mirror of
https://github.com/pockethost/pockethost.git
synced 2025-11-26 15:35:50 +00:00
41 lines
1.8 KiB
Markdown
41 lines
1.8 KiB
Markdown
# plugin-waf-enforce-ssl
|
|
|
|
Enforce SSL at WAF level.
|
|
|
|
## Quickstart
|
|
|
|
```bash
|
|
npx pockethost install @pockethost/plugin-waf-enforce-ssl
|
|
|
|
# now only accepts https
|
|
npx pockethost waf serve
|
|
```
|
|
|
|
## Discussion
|
|
|
|
When SSL is enforced on WAF, `PH_WAF_PORT` is ignored. Instead, it will listen on 80 and 443, redirecting any port 80 traffic to 443.
|
|
|
|
In dev mode (`PH_DEV`), a wildcard dev certificate for the `PH_APEX_DOMAIN` value will be created. In prod mode, you must create your own certificate. For example, Cloudflare issues [origin certificates](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) which must be downloaded and used here.
|
|
|
|
Use `npx pockethost config set PH_WAF_ENFORCE_SSL_KEY <keyfile>` and `npx pockethost config set PH_WAF_ENFORCE_SSL_CERT <certfile>` to set production mode settings.
|
|
|
|
## Variables
|
|
|
|
The following variables will be used if they are found in the shell environment. PocketHost will also load them from an `.env` file if found at load time.
|
|
|
|
| Name | Default | Discussion |
|
|
| ----------------------- | --------------------------------------------- | ------------------------------------------------------------- |
|
|
| PH_WAF_ENFORCE_SSL_HOME | `.pockethost/plugin-waf-enforce-ssl` | The home directory for any data storage needs of this plugin. |
|
|
| PH_WAF_ENFORCE_SSL_KEY | `.pockethost/plugin-waf-enforce-ssl/tls.key` | The path to your SSL cert. |
|
|
| PH_WAF_ENFORCE_SSL_CERT | `.pockethost/plugin-waf-enforce-ssl/tls.cert` | The path to your SSL key. |
|
|
|
|
## Support
|
|
|
|
PocketHost has a thriving [Discord community](https://discord.gg/nVTxCMEcGT).
|
|
|
|
---
|
|
|
|
### Sponsored by https://pockethost.io. Instantly host your PocketBase projects.
|
|
|
|
---
|