Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS Support #546

Open
spencerbeggs opened this issue Feb 17, 2021 · 67 comments
Open

HTTPS Support #546

spencerbeggs opened this issue Feb 17, 2021 · 67 comments

Comments

@spencerbeggs
Copy link

Communicating with the node over HTTP on your local network seems dicey. Would you be interested in a pull request that would generate SSL certs locally and then allow you to download the root cert from the settings menu? I might be able to hack that together.

@lukechilds
Copy link
Member

lukechilds commented Feb 18, 2021

Thanks for the suggestion!

During beta, Umbrel makes the assumption that the local network is secure. This is pretty much the industry standard and how every consumer router or smart device that exposes a web interface work.

We agree this isn't really good enough as an industry standard. We think we have some clever ideas on how we can do secure communication out of the box for a stable release. However I think it's out of scope for the beta.

Secure communication over a local network is not an easy problem to solve. I don't think encouraging users to install root certs is a good idea. That should only be done by very technical users who know what they're doing and understand the implications. As an aside, if you're concerned your local network is not secure then anything malicious could inject a fake root cert when you download it over HTTP, and then compromise your entire browser/OS when you install the bad cert.

For now, if you're worried about plain text local network communication, I'd recommend accessing your Umbrel via the Tor hidden service which will ensure all data is encrypted in transit.

Checkout our security doc if you haven't already: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md

@tim-tx
Copy link

tim-tx commented Aug 6, 2021

I would vote to re-open this, not because of unencrypted data in the local network but because of unencrypted data leaving Tor. If I understand Tor correctly, then without HTTPS, traffic in Tor is only encrypted up to the exit node. No extra encryption exists between the exit node and the destination. There was a prominent attack on Tor traffic exploiting this in 2007. Without HTTPS, the exit node or some eavesdropper between the exit node and the destination could very easily read my Umbrel password. Likewise, if I use the Electrum server without HTTPS over Tor, my wallet information would be totally exposed between the exit node and the destination. Why not use a self-signed certificate, since I am both the user and the certificate creator?

@tim-tx
Copy link

tim-tx commented Aug 6, 2021

Ah, I found this is discussed in #190 and irrelevant since you don't ever exit to clearnet. Also see #686.

@djkazic
Copy link
Contributor

djkazic commented Aug 29, 2021

Hello, just wanted to chime in with my two cents. I've got good results in modifying my nginx.conf and using certbot + dns01 challenges to get SSL certs for use locally. My dns records just point at the private IP so nothing touches clearnet while getting that nice green checkmark in the browser

@BenGWeeks
Copy link

Adding my vote for this one. This is required to run BTCPayServer I believe.

@abradshaw
Copy link

Agreed, this really needs to be addressed

@BenGWeeks
Copy link

BenGWeeks commented Jan 12, 2022

The following instructions could be a useful resource (specific to BTCPayServer but presumably could be generalised):

Installing the NGINX reverse proxy with an SSL certificate for Umbrel / BTCPay Server

This uses certbot, not something I have come across before (I thought you had to pay for SSL certificates) and also requires dynamic DNS if you have no fixed IP.

I wonder if anyone knows of a [free] command-line service for dynamic DNS allocation in a similar fashion to certbot for SSL certificates. If so, this would presumably mean this could all be configured from an installation without much user configuration other than port forwarding on their router. Perhaps something like How to Install the Dynamic Update Client on Linux is part of the solution.

I would be very interested to see if this could be done.

@BenGWeeks
Copy link

Why was this closed?

@KayBeSee
Copy link
Contributor

Just noting that enabling access via HTTPS would allow browsers to access and use camera functionality.

See https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia

@marcelrv
Copy link

FYI issue you will have related to this topic: https://community.getumbrel.com/t/apps-remain-in-starting-but-actually-work-fine/6338/7

@jbrill
Copy link

jbrill commented Apr 9, 2022

All it takes is one Umbrel vuln to bring down half of the lightning network?

HTTPS integration needs to be the #1 priority for the Umbrel team at this point. As the network continues to scale, it is unacceptable to assume that everyone's local network should be secure, especially when that service communicates with the outside world.

@BenGWeeks
Copy link

Again, why was this closed?

@relativisticelectron
Copy link

Yes, why closed? An umbrel https connection would also be a benefit for specter, because it allows Notifications_API.

