Mirroristas/pockethost
2
0
Fork 0
mirror of https://github.com/pockethost/pockethost.git synced 2025-06-27 16:32:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
pockethost/packages/pending/plugin-waf-enforce-ssl
History
Ben Allfree e6355c1aea refactor(multi): plugification
2024-06-26 21:23:55 -07:00
..
src
refactor(multi): plugification
2024-06-26 21:23:55 -07:00
.npmignore
refactor(multi): plugification
2024-06-26 21:23:55 -07:00
package.json
refactor(multi): plugification
2024-06-26 21:23:55 -07:00
readme.md
refactor(multi): plugification
2024-06-26 21:23:55 -07:00
tsconfig.json
refactor(multi): plugification
2024-06-26 21:23:55 -07:00

readme.md

plugin-waf-enforce-ssl

Enforce SSL at WAF level.

Quickstart

npx pockethost install @pockethost/plugin-waf-enforce-ssl

# now only accepts https
npx pockethost waf serve

Discussion

When SSL is enforced on WAF, PH_WAF_PORT is ignored. Instead, it will listen on 80 and 443, redirecting any port 80 traffic to 443.

In dev mode (PH_DEV), a wildcard dev certificate for the PH_APEX_DOMAIN value will be created. In prod mode, you must create your own certificate. For example, Cloudflare issues origin certificates which must be downloaded and used here.

Use npx pockethost config set PH_WAF_ENFORCE_SSL_KEY <keyfile> and npx pockethost config set PH_WAF_ENFORCE_SSL_CERT <certfile> to set production mode settings.

Variables

The following variables will be used if they are found in the shell environment. PocketHost will also load them from an .env file if found at load time.

Name Default Discussion
PH_WAF_ENFORCE_SSL_HOME .pockethost/plugin-waf-enforce-ssl The home directory for any data storage needs of this plugin.
PH_WAF_ENFORCE_SSL_KEY .pockethost/plugin-waf-enforce-ssl/tls.key The path to your SSL cert.
PH_WAF_ENFORCE_SSL_CERT .pockethost/plugin-waf-enforce-ssl/tls.cert The path to your SSL key.

Support

PocketHost has a thriving Discord community.

Sponsored by https://pockethost.io. Instantly host your PocketBase projects.