[FEATURE REQUEST] Add support for https

[ykhemani]

Motivation
Allow secure (https) communication for the web interface to lldap so that communication between the browser and lldap isn't in plaintext.

Describe the solution you'd like

• Add support for environment variable to add enable https (LLDAP_HTTPS_OPTIONS__ENABLED). Default to false. Set to true to enable https.
• Add support for environment variable to set https private key file (LLDAP_HTTPS_OPTIONS__KEY_FILE).
• Add support for environment variable to set https cert file ( LLDAP_HTTPS_OPTIONS__CERT_FILE). Can contain just the certificate or the cert and cert chain.
• Add support for environment variable to set https CA cert file ( LLDAP_HTTPS_OPTIONS__CA_CERT_FILE). Can contain the CA cert.

Describe alternatives you've considered
You could use a reverse proxy and have it terminate TLS. The connection from the reverse proxy to lldap would still be clear text, of course.

[nitnelave]

Reverse proxy is the recommended setup. Is there any reason that doesn't work for you?

[ykhemani]

Reverse proxy is the recommended setup. Is there any reason that doesn't work for you?

Indeed, it can work. Having this allows you to have end-to-end encryption without another layer.

[nitnelave]

Alright, since we have a working solution, I'm not going to fix it myself. If someone wants to come and implement it, be my guest.

[fsdrw08]

Any updates for this request?

[nitnelave]

Any updates for this request?

See the message above: I'm not going to work on that, but I'll accept contributions.

Note that a reverse proxy that provides HTTPS to the external world but HTTP inside the host is often more than enough.