index : static-web-server.git

ascending towards madness

author Jose Quintana <joseluisquintana20@gmail.com> 2020-01-14 20:33:40.0 +00:00:00
committer Jose Quintana <joseluisquintana20@gmail.com> 2020-01-14 20:33:40.0 +00:00:00
commit 
63f2c82f4434c6a942b4791da9bb0a92b5f38440 [patch]
tree 
a712e331cca9c717177ceb70914ed0970ca35c32
parent 
f4b501bd0fa76d25ff6be94613a78aef85c0d818
download 
63f2c82f4434c6a942b4791da9bb0a92b5f38440.tar.gz

docs: tls/ssl section




Diff


 README.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/README.md b/README.md
index 3bed023..4498e74 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,25 @@ OPTIONS:
            A specified password to decrypt the private key [env: SERVER_TLS_PKCS12_PASSWD=]  [default: ]
```

## TLS/SSL

TLS/SSL support is provided by [Rust Native TLS](https://docs.rs/native-tls/0.2.3/native_tls/struct.Identity.html#method.from_pkcs12) crate which supports [PKCS #12 cryptographic identity](https://en.wikipedia.org/wiki/PKCS_12).
An identity is an [X509 certificate](https://en.wikipedia.org/wiki/X.509) certificate along with its corresponding private key and chain of certificates to a trusted root.

For instance, identity files (`.p12` or `.pfx`) can be generated using the [OpenSSL SSL/TLS Toolkit](https://www.openssl.org/docs/manmaster/man1/pkcs12.html):

Generate a self-signed certificate:

```sh
openssl req -x509 -newkey rsa:4096 -nodes -keyout local.key -out local.crt -days 3650
```

Generate a PKCS #12 indentity file:

```sh
openssl pkcs12 -export -out identity.p12 -inkey local.key -in local.crt -password pass:my_password
```

## Docker stack

Example using [Traefik proxy](https://traefik.io/):