 17 | this has been fixed. Commands like |
| 17 | 18 | |
| 18 | 19 |
| --- www/ssl-server.md | |
| +++ www/ssl-server.md | |
| @@ -1,17 +1,18 @@ | |
| 1 | # SSL/TLS Server Mode |
| 2 | |
| 3 | ## History |
| 4 | |
| 5 | Fossil has supported client-side SSL/TLS since [2010][1]. This means |
| 6 | that commands like "[fossil sync](/help?cmd=sync)" could use SSL/TLS when |
| 7 | contacting a server. But on the server side, commands like |
| 8 | "[fossil server](/help?cmd=server)" operated in clear-text only. To implement |
| 9 | an encrypted server, you had to put Fossil behind a web server or reverse |
| 10 | proxy that handled the SSL/TLS decryption/encryption and passed cleartext |
| 11 | down to Fossil. |
| 12 | |
| 13 | [1]: /timeline?c=b05cb4a0e15d0712&y=ci&n=13 |
| 14 | |
| 15 | Beginning in [late December 2021](/timeline?c=f6263bb64195b07f&y=a&n=13), |
| 16 | this has been fixed. Commands like |
| 17 | |
| 18 |
| --- www/ssl-server.md | |
| +++ www/ssl-server.md | |
| @@ -1,17 +1,18 @@ | |
| 1 | # SSL/TLS Server Mode |
| 2 | |
| 3 | ## History |
| 4 | |
| 5 | Fossil has supported [client-side SSL/TLS][0] since [2010][1]. This means |
| 6 | that commands like "[fossil sync](/help?cmd=sync)" could use SSL/TLS when |
| 7 | contacting a server. But on the server side, commands like |
| 8 | "[fossil server](/help?cmd=server)" operated in clear-text only. To implement |
| 9 | an encrypted server, you had to put Fossil behind a web server or reverse |
| 10 | proxy that handled the SSL/TLS decryption/encryption and passed cleartext |
| 11 | down to Fossil. |
| 12 | |
| 13 | [0]: ./ssl.wiki |
| 14 | [1]: /timeline?c=b05cb4a0e15d0712&y=ci&n=13 |
| 15 | |
| 16 | Beginning in [late December 2021](/timeline?c=f6263bb64195b07f&y=a&n=13), |
| 17 | this has been fixed. Commands like |
| 18 | |
| 19 |
+6
-6
| --- www/ssl.wiki | ||
| +++ www/ssl.wiki | ||
| @@ -226,16 +226,16 @@ | ||
| 226 | 226 | which explains what to do to authenticate with the server. |
| 227 | 227 | |
| 228 | 228 | |
| 229 | 229 | <h2 id="server">Fossil TLS Configuration: Server Side</h2> |
| 230 | 230 | |
| 231 | -Fossil's built-in HTTP server feature does not currently have a built-in | |
| 232 | -way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked | |
| 233 | -Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put | |
| 234 | -it behind some kind of HTTPS proxy. We have a number of documents | |
| 235 | -elsewhere in this repository that cover your options for [./server/ | |
| 236 | -| serving Fossil repositories]. A few of the most useful of these are: | |
| 231 | +Fossil's built-in HTTP server feature did not add [./ssl-server.md|support HTTP over TLS] | |
| 232 | +(a.k.a. HTTPS) until version 2.18 (2022). Prior to that, system administrators | |
| 233 | +that wanted to add HTTPS support to a Fossil server had to put Fossil | |
| 234 | +behind a web-server or reverse-proxy that would do the HTTPS to HTTP | |
| 235 | +translation. [./server/ | Instructions for doing so] are found elsewhere | |
| 236 | +in this documentation. A few of the most useful of these are: | |
| 237 | 237 | |
| 238 | 238 | * <a id="stunnel" href="./server/any/stunnel.md">Serving via stunnel</a> |
| 239 | 239 | * <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a> |
| 240 | 240 | * <a id="nginx" href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a> |
| 241 | 241 | |
| 242 | 242 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -226,16 +226,16 @@ | |
| 226 | which explains what to do to authenticate with the server. |
| 227 | |
| 228 | |
| 229 | <h2 id="server">Fossil TLS Configuration: Server Side</h2> |
| 230 | |
| 231 | Fossil's built-in HTTP server feature does not currently have a built-in |
| 232 | way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked |
| 233 | Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put |
| 234 | it behind some kind of HTTPS proxy. We have a number of documents |
| 235 | elsewhere in this repository that cover your options for [./server/ |
| 236 | | serving Fossil repositories]. A few of the most useful of these are: |
| 237 | |
| 238 | * <a id="stunnel" href="./server/any/stunnel.md">Serving via stunnel</a> |
| 239 | * <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a> |
| 240 | * <a id="nginx" href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a> |
| 241 | |
| 242 |
| --- www/ssl.wiki | |
| +++ www/ssl.wiki | |
| @@ -226,16 +226,16 @@ | |
| 226 | which explains what to do to authenticate with the server. |
| 227 | |
| 228 | |
| 229 | <h2 id="server">Fossil TLS Configuration: Server Side</h2> |
| 230 | |
| 231 | Fossil's built-in HTTP server feature did not add [./ssl-server.md|support HTTP over TLS] |
| 232 | (a.k.a. HTTPS) until version 2.18 (2022). Prior to that, system administrators |
| 233 | that wanted to add HTTPS support to a Fossil server had to put Fossil |
| 234 | behind a web-server or reverse-proxy that would do the HTTPS to HTTP |
| 235 | translation. [./server/ | Instructions for doing so] are found elsewhere |
| 236 | in this documentation. A few of the most useful of these are: |
| 237 | |
| 238 | * <a id="stunnel" href="./server/any/stunnel.md">Serving via stunnel</a> |
| 239 | * <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a> |
| 240 | * <a id="nginx" href="./server/debian/nginx.md#tls">Serving via SCGI with nginx on Debian</a> |
| 241 | |
| 242 |