From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id AFEHB3l2HmAJZAAA0tVLHw (envelope-from ) for ; Sat, 06 Feb 2021 10:59:05 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id IBj3Anl2HmC/LQAAB5/wlQ (envelope-from ) for ; Sat, 06 Feb 2021 10:59:05 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BE009940276 for ; Sat, 6 Feb 2021 10:59:04 +0000 (UTC) Received: from localhost ([::1]:48984 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l8LIt-0004St-Ng for larch@yhetil.org; Sat, 06 Feb 2021 05:59:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36966) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l8LIj-0004RL-UT for help-guix@gnu.org; Sat, 06 Feb 2021 05:58:53 -0500 Received: from sender4-op-o10.zoho.com ([136.143.188.10]:17091) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l8LIi-00089M-5F for help-guix@gnu.org; Sat, 06 Feb 2021 05:58:53 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1612609127; cv=none; d=zohomail.com; s=zohoarc; b=X0dhtAUJ12UosHYTDOwplJCSPcLjMgf9fNZG6OG/CC6u8OmXKrPcvRoKrIjZ4koPbbtT7iZD87GZOjhBzRCleQh7tB2eNZrqYRZ2awW5L5hQncC0CGSff6g5hAbgv+t7SxQIBF3dVBurFBDjMfmrpAmp7cQPSv/U/jTOR5u8RZY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1612609127; h=Content-Type:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=ivjMR8Ko+hmF9RCRU9APgbUYGVqoD+uU8sC00DyEjS4=; b=BapfCwQOYWyilQtUGRokmALWf9BCvIpfBIXndDcCGJqXIhmKjYawmzKeNRm+kHz7wCV2t8FYLjsGRedKpYkL16HWuVBebZyTdgt69O/d7AqJ3bPglTHyglxC/MIyXrO+Rk1KsOC/1VMt8TnEelAX/mQZcZUcsXFeIjH7CHc2Ffs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1612609127; s=zoho; d=rdklein.fr; i=edou@rdklein.fr; h=References:From:To:Subject:In-reply-to:Message-ID:Date:MIME-Version:Content-Type; bh=ivjMR8Ko+hmF9RCRU9APgbUYGVqoD+uU8sC00DyEjS4=; b=bdoYBVIU63jjDnL8UAetQPyK2V/mcZyvMMqeBCHSxa85stmdMQ1VbW7GwdzYPaZb ssVw5hP7taM5vgcnebJ0/0W4jnZW/Tcg21iM/d3D6OzcWuzGXVN4CGsBlxNwEjnkcTi y0v2tz4e4HQTIlzgkNbBDr/iCKeglzEYKytF4Yek= Received: from Rasoir (lfbn-idf3-1-808-29.w90-3.abo.wanadoo.fr [90.3.133.29]) by mx.zohomail.com with SMTPS id 1612609126028326.0699827977751; Sat, 6 Feb 2021 02:58:46 -0800 (PST) References: <85o8gxebyh.fsf@beadling.co.uk> User-agent: mu4e 1.4.14; emacs 27.1 From: Edouard Klein To: help-guix@gnu.org Subject: Re: Running Substitute Server over https In-reply-to: <85o8gxebyh.fsf@beadling.co.uk> Message-ID: <87h7mpjwdo.fsf@rdklein.fr> Date: Sat, 06 Feb 2021 11:58:27 +0100 MIME-Version: 1.0 Content-Type: text/plain X-ZohoMailClient: External Received-SPF: pass client-ip=136.143.188.10; envelope-from=edou@rdklein.fr; helo=sender4-op-o10.zoho.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -3.36 Authentication-Results: aspmx1.migadu.com; dkim=none ("invalid DKIM record") header.d=rdklein.fr header.s=zoho header.b=bdoYBVIU; arc=pass ("zohomail.com:s=zohoarc:i=1"); dmarc=none; spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Migadu-Queue-Id: BE009940276 X-Spam-Score: -3.36 X-Migadu-Scanner: scn1.migadu.com X-TUID: V3GxySJkjIpK Hi phil, Not answering your question directly, but last time I wanted to secure the connection between a client and a substitute I used an ssh tunnel: # On the server guix archive --generate-key ssh root@client guix archive --authorize < /etc/guix/signing-key.pub guix publish& ssh -N -R 8081:localhost:8080 root@client& # On the client guix build --substitute-urls=http://localhost:8081 whatever This may or may not be amendable to your situation, and may or may not lend itself to tlstunnel instead of ssh. Good luck :) Phil writes: > Hi all, > > I have a substitute server running trivially using http, but there > doesn't seem to be anything in the manual about how/where to configure > my certificate file, etc, to run a server over https. > > Can anyone advise on https setup for 'guix publish'? > > Thanks, > Phil.