• @[email protected]
    link
    fedilink
    06 months ago

    When selfhosting stuff, it’s just incredibly difficult to properly set this up while maintaining compatibility with http for other stuff. Usually you’ll have one reverse proxy (eg. nginx) handling http/https encryption and forwarding to a socket (or in case of docker, one of a dozen open ports on one of a hundred interfaces, fuck you docker), over http. The APIs themselves almost never have direct https support, and even if I wanted to manage them directly, certbot only supports reverse proxies directly. So you need to differentiate between api and non-api in the reverse proxy.

    • @[email protected]
      link
      fedilink
      06 months ago

      This. I was reading through some of the comments, but this is the most accurate one I’ve read thus far. All the APIs I’ve dealt with are just vanilla HTTP and use a reverse proxy for https. A reverse proxy like nginx is also convenient for path pattern matching to different API services but only having to setup https in one spot, nginx