https://docs.goshs.de/en/usage/tls/index.html Use TLS to secure the connection You can use TLS in a variety of ways. Self-signed Certificate Provide own key and cert Let’s encrypt Hugo en-US Thu, 04 Jul 2024 15:42:45 +0200 https://docs.goshs.de/en/usage/tls/self-signed/index.html Thu, 04 Jul 2024 15:42:45 +0200 https://docs.goshs.de/en/usage/tls/self-signed/index.html Self-Signed Certificate You can start goshs using a self-signed certificate with -s -ss. $ goshs -s -ss INFO [2024-07-04 18:01:46] Download embedded file at: /example.txt?embedded INFO [2024-07-04 18:01:46] Serving on interface lo bound to 127.0.0.1:8000 INFO [2024-07-04 18:01:46] Serving on interface eth0 bound to 10.137.0.27:8000 INFO [2024-07-04 18:01:46] Serving HTTPS from /home/user with ssl enabled and self-signed certificate WARNING[2024-07-04 18:01:46] Be sure to check the fingerprint of certificate INFO [2024-07-04 18:01:46] SHA-256 Fingerprint: 88 12 82 A4 6D 7F B1 D0 37 9D 78 78 4A B1 EC DC 97 BF 8D AB FB 8A 15 06 92 B2 1B 90 32 96 73 D4 INFO [2024-07-04 18:01:46] SHA-1 Fingerprint: C0 62 FD 51 D3 B8 BB B5 64 DD EA D1 01 25 77 74 EF E0 6E 79 goshs is now listening on port 8000 and you can use https://ip:8000 to initiate a secure connection. https://docs.goshs.de/en/usage/tls/own-cert/index.html Thu, 04 Jul 2024 15:42:45 +0200 https://docs.goshs.de/en/usage/tls/own-cert/index.html Provide own certificate and key You can provide your own certificate and key using -s -sk <key> -sc <certificate>. $ goshs -s -sk key.pem -sc cert.pem INFO [2024-07-04 18:01:46] Download embedded file at: /example.txt?embedded INFO [2024-07-04 18:01:46] Serving on interface lo bound to 127.0.0.1:8000 INFO [2024-07-04 18:01:46] Serving on interface eth0 bound to 10.137.0.27:8000 INFO [2024-07-04 18:01:46] Serving HTTPS from /home/user with ssl enabled server key: key.pem, server cert: cert.pem INFO [2024-07-04 18:01:46] You provided a certificate and might want to check the fingerprint nonetheless INFO [2024-07-04 18:01:46] SHA-256 Fingerprint: BC 8B 2A C5 86 16 6A 19 08 BD 10 19 B2 A6 87 3B 42 6A 44 00 5B 76 10 5F 19 96 79 D6 AF 61 5F EE INFO [2024-07-04 18:01:46] SHA-1 Fingerprint: 76 74 6A 3A AD C1 27 39 CC BC 6C 50 9B 6B C9 EB 7A 01 69 09 Warning Notice that this only works with keys that have no passphrases. You could convert your key like: openssl rsa -in [original.key] -out [new.key]. https://docs.goshs.de/en/usage/tls/lets-encrypt/index.html Thu, 04 Jul 2024 15:42:45 +0200 https://docs.goshs.de/en/usage/tls/lets-encrypt/index.html Use Let’s encrypt to generate a certificate You can also use Let’s encrypt to fetch a valid certificate. Use the following command: goshs -s -sl -sle your@mail.com -sld your.domain.com,your.seconddomain.comYou will have to make sure that your IP is reachable via the domain name by creating an A entry with your DNS service provider first. Then the example command will create two files called key and cert if the request for a certificate is successful.