-
Type:
Improvement
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Backend: API, Installation, Packaging, Deployment, WebUI
-
Labels:
By replacing apache with nginx the latest security features like PFS/HSTS/CSP can be used. In addition nginx requires less resources than apache.
In the same time a SSL management UI must be included to allow the user to upload and manage SSL certificates that can be used by the webserver.
By default a self signed certificate should be created during installation and this should be used by the WebUI. HTTPS should be enabled by default.
I think there should be an option to enable HTTP if the users needs this in his environment. Additional a 'Force HTTPS' option is a nice feature to redirect HTTP calls to HTTPS.