@i5hi
Copy link

i5hi commented May 29, 2022

This makes running a home node via Tor insecure. Self signed cert is fine for private use. Seems like a basic requirement.

@ghost
Copy link

ghost commented May 31, 2022

Besides that it insecure for Tor, Apple will soon block API calls (currently depreciated), making it impossible for apps like Zeus and others to connect to Umbrel over Tor. Currently, NSAllowsArbitraryLoads -> true is required to make the connection possible.

@yavko
Copy link

yavko commented Jun 14, 2022

HTTPS is required for some browser api's breaking some things in nextcloud, could this please be re-opened?

@artizzle
Copy link

HTTPS is required for some browser api's breaking some things in nextcloud, could this please be re-opened?

I want https because of nextcloud as well. With just the tor I can't use the nextcloud app.

@majikaz
Copy link

majikaz commented Jun 18, 2022

HTTPS SUPPORT ..AND SOME ?

Its a fine balance between Security/Usability/Functionality & initial Design purpose. Umbrel is primarily a Bitcoin Node which has morphed into a Personal OS/Server.

HTTPS is important as briefly highlighted by some of the comments above and vendor changes are coming which will break some of the methods used currently by some apps/users of this product. However, conversely we have to ask ourselves as a community what it is exactly that we want from Umbrel?

Do we want a Secure & Sandboxed BTC LN node env based around TOR and using Private Self-Signed SSL Certs (as-is now)
or
Do we want to have the functionality of a fully featured tech-stack with full blown operability over clearnet in an advanced form from where Umbrel has its abilities currently?

I am sure the Devs are thinking long and hard about the course of direction they are taking Umbrel. Its a Stellar project and have blown me away with their work..

Personally, I would like to be able to better see the abstracted layers more clearly through a Customisable UI where instead of using Hidden services and NGINX reverse/transparent proxies acting as the abstraction layer between the modular components which docker offers and change this to a thin middleware management layer with options on how we can route services or how we offer services to the public or remain private; A simple way to explain this would be to Imagine a customisable WAF (WebApp Firewall) kind of like a Pi-Hole but expended to manage routing of Apps/Protocols/Services/IP's of Umbrel apps and services where we can dictate what is exposed what is hidden.

Umbrel is in a good place now.. but I do think there is a very important area of conversation to be had around this topic, obviously as was mentioned above there are huge implications for the LN Network if any vulns were to strike Umbrel OS which is why due caution around this topic is important.

Maybe there is a middle ground between the competing needs of Umbrel/LN/Privacy Vs a Personal Server which has part-Publicly exposed services 'or' isolated public exposure over clearnet.

This topic should should remain open IMHO as its a crucial area of particular interest to Users and developers alike.

@lukechilds
Copy link
Member

Happy to re-open this issue to keep track of it.

Since there's been a lot of discussion here recently I'll link to the places this has been brought up before. If you're wondering why Umbrel doesn't yet support SSL, it's because it's not trivial to support SSL over the local network in a way that doesn't fail to actually prevent MITM attacks or introduce dangerous security footguns, you can read more on the reasons why in these previous discussions:

We definitely want to support this at some point, and we have some ideas to experiment with, but it’s not a simple fix and we want to devote some more time in the future to make sure whatever solution we implement overcomes the existing shortcomings of using SSL on the local network.

@lukechilds lukechilds reopened this Jun 21, 2022
@prologic
Copy link

prologic commented Aug 1, 2022

I just installed a test version of Umbrel and to my surprise I also discovered that the default configuration is insecure:

root@umbrel:~# ss -tapn | grep LISTEN
LISTEN   0         4096                0.0.0.0:80               0.0.0.0:*        users:(("docker-proxy",pid=49619,fd=4))

This effectively means ingress traffic from "anywhere" to Umbrel can be sniffed.

Assuming the "local" network is "secure" is foolish and just plain wrong.

At a minimum adding Let's Encrypt support would be the easiest way to fix this.

@banneord-puzzle
Copy link

Umbrel without SSL is a toy. I just started to test this software stack and already want to move to other solutions because it's incomprehensible to me, how can Umbrel be a serious proposition for a Bitcoin/LN node without proper encryption.

