On Mon, Dec 13, 2021 at 8:25 PM Tim via users <users(a)lists.fedoraproject.org
wrote:
On Mon, 2021-12-13 at 12:45 -0700, Greg Woods wrote:
While it can do what you want, it is subverting the purpose of HTTPS.
I'm not sure anyone should support a technique that hides an insecure
connection behind a faked secure one.
I would dispute that. In my case, caddy runs on an internet-accessible
server, but the actual web server is behind two firewalls. The unencrypted
connection is entirely behind at least one firewall, and if someone manages
to gain access to the inside of that firewall, then the game is already
over. I don't think I'd recommend this for enterprise setups, as there are
too many potential threats already behind the firewall (can you really
trust every single one of your employees?) But for a home setup where the
only authorized users are my wife and myself, I think it's sufficiently
secure. But everyone will have to judge that for themselves.
--Greg