diff options
author | Lars Wirzenius <liw@liw.fi> | 2020-07-26 09:58:50 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2020-07-26 09:58:50 +0300 |
commit | fae5a188e480fbebd5a30b5a52fe57ddc2b18eef (patch) | |
tree | 13acf1f524280e4ba0b67f2ce964e2b6723b5d55 /ewww.md | |
parent | 10379aab6aeffd3962c50ba300bb107a1c578464 (diff) | |
download | ewww-fae5a188e480fbebd5a30b5a52fe57ddc2b18eef.tar.gz |
doc: allow plain HTTP for things other then LE, but be explicit
Diffstat (limited to 'ewww.md')
-rw-r--r-- | ewww.md | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -25,8 +25,9 @@ expressed as _scenarios_ in the acceptance criteria chapter. on my Thinkpad T480 laptop. A self-signed certificate is OK. * Fast, time from starting server to having served first HTTPS request should be at most 100 ms. -* Serves only HTTPS, except what Let's Encrypt needs to be served over - plain HTTP. +* Serves only HTTPS, except what needs to be served over plain HTTP, + e.g., for Let's Encrypt certificate validation. Any plain HTTP + access must be explicitly allowed. I don't need flexibility, and I don't want to configure anything that's not essential for this. Hardcoded assumptions are A-OK, if my |