The assumption about safe network is just plain wrong. The tale about unsolvable problem of MITM on local networks is preposterous. If Umbrel image has to be written to SD card then it's a no brainer to generate/add certs at this point to the card as well.

As mentioned by @jbrill - all it takes to bring down Umbrel is one exploit that can be automated and as Cave Johnson said it - "We're done here". Lack of SSL and no seed-based-non-default-passwords is IMHO simply reckless.

@ghost
Copy link

ghost commented Nov 5, 2022

Add SSL, without this, nobody can use umbrel in production purposes, and TOR is not convient for speed and specific browser requirement.
Take care about security is most important that you need to do!

@ghost
Copy link

ghost commented Nov 5, 2022

i able to fix problem using https://github.com/suyashkumar/ssl-proxy

@marcelrv
Copy link

marcelrv commented Nov 6, 2022

I indeed use something similar but ,based on nginx.
What would be a super add-on is a way to create a nginx config file with all the proper ports and forwards defined (e.g based on the .env file)

@yavko
Copy link

yavko commented Nov 6, 2022

There should be a gui for this kinda like the nextcloud cli tool for adding ssl/tls

@tlindi
Copy link
Contributor

tlindi commented Dec 7, 2022

There's a nice proposal for fixing this:

https://makers.bolt.fun/story/easy-switch-tor-clearnet-for-bundle-nodes--155

@ztnewman
Copy link

ztnewman commented Sep 9, 2023

Why not just include a self signed cert by default?

@Cazza9
Copy link

Cazza9 commented Oct 15, 2023

for self hosting you need https

@ghost
Copy link

ghost commented Nov 17, 2023

Still no updates on this?

@lorenzyannick
Copy link

lorenzyannick commented Nov 19, 2023

Maybe umbrel can implement traefik ( https://doc.traefik.io/traefik/ )
With auto-discover. So you can add labels variables in docker to enable proxy with HTTPS over each apps

a good start can be adding labels in docker files like :

labels:
      traefik.enable: true
      traefik.http.routers.<service_name>.rule: Host(`${IP_OR_DOMAIN_NAME}`) # Host requested should be IP_OR_DOMAIN_NAME
      traefik.http.routers.<service_name>.entrypoints: http # maybe use https here ?
      traefik.http.routers.<service_name>.service: ${CONTAINER_NAME}
      traefik.http.services.<service_name>.loadBalancer.server.port: 80 # Request redirect to that port of host : maybe use 443 here...

See :

@RuneStone0
Copy link

+1 please find a solution for this! Looks like there are several good suggestions how to resolve this already (example)

@emileond
Copy link

emileond commented Jan 2, 2024

+1 we need HTTPS

1 similar comment
@Subseedshiva
Copy link

+1 we need HTTPS

@TWP80
Copy link

TWP80 commented Mar 28, 2024

i need https connection for btcpay server connect to woocommers any idea how can i do this.

@guttermonk
Copy link

i need https connection for btcpay server connect to woocommers any idea how can i do this.

You can either wait for this issue to be closed (and it's been open since 2021), or you could get an Embassy from Start9.

@tlindi
Copy link
Contributor

tlindi commented Mar 30, 2024 via email

@rhubbard-nwf
Copy link

It's concerning that the devs believe the "local net" should be trusted, and so SSL is not a SUPER HIGH PRIORITY... I can't run LND in any form of production without proper security, local net included/especially. The security rule is simple... NOTHING IS TRUSTED. Trustless networking IS the industry standard now, and has been for 2+ years...

I really hope this issue gets resolved. This is reckless.

@highghlow
Copy link
Contributor

+1

@ljacho
Copy link

ljacho commented May 9, 2024

+1

@jpl-btc
Copy link

jpl-btc commented May 23, 2024

+1 just implement https the whole world is asking for it and needing it.

