Send intermediate certificates for API requests #1617
Labels
Comments
|
I'd highly recommend just using a reverse proxy that handles https well like caddy rather than relying on hydrus. (Also I wouldn't expose the hydrus API to the public Internet in general). |
|
It's actually on a Tailscale VPN, which offers LetsEncrypt certificates for ease of browser use. I'd been hoping to avoid setting up a reverse proxy on this machine, but I guess that probably is the quickest way. |
|
If you're using tailscale you can use the built in reverse proxy: https://github.com/floogulinc/hydrus-web/wiki/Accessing-the-Hydrus-API-with-Tailscale-Serve |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've got the client API set up to use HTTPS, and I've gotten a certificate from LetsEncrypt to make it visible globally. The certificate is in the client.crt file, and that part works fine.
That certificate file contains the intermediates for LetsEncrypt that tie it to the certificate root. However, hydrus is only serving the first certificate, not the full chain. This means that many clients -- notably including the Python requests/urllib libraries used by
hydownloaderet al. -- can't verify the certificate. (It still works fine in a Web browser, presumably because they go to find the intermediates on their own.)Would it be possible to make Hydrus provide the full certificate chain when there's more than one certificate in
client.crt?The text was updated successfully, but these errors were encountered: