On May 13, 2017, at 6:50 AM, Richard Hipp <d...@sqlite.org> wrote:
> Are you running the commands above as root?

…and if so, I would guess the only reason you’re running it as root is so that 
it can listen on port 80, in which case I *strongly* encourage you to bind 
Fossil to localhost on a high-numbered random port and put a proxy in front of 
it, ideally configured for TLS.

That way, not only do you fix the /dev access problems, you bypass or wall off 
a whole pile of security problems.

I wrote up a guide to do that [1] about a year ago, at which time Let’s Encrypt 
on nginx required manual certificate updating.  I should probably rewrite that 
guide now that the automatic update stuff is sorted out in certbot.

The bulk of that guide won’t be substantially different, though, so if you can 
work out the differences on your own, it’ll probably still be helpful to you 


fossil-users mailing list

Reply via email to