Gonna add some notes while I'm here.
I am using Nginx to forward a pretty domain over the CUPS IP/port.
This site here (not related to me) made it click.
Anyway in my nginx config I have a location block like this:
location /printers {
// this is the info that came from the site mentioned
proxy_pass http://localhost:631;
proxy_set_header Host "127.0.0.1";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
}
I generated my cert with Lets Encrypt, goes to same folder as mentioned by SchiWaGoA
I used symlink instead of cat as I had permission problems eg:
ln -s /lets-encrypt-path/fullchain.pem /cups-ssl-path/server.crt (same as above)
cupds.conf
I have Listen localhost:631 on
<Location />
Order allow, deny
Allow from @LOCAL
</Location>
At the bottom of this file I added the encryption stuff as mine didn't have it
DefaultEncryption Required
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
And that's it, was able to add the printer on my Windows 10 client using shared hostname url with the https://example.com/printers/printer-name url scheme and then MS PS driver.
Note. I'm not 100% on the <Location /> block so check if it suits your needs.
Will add atm I'm noticing the server keeps going down, unlike my previous non https CUPS, odd.
Looks like you need to add this line to cupsd.conf
ServerAlias *
One of my problems anyway, will monitor to see if it improves.
Seems to have improved after I restarted, will report back if I discover some specific reason it was going down often. The non-https one has been up for months.
I ended up modifying the systemd file
Restart=always
RestartSec=3
Also the cert lines are supposed to go in cups-files.conf instead of cupsd.conf according to the debug logs of cups. Not a problem now but will be in the future.
