mirror of
https://github.com/dani-garcia/bitwarden_rs
synced 2024-11-25 11:20:04 +01:00
Added clarification on file format and file name extensions regarding the ROCKET_TLS command line
parent
6b0d66e018
commit
72afafd14d
@ -5,8 +5,11 @@ The values to the option must follow the format:
|
||||
ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
|
||||
```
|
||||
Where:
|
||||
- certs: a path to a certificate chain in PEM format
|
||||
- key: a path to a private key file in PEM format for the certificate in certs
|
||||
* certs: a path to a certificate chain in PEM format
|
||||
* key: a path to a private key file in PEM format for the certificate in certs
|
||||
|
||||
Note:
|
||||
* The file name _extensions_ used in the ROCKET_TLS line do not necessarily have to be PEM. Important is the underlying file _format_ which needs to be PEM, i.e. base64-coded. Since the PEM format is openssl's default you can therefore simply rename .cert, .cer, .crt and .key files to .pem and vice versa or - as an alternative - use different file extensions like .crt or .key in the ROCKET_TLS line.
|
||||
|
||||
```sh
|
||||
docker run -d --name bitwarden \
|
||||
@ -16,7 +19,10 @@ docker run -d --name bitwarden \
|
||||
-p 443:80 \
|
||||
bitwardenrs/server:latest
|
||||
```
|
||||
Note that you need to mount ssl files and you need to forward appropriate port.
|
||||
|
||||
You need to mount ssl files (-v argument) and you need to forward appropriate port (-p argument), usually 443 for HTTPS connections. If you choose a different port number than 443 like for example 3456, remember to explicitly provide that port number when you connect to the service, example: `https://bitwarden.local:3456`.
|
||||
|
||||
For further information on how to set up and use a private CA on your local system refer to [this chapter of the wiki.](https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome)
|
||||
|
||||
Due to what is likely a certificate validation bug in Android, you need to make sure that your certificate includes the full chain of trust. In the case of certbot, this means using `fullchain.pem` instead of `cert.pem`.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user