2·
8 months agoI recommend watching this video: https://www.youtube.com/watch?v=qbKGw8MQ0i8
- 0 Posts
- 4 Comments
Joined 2 years ago
Cake day: June 5th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
AFAIK signal stil requires a phone numer for registration, however you now can add people by their username.
E-mail is horrible for privacy, spam, instant messaging, etc. PGP “works” in very limited scenarios, and e-mail is not really one of them.
Plus these two statements seem unplausible for me:
we can assume you’re protected by PGP when writing to most users,
and
and with the added effect of not needing to convince anyone to install anything since from their end it’s just an email.
I disagree with the first statement, most users don’t know what PGP is and therefore don’t have keys, so you can’t encrypt anything to them. The only way most users would use PGP is if something sets it up for them, alá protonmail or my using some special client. Since you’ve said that from their end it is just an e-mail, how does Deltachat add any meaningful encryption?
Just did a quick test, the certs do not bind to the port, only the domain/fqdn. So in short your reverse proxy/application is doing something wrong. Do you have the cert files? Can you test them inside a ubuntu:24.04 docker with the script bellow? (you’ll need to copy two cert files). That does TLS and is the application all in one script, but it could be two scripts one acting as the reverse proxy or whatever, doesn’t make a difference from the point of view of the client.
Lets Encrypt doesn’t do anything in port 80/443 unless you’re using the http challlenge AFAIK. And once you have the certs, they aren’t really involved in the connection, thus that can’t be the issue. Test by using curl against the script below, or your own infrastructure (each step/chain of it, the reverse proxy, the application ip, etc.)
But in short I think your reverse proxy configuration is just wrong, or you’re accessing it the wrong way on the client side. For example, using https://example.com/ instead of https://example.com:5050/.
# docker run --rm --net host -it ubuntu:24.04 # then install python3 and run this import http.server import ssl PORT = 5201 # Change to your desired port CERT_FILE = "/fullchain.pem" # Path to your certificate file KEY_FILE = "/key.pem" # Path to your private key file # Create a basic HTTP request handler class SimpleHTTPRequestHandler(http.server.SimpleHTTPRequestHandler): def do_GET(self): self.send_response(200) self.send_header("Content-type", "text/html") self.end_headers() self.wfile.write(b"<h1>Welcome to the secure static server!</h1>") # Set up the HTTP server httpd = http.server.HTTPServer(("0.0.0.0", PORT), SimpleHTTPRequestHandler) # Set up SSL context ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ssl_context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE) # Wrap the server socket with SSL httpd.socket = ssl_context.wrap_socket(httpd.socket, server_side=True) print(f"Serving HTTPS on port {PORT}") httpd.serve_forever()