I use mTLS on my domain that has external services on it. Joplin is on this domain and as such, I am unable to connect to it when not local now since adding mTLS.
Adding mTLS support would make it possible to sync at anytime from anywhere. Paperless-ngx supports this and has been a huge help in this regard. Please consider adding this. Many thanks.
Bueller? Buellerr?
im surprised more people wouldn't want this
You can use just normal TLS for authentication on the Subdomain for Joplin.
server {
listen 443 ssl;
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server.key;
# for mTLS
location /secure-api {
ssl_verify_client on;
ssl_client_certificate /path/to/ca.crt;
}
# for normal TLS
location /public-api {
ssl_verify_client off;
}
}
The ssl_verify_client off; in the location block does the magic.
Thanks for the reply.
I have the domain wildcarded for mTLS via CF. This would not be a workable option for me. Unless Joplin adds a way to use certs in the mobile app, this is not something I would be able to bypass. And I wouldn't want to bypass it either as it makes the whole point of going through the trouble of setting up security moot.
Anyway, all good. The devs will either add it or they won't. There is no shortage of options for note taking apps and I have already moved to something else. Especially after combing the forums and github and seeing most requests for adding security basically ignored.
+1 . Would be a very welcome feature for security conscious users.
TLS checks happen before it can even distinguish paths, so I don't think this works. Using it server-side is not a problem, most reverse proxies support it. But then you need to use it for the whole subdomain, which also means in case of Joplin, that it needs to be supported by the Joplin client software.
Unfortunately many services don't support it. Would you mind telling me which service supports mTLS?