You can have the server on a DMZ and access it through a reverse proxy that does SSL. El sáb, 23 jul 2022 10:02, Christos Hayward <christos.hayward@gmail.com> escribió:

I earlier write that I saw only duct tape-ish ways of getting HTTPS over a LAN. At least one implementation was mentioned, a self-signed certificate that all computers on the LAN would be made to accept.

I saw another, arguably cleaner way to get HTTPS over a LAN. Make a website, perhaps a bare stub to minimize surface areas to vulnerabilities, publicly, at https://library.xyz.com. Then cron a copying of the certificates from the public site to a server on the LAN. Then set a local DNS (or, worse, hosts files) to assign library.xyz.com the local network IP of the net.

This would seem to sidestep at least some of the security implications for having a library server on the public network.

--

Unworthy Br. *Christos Hayward*, author and apologist, and more importantly novice at *St. Demetrios Orthodox Monastery <https://virginiamonks.org/>* (monastery webshop <https://virginiamonks.org/collections/all>).

I invite you to visit my *author site* <https://cjshayward.com> (author bio <https://cjshayward.com/author/>, bookshelf <https://cjshayward.com/books/

...

). One title is Happiness in an Age of Crisis: Ancient Wisdom from the Eastern Orthodox Church <https://cjshayward.com/crisis/>.

My most recent posting is a purchasable "How do I love thee?" shirt <https://cjshayward.com/how-do-i-love-thee-shirt/>. _______________________________________________

Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha