Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Umbrel needs to support HTTPS (this is important) #1895

Open
mikropsoft opened this issue Aug 12, 2024 · 11 comments
Open

Umbrel needs to support HTTPS (this is important) #1895

mikropsoft opened this issue Aug 12, 2024 · 11 comments

Comments

@mikropsoft
Copy link

I want to expose Umbrel to the external network, but when I do so with a domain that has an SSL certificate, I receive a warning similar to the one I mentioned in issue #1832.

Opening Umbrel on the external network via HTTP doesn’t inspire confidence. This support should be implemented urgently. I kindly ask all developers to take this into consideration.

@GuiSousa135
Copy link

I agree, this is extremely important, but I don't know if it is easy to implement.

@JoseMoranUrena523
Copy link

You’d have to wait on the Umbrel developers to decide whether they want to implement HTTPS support.

@JoseMoranUrena523
Copy link

I agree, this is extremely important, but I don't know if it is easy to implement.

I assume what they'd have to do is use certbot to generate an SSL, and have whatever they use (say nginx) be able to use that SSL.

@kennym
Copy link

kennym commented Aug 26, 2024

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

@JoseMoranUrena523
Copy link

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

I don't think its a major security issue with Tailscale, but still. What if you don't want to use Tailscale?

@jjmmbb
Copy link

jjmmbb commented Oct 2, 2024

@jjmmbb
Copy link

jjmmbb commented Oct 3, 2024

I am still searching for solutions to make a way to run .local domains using SSL. I have found two different approaches using a very useful method to improve security on Umbrel.

https://smallstep.com/blog/private-acme-server/ - It's a private ACME SERVER that can easily run over Traefik.

@sahilph
Copy link

sahilph commented Oct 6, 2024

Nginx Proxy Manager is now available on the app store. You can use that to request SSL certificates and expose certain apps to the internet.

Edit: If you wish to encrypt communications in your local network, I have created a app for that. More Info here

@LastSkywalkerER
Copy link

I decided not to create a new issue, I think the situation is similar to mine. The problem is that I need to put Umbrel on the network.

I've done this in several ways:

  • I expose port 80 and 443 from the router and set up a revert proxy with SSL certificate on the local 80 port
  • I set up a claudflaered tunnel with proxying to port 80 from outside the router.

In all cases I get the same error.

image

It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

@sahilph
Copy link

sahilph commented Nov 17, 2024

@LastSkywalkerER It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

Yes you are correct, the http is currently hardcoded, There is PR open which would fix this: #1841

Most likely, that PR will be merged in the next release. For now the workaround will be to manually add your domain to the file.

@jjmmbb
Copy link

jjmmbb commented Nov 17, 2024

@sahilph developed a module for httpsizer the Umbrel. My suggestion is that Umbrel add that module to core.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants