Add commented-out HTTPS configuration section

In recent versions of Firefox and (especially) Chrome, ".dev" domains are force-redirected to a secure connection (HTTPS) instead of HTTP. Not supporting an HTTPS connection makes for a bad user experience, so we want to make enabling SSL support easy. Since we don't issue certificates, this section is commented out by default, and it will require modification. This is done primarily for PiAware, though it is applicable to just the Dump1090 project.
2020-06-14 16:16:55 -04:00 · 2020-06-14 16:16:55 -04:00 · ba8f3e6af0
parent d6b8065c3b
commit ba8f3e6af0
1 changed files with 28 additions and 0 deletions
--- a/debian/lighttpd/89-dump1090-fa.conf
+++ b/debian/lighttpd/89-dump1090-fa.conf
@ -25,3 +25,31 @@ server.modules += ( "mod_setenv" )
 $HTTP["url"] =~ "^/dump1090-fa/data/.*\.json$" {
  setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*" )
 }
+
+# Uncomment this section to enable SSL traffic (HTTPS) - especially useful
+# for .dev domains
+## Listen on 8443 for SSL connections
+#$HTTP["host"] == "piaware.example.com" {
+#  $SERVER["socket"] == ":8443" {
+#    ssl.engine = "enable"
+#    ssl.pemfile = "/root/ssl_certificate/combined.pem"
+#    ssl.ca-file =  "/root/ssl_certificate/fullchain.cer"
+#    ssl.honor-cipher-order = "enable"
+#    ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
+#    ssl.use-sslv2 = "disable"
+#    ssl.use-sslv3 = "disable"       
+#    
+#  alias.url += (
+#    "/data/" => "/run/dump1090-fa/",
+#    "/" => "/usr/share/dump1090-fa/html/"
+#  )
+#  }
+#
+#  # Redirect HTTP to HTTPS
+#  $HTTP["scheme"] == "http" {
+#    $HTTP["host"] =~ ".*" {
+#      url.redirect = (".*" => "https://%0$0")
+#    }
+#  }
+#}
+