[Koha] One thing I realized

Christos Hayward christos.hayward at gmail.com
Sun Jul 24 01:01:39 NZST 2022


I earlier write that I saw only duct tape-ish ways of getting HTTPS over a
LAN. At least one implementation was mentioned, a self-signed certificate
that all computers on the LAN would be made to accept.

I saw another, arguably cleaner way to get HTTPS over a LAN. Make a
website, perhaps a bare stub to minimize surface areas to vulnerabilities,
publicly, at https://library.xyz.com. Then cron a copying of the
certificates from the public site to a server on the LAN. Then set a local
DNS (or, worse, hosts files) to assign library.xyz.com the local network IP
of the net.

This would seem to sidestep at least some of the security implications for
having a library server on the public network.

-- 

Unworthy Br. *Christos Hayward*, author and apologist, and more importantly
novice at *St. Demetrios Orthodox Monastery
<https://virginiamonks.org/>* (monastery
webshop <https://virginiamonks.org/collections/all>).

I invite you to visit my *author site* <https://cjshayward.com> (author bio
<https://cjshayward.com/author/>, bookshelf <https://cjshayward.com/books/>).
One title is Happiness in an Age of Crisis: Ancient Wisdom from the Eastern
Orthodox Church <https://cjshayward.com/crisis/>.

My most recent posting is a purchasable "How do I love thee?" shirt
<https://cjshayward.com/how-do-i-love-thee-shirt/>.


More information about the Koha mailing list