TLS support and MADNESS_FORCE_SSL

[r3cgm]

Hi all,

I was trying to figure out how to layer in support for TLS, and came across the MADNESS_FORCE_SSL option. I couldn't find native support for TLS itself (certificate store etc) in madness is that true? I ended up using Nginx with a reverse web proxy and Let's Encrypt for the certificate, and it worked great. But in that scenario Nginx itself is doing the 80 > 443 redirect so I can't see how madness would change it's behavior differently depending on TLS vs. non-TLS.

By the way, I would be happy to write up clean documentation for inclusion in the root README.me that explains how to set up the Nginx proxy and register for a certificate, if that wouldn't seem too far out of scope. Let me know.

George

[DannyBen]

Hmm. Well, first, SSL is out of scope for Madness. It is intended first and foremost as an internal, local web server, and, in a way similar to web app development - the SSL termination is done someplace higher in the chain, usually.

That said - I could not remember why I added this SSL environment variable in the first place.
It is just enabling Rack:SSL - which is a very old gem (last release in 2014).

Should I perhaps remove it?

As for your nginx setup - it would be nice to have such a guide, but perhaps not in the main README? Maybe a Wiki page?

[DannyBen]

I have created a PR that removes this SSL thingy - seems to be a relic from the past that serves no purpose today.
#120

[r3cgm]

Cool, saw you stripped it out. Yeah, I tried enabling and disabling it, seeing if madness would somehow attempt a redirect to TLS but it wasn't doing anything that I could tell.

Re: Wiki that sounds great. I get that TLS is out of scope for the main application. But I'll bet it's a common use case for people deploying this tool. I'll draft a section for the wiki and feel free to accept, modify, or reject :)

[DannyBen]

Excellent. I enabled wiki edits for collaborators only, but I believe you should have access. If not, I will temporarily open it to all.