From 114d474f02f8e4148b9fd65c8f2bc7b47f924c17 Mon Sep 17 00:00:00 2001 From: Bagas Sanjaya Date: Thu, 26 Dec 2019 12:05:05 +0700 Subject: [PATCH] [Docs] Clarify HTTPS Termination Proxy on Using Reverse Proxy to Enable HTTPS (#9491) * Clarification note for HTTPS termination proxy method * Textual grammar edit * Mention ROOT_URL * Apply suggestion by mrsdizzie Co-authored-by: techknowlogick --- docs/content/doc/usage/https-support.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/content/doc/usage/https-support.md b/docs/content/doc/usage/https-support.md index e2b5332c0..a0afed7f8 100644 --- a/docs/content/doc/usage/https-support.md +++ b/docs/content/doc/usage/https-support.md @@ -76,5 +76,4 @@ After that, enable HTTPS by following one of these guides: * [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html) * [caddy](https://caddyserver.com/docs/tls) -Note: Your connection between your reverse proxy and Gitea might be unencrypted. To encrypt it too, follow the [built-in server guide](#using-built-in-server) and change -the proxy url to `https://[URL]`. +Note: Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepted incoming TLS connections, decrypts the contents, and pass the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network. If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.