Gruxi Web Server

Appearance

TLS Settings

Gruxi lets you configure TLS settings per site so you can serve content over HTTPS. You can provide your own certificates or use automatic TLS with Let's Encrypt.

When configuring TLS settings, choose whether to provide certificate files or enable automatic TLS.

If you provide your own certificates, specify file paths to the certificate and private key, or paste the certificate and key directly into the configuration. This gives you full control over which certificates are used.

If you enable automatic TLS, Gruxi obtains and renews certificates from Let's Encrypt for you. This is a convenient option if you want HTTPS without managing certificates manually.

Requirements for Automatic TLS with Let's Encrypt

When using automatic TLS with Let's Encrypt, make sure the site is reachable from the internet on its configured hostnames and that the required firewall ports are open. This allows Let's Encrypt to verify domain ownership and issue certificates.

Configuration fields

The TLS settings section includes the following fields:

Enable Automatic TLS Certificates

Enable this option to let Gruxi automatically obtain and renew TLS certificates from Let's Encrypt for the site.

Force TLS

Enable this option to redirect all HTTP requests to HTTPS.

Force TLS Port

If Force TLS is enabled, specify the port used for the HTTPS redirect. The default is 443, which is recommended in most cases.

Certificate File Path

If you are providing your own TLS certificates, specify the file path to the certificate file here. This can be a full path on the server or a filename located inside the BASE PATH shown for the field.

Private Key File Path

If you are providing your own TLS certificates, specify the file path to the private key file here. This can be a full path on the server or a filename located inside the BASE PATH shown for the field.

Certificate Content (PEM format)

If you prefer to provide the TLS certificate directly in the configuration, paste the certificate content in PEM format here. This should include the full certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

Private Key Content (PEM format)

If you prefer to provide the TLS private key directly in the configuration, paste the private key content in PEM format here. This should include the full private key, including the -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- lines.