Mailinglist Archive: mirror (14 mails)

< Previous Next >
Re: [mirror] HTTPS support for Mirrors
Hi all.

Only 850 lines on /var/log/apache2/ssl_request_log since it was enabled.

Any news on this issue?


regards


ariel


El 10/10/17 a las 13:30, ariel sabiguero yawelak escribió:
Hi.

Our mirror started serving https since... a few minutes :-)

    https://espejito.fder.edu.uy/opensuse/

We plan to offer http also.
Please let us know about any problem, misconfiguration or recommendation.

best regards.

ariel

El 10/10/17 a las 09:19, Marcus Meissner escribió:
Hi folks,

We are currently working on more https enablement for the openSUSE download tooling.

Background is that safe repository usage is possible for the main and update repositories,
but not for the rest buildservice repositories, which have unknown keys.

software.opensuse.org and download.opensuse.org can provide https URLs already.

The problem we are facing is that download.opensuse.org redirects from HTTPS to HTTP,
which is caught by various clients as a security violation.

So to avoid making clients less secure, we would like to know if some of you can offer
https serving mirrors of openSUSE.

With the availability of letsencrypt this can even be done without any additional costs.
A low footprint client for letsencrypt is dehydrated (https://github.com/lukas2511/dehydrated),
which can also be obtained as packages for openSUSE, SLES, CentOS and RHEL from
https://software.opensuse.org/download.html?project=security:dehydrated&package=dehydrated.

Ciao, Marcus


--
To unsubscribe, e-mail: mirror+unsubscribe@xxxxxxxxxxxx
To contact the owner, email: mirror+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups