squaremap icon indicating copy to clipboard operation
squaremap copied to clipboard
verified publisher icon jpenilla

SSL with internal web server

Open justADeni opened this issue 2 months ago • 0 comments

Why?

I know there are other methods such as reverse proxy or simply running a different web server but I think this is a simple and intuitive alternative which could make life easier for non-insignificant amount of server owners.

Drawbacks

Letsencrypt issues certificates for 90 days, and even the longest-lasting certificates are 398 days at most, this number shrinking to 47 days by 2029. Thus, the process of generating a keystore file and placing it into the plugin data directory could need to be automated, perhaps by a bash script, or we could eventually look into auto-renewal strategies using ACME and Letsencrypt.

The following would need to be added to docs/wiki:

In the folder containing your .pem certificates from Letsencrypt or any other provider, run this command: openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name undertow -password pass: to generate keystore.p12 file, which you can then place in /plugins/squaremap/ folder and restart the server. Voilà

justADeni avatar Nov 06 '25 00:11 justADeni