[ISSUE] 😳 I'm totally naked! How to turn on HTTPS?

[vzool]

😳 I'm totally naked! How to turn on HTTPS?

[vzool]

[satonotdead]

Did you figured it out? You can access to the system using SSH and secure things by yourself.

I will like to expose some of my services to internet but I suspect that Umbrel would overwrite my implementations on the server on every update. I'm trying some things because there is almost no documentation related.

Security and privacy aren't the ethos behind the project that want to sell hardware, good UI and scalate fast.

[githubber]

How did you even get the domain connected? Did you install nginx separate from the Umbrel and then use it as a reverse proxy??

[N0deArm0r]

Has anyone tried this solution yet? Enabling HTTPS with Let's Encrypt on Docker: https://medium.com/bros/enabling-https-with-lets-encrypt-over-docker-9cad06bdb82b

[satonotdead]

Moved out.

[d4n74]

Do not manage your umbrel node in clearnet, it has no SSL protection. Don't open ports 80 and 443. Instead, always use Tor onion addresses for each Umbrel apps to mange your node.

It's slower but the flows remains encrypted and does not go out via an exit node.
Think about running a tor relay node (if you can) the more tor relay nodes on the Internet, the faster it will become.

Here's a recipe to install tor using docker on Ubuntu 22.04: https://blog.dftorres.ca/?p=2354

[zigazajc007]

Do not manage your umbrel node in clearnet, it has no SSL protection. Don't open ports 80 and 443. Instead, always use Tor onion addresses for each Umbrel apps to mange your node.

I would agree with this, but it could be with ease solved by just adding support for SSL. Maybe in umbrel settings there should be a field to add your domain and Umbrel will auto install SSL cert for it and also regularly renew it.

It's slower but the flows remains encrypted and does not go out via an exit node. Think about running a tor relay node (if you can) the more tor relay nodes on the Internet, the faster it will become.

Here's a recipe to install tor using docker on Ubuntu 22.04: https://blog.dftorres.ca/?p=2354

If you have a bad internet connection, it could make it even slower for people / other nodes connected to your node. As your node will be the bottleneck.

• Most self-hosters are also afraid of hosting an exit node.

[nghialele]

I have the same questions as OP.

I understand the concept of Umbrel and connecting with secure SSH or on home LAN is secured.

But I wonder if there is anyway to install SSL for some apps in the node, which I want to share public (to friends/colleague/..).

A specific app I want to mention here is Nextcloud, where I can share my files.

[IMPranshu]

You can use Tailscale to restrict access to specific devices.

[Nezteb]

Another option is to put Umbrel behind something like https://github.com/oauth2-proxy/oauth2-proxy or https://github.com/nosduco/nforwardauth.

[Monikaya]

Do not manage your umbrel node in clearnet, it has no SSL protection. Don't open ports 80 and 443. Instead, always use Tor onion addresses for each Umbrel apps to mange your node.

It's slower but the flows remains encrypted and does not go out via an exit node. Think about running a tor relay node (if you can) the more tor relay nodes on the Internet, the faster it will become.

Here's a recipe to install tor using docker on Ubuntu 22.04: https://blog.dftorres.ca/?p=2354

For people that want to provide friends/family access to something like jellyfin/plex/emby in a secure way tor is not viable as, well, it's much too slow for any sort of content streaming.

[jjmmbb]

My contribution: https://r.je/guide-lets-encrypt-certificate-for-local-development

[sahilph]

I created a new app for securing in your local network, Umbrel via HTTPS. More info here

Also, if you need to expose certain apps to the internet, use Nginx Proxy Manager which is available in official app store.