tls.md (2607B)
1 # TLS 2 3 It's possible to configure TLS support in one of two ways: 4 * Built-in support for Lets Encrypt / ACME compatible vendors 5 * Loading TLS files from disk 6 7 It is not possible to have both methods enabled at the same time. 8 9 Note that when using TLS files loaded from disk you are responsible for restarting the instance when the files change. They are not automatically reloaded. 10 11 ## Settings 12 13 ```yaml 14 ############################## 15 ##### LETSENCRYPT CONFIG ##### 16 ############################## 17 18 # Config pertaining to the automatic acquisition and use of LetsEncrypt HTTPS certificates. 19 20 # Bool. Whether or not letsencrypt should be enabled for the server. 21 # If false, the rest of the settings here will be ignored. 22 # If you serve GoToSocial behind a reverse proxy like nginx or traefik, leave this turned off. 23 # If you don't, then turn it on so that you can use https. 24 # Options: [true, false] 25 # Default: false 26 letsencrypt-enabled: false 27 28 # Int. Port to listen for letsencrypt certificate challenges on. 29 # If letsencrypt is enabled, this port must be reachable or you won't be able to obtain certs. 30 # If letsencrypt is disabled, this port will not be used. 31 # This *must not* be the same as the webserver/API port specified above. 32 # Examples: [80, 8000, 1312] 33 # Default: 80 34 letsencrypt-port: 80 35 36 # String. Directory in which to store LetsEncrypt certificates. 37 # It is a good move to make this a sub-path within your storage directory, as it makes 38 # backup easier, but you might wish to move them elsewhere if they're also accessed by other services. 39 # In any case, make sure GoToSocial has permissions to write to / read from this directory. 40 # Examples: ["/home/gotosocial/storage/certs", "/acmecerts"] 41 # Default: "/gotosocial/storage/certs" 42 letsencrypt-cert-dir: "/gotosocial/storage/certs" 43 44 # String. Email address to use when registering LetsEncrypt certs. 45 # Most likely, this will be the email address of the instance administrator. 46 # LetsEncrypt will send notifications about expiring certificates etc to this address. 47 # Examples: ["admin@example.org"] 48 # Default: "" 49 letsencrypt-email-address: "" 50 51 ############################## 52 ##### MANUAL TLS CONFIG ##### 53 ############################## 54 55 # String. Path to a PEM-encoded file on disk that includes the certificate chain 56 # and the public key 57 # Examples: ["/gotosocial/storage/certs/chain.pem"] 58 # Default: "" 59 tls-certificate-chain: "" 60 61 # String. Path to a PEM-encoded file on disk containing the private key for the 62 # associated tls-certificate-chain 63 # Examples: ["/gotosocial/storage/certs/private.pem"] 64 # Default: "" 65 tls-certificate-key: "" 66 ```