Vince42 Posted March 8, 2017 Report Share Posted March 8, 2017 Hi, I am running Sync on a NAS and on a Linux server. I would like to use a valid SSL certificate on both instances. Both systems have automated certificate renewal facilities, but of course they do not know anything about my running Sync instances and the certificate is owned by root in a different folder. First I thought, it might be a good idea to change certificate rights and to point sync.conf to the certificate - but this would yield a security issue. The next idea is to make a copy of the certificate into the folder, where the sync executable resides and to change the ownership. This can be done with a daily cron job. I presume that there is no option to get hold of the "original" certificate without having a security issue and that there is no clever built-in Let's Encrypt functionality in Sync? Any other suggestions? Quote Link to comment Share on other sites More sharing options...
Timbo Posted March 13, 2017 Report Share Posted March 13, 2017 You don't indicate why this would be a good idea, and I certainly don't see why. Break something supported to do something with no visible benefit. Keep your ssl certs and your bt sync stuff separate. bt sync doesn't need to know a domain name and you don't need that hassle. Just let btsync do its encryption the way they intended. Quote Link to comment Share on other sites More sharing options...
iswrong Posted March 14, 2017 Report Share Posted March 14, 2017 8 hours ago, Timbo said: Keep your ssl certs and your bt sync stuff separate. bt sync doesn't need to know a domain name and you don't need that hassle. Just let btsync do its encryption the way they intended. I think Vince42 is referring to the web interface here and wants to use a Let's encrypt certificate rather than a self-signed certificate, which is completely reasonable IMO. Vince42: I assume that you are requesting the certificates while using Apache/nginx/... to do the validation? I think there are two reasonable approaches to do this without copying or changing ownership: Create an extra group, of which both your web server user and RLSync user are a member. Give the group read access to the certificate; or use filesystem ACLs to configure more fine-grained access rights (with ACLs e.g. the www or apache user could be the owner of a file, but the RLSync user could also have read access). Quote Link to comment Share on other sites More sharing options...
goli Posted April 14, 2017 Report Share Posted April 14, 2017 If you already run HTTP servers on both boxes that do HTTPS properly, you could make Sync only listen to localhost and use your HTTP servers as local proxies. That way the SSL certificates of Apache, nginx or whatever apply instead of the certificate of Sync. Quote Link to comment Share on other sites More sharing options...
Vince42 Posted October 22, 2022 Author Report Share Posted October 22, 2022 On 4/14/2017 at 11:36 PM, goli said: If you already run HTTP servers on both boxes that do HTTPS properly, you could make Sync only listen to localhost and use your HTTP servers as local proxies. That way the SSL certificates of Apache, nginx or whatever apply instead of the certificate of Sync. Believe it or not: I am still trying to get the Let's Encrypt certificates working. 🙈 I did not want to interfere with Let's Encrypt, therefore I did not dare to fiddle around with a new group or filesystem ACL. Regarding your suggestion: How would I use Apache as local proxy? This might be a nice workaround. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.