<![CDATA[Support (optional) global HTTPS mutual TLS certificate-based authentication]]>It would be a good addition to the ingress handling on box to be able to optionally configure mutual TLS authentication for connections to the server. This would allow those of us who do use Cloudflare to enable Authenticated Origin Pulls, and would further allow others who perhaps would like to have a remotely located server only accessible to certain network(s) via a proxy/gateway to do so without the overhead and technically not recommended approach of a VPN connection to the box itself. Similarly, this relieves the need to depend on expensive private ingress solutions (generally also VPN-based) into otherwise inaccessible VPCs of most cloud providers.

This would necessarily have to only apply to the HTTP/S side of inbound traffic, I expect, which would be reasonable, since it is a rather specific protocol layering and I don't believe such a mechanism is necessary or supported for some of the other services that can be operated on a Cloudron installation. This may or may not also need to exclude the actual my.example.com management interface, also a fair compromise to my mind.

]]>https://forum.cloudron.io/topic/3826/support-optional-global-https-mutual-tls-certificate-based-authenticationRSS for NodeThu, 16 Apr 2026 04:44:10 GMTTue, 01 Dec 2020 14:35:06 GMT60<![CDATA[Reply to Support (optional) global HTTPS mutual TLS certificate-based authentication on Sat, 15 Jul 2023 21:23:06 GMT]]>I understand the use case might be a bit narrow, but for those who understand - that's an absolute killer.

]]>https://forum.cloudron.io/post/70297https://forum.cloudron.io/post/70297Sat, 15 Jul 2023 21:23:06 GMT<![CDATA[Reply to Support (optional) global HTTPS mutual TLS certificate-based authentication on Tue, 16 Feb 2021 14:47:45 GMT]]>Makes a lot of sense.

]]>https://forum.cloudron.io/post/25951https://forum.cloudron.io/post/25951Tue, 16 Feb 2021 14:47:45 GMT