This is typically accomplished by putting Stash behind a reverse proxy, such as Nginx or Caddy. Stash can also serve SSL directly. To use the built-in SSL:
-
First you must generate a SSL certificate and key combo.
Example using OpenSSL
openssl req -x509 -newkey rsa:4096 -sha256 -days 7300 -nodes -keyout stash.key -out stash.crt -extensions san -config <(echo "[req]"; echo distinguished_name=req; echo "[san]"; echo subjectAltName=DNS:stash.server,IP:127.0.0.1) -subj /CN=stash.serverThis command would need customizing for your environment. This link might be useful.
-
stash.crtandstash.keyand place them in the same directory as theconfig.ymlfile, or the~/.stashdirectory. Stash detects these and starts up using HTTPS rather than HTTP.