https?
Hello,
I am experimenting with Cloudflare Tunnel and I am able to access the Kiwi via https, directly on the default port 443.
It works very well, except for the fact I can't manage to understand how to configure the Kiwi directory to match this new setting. At best, the listing is always set to http and always on port 8073.
Is there a way to change port and / or to set https?
Thanks
Comments
The port number can be changed on the admin network tab.
SSL works with the Kiwi code. But I have not released it because it is useless without a way to do certificate management across ALL Kiwi deployment scenarios.
In particular things like Let'sEncrypt don't have a solution for IoT style deployments. Like when the Kiwi doesn't have its own private domain under the control of the user (e.g. it's addressable only by IP address, Kiwi proxy service, DDNS, ...) Let'sEncrypt fails miserably in this regard and they've never come up with a solution. I've been waiting for years...
Other people have managed to setup third-party SSL proxies without the Kiwi itself needing SSL. One used Cloudflare I believe. You'll have to search the forum for details.
I am indeed using Cloudflare as well. The problem is I can't tell the Kiwi listings to use my new address that starts with 'https'.
As you suggested, I saw you can specify an external port. Since I am unable to set https as the main protocol I tried setting port 80 hoping to rely on the TLS redirect I have set. Unfortunately this solutions isn't applicable because the list enforces reverse checks, so if your URL doesn't resolve to your origin IP the URL won't be used at all.
The funny part is that I see others in the list who are already using https (eg. https://kiwi.770net.de:8073). I just can't figure out how they do that.
I actually found some kind of a solution and I am going to post it for others who might have the same problem.
Goal: Hide my public IP. As bonus points, I wanted to start using SSL (https)
Approach: Use Cloudflare Tunnels, applying SSL termination
Issue: Kiwi's directory listing doesn't clearly support publishing https enabled URLs
Solution: First, configure the Cloudflare tunnel to apply automatic redirects from http to https. Then, within wiki, set your external port to 80. Finally, also within wiki, set "DUC Domain" to match your tunnel URL.
Result: Kiwi is listed as http://[your-tunnel-address]:80. Visitors will then be automatically redirected to https