@t0m7
Copy link

t0m7 commented Jun 2, 2024

+1

@CelestialV31L
Copy link

+1 please

@dinkelk
Copy link

dinkelk commented Jul 23, 2024

+1

@SqueakyBed
Copy link

+1³x24ⁿ

@DavidGarciaCat
Copy link

DavidGarciaCat commented Aug 4, 2024

I just wanted to add two small tips for this thread:

  • one option to "expedite" the HTTPS support is to install the CloudFlare Tunnel app from the Umbrel App Store, and then create a tunnel for that

    • as part of the local LAN, you will keep an insecure connection if you target the device IP address or the device name
    • but you can "by-pass" that insecure connection by using the CloudFlare Tunnel DNS you have created
  • another point is that HTTPS seems a must-have if we want to enable TOR access to the Umbrel device

    • I have just tested it, and the ONION domain is accessible over HTTP instead of HTTPS
    • in a case like this, the CloudFlare Tunnel won't solve the problem
    • and there is no need to use a valid certificate (so lets encrypt can be a good option for that)

@sahilph
Copy link

sahilph commented Aug 5, 2024

I have created Nginx Proxy Manager App for Umbrel, available on my community App Store. I have also created a pull request #1296 to add it in Umrel App Store.

While this may not solve all the security issues discussed, it can help to access certain apps that require HTTPS

EDIT: This app is now available on the Official App Store As well.

@yevmoroz
Copy link

yevmoroz commented Sep 19, 2024

end up doing tailscale serve --bg --https=0000 0000 by exposing selected services that need https

@jjmmbb
Copy link

jjmmbb commented Oct 2, 2024

3 years and nothing to support HTTPS...

@sahilph
Copy link

sahilph commented Oct 6, 2024

Hello All,

I have created a app called "Umbrel HTTPSizer". This app allows you to secure your umbrel in you local network using a self-signed HTTPS Certificates.

This app can be installed from my Community App store

After Installation, a "First Run" page will be displayed with instructions on what to do next. It also has instructions on how to trust the generated root CA certificate so that you will not get errors on your browser. More info available in the wiki

I have tested this on Umbrel v1.2.2.

Source for app

@wh0am1-dev
Copy link

wh0am1-dev commented Oct 17, 2024

@sahilph, I've been unable to properly expose apps through Nginx Proxy Manager. Not even using HTTP, so configuring HTTPS is completely out of reach for me.

Steps I followed:

Let's say my domain is example.com.

  • Pointed my domain root (@ A record) to my public IP
  • Pointed all subdomains (* A record) to my public IP
  • Forwarded external port 80 (HTTP) to Umbrel's port 40080 (NPM HTTP port exposed through app_proxy)
  • Forwarded external port 443 (HTTPS) to Umbrel's port 40443 (NPM HTTPS port exposed through app_proxy)
  • Created a Proxy Host in NPM to forward subdomain up.example.com to http://umbrel.local:8385 (Uptime Kuma), SSL deactivated
  • When trying to access up.example.com I get redirected to Umbrel's auth interceptor up.example.com:2000
  • As this wasn't even loading, I tried forwarding external port 2000 to Umbrel's port 2000
  • Then, Umbrel's auth interceptor loaded, but when typing the password and hitting enter, that page doesn't do anything (checked out the browser's network tab in devtools and there were a bunch of errored requests...)

I also read through NPM app submission PR comments and saw Umbrel devs and @sahilph talking about using different hosts for Proxy Hosts inside NPM instead of umbrel.local: app docker container name, uptime-kuma_server_1, or internal Umbrel's gateway IP, 10.21.0.1... but none of those work either.

Also tried routing to apps using paths instead of subdomains, eg. example.com/up, because I thought that maybe the auth interceptor stores whatever token linked only to the specific domain you do login, and not its subdomains, but that breaks loading assets within some apps, because they use absolute paths...

I tried everything I could come up with, honestly. Today I'll give it another round of tries to see if I missed anything, but I've already spent hours trying to set this up properly to no luck.

I'm really stuck with this and Umbrel supporting HTTPS by default would be more than ideal, I'd say even necessary! @mayankchhabra @lukechilds @nmfretz

@sahilph
Copy link

sahilph commented Oct 17, 2024

@wh0am1-dev Nginx Proxy manager is ideally meant to be used for apps that have their own authentication and are not protected by Umbrel's auth server (Like Jellyfin, Plex, etc ).

It is not currently possible to use NPM with Umbrel's auth server. So if you want to use NPM for apps which are protected by auth server, you will have to bypass the auth server and by pointing NPM to the app's internal hostname/ip and internal port.

⚠️ Bypassing the auth server will make the app accessible to anyone. Hence, it recommended to use the NPM "Access Lists" and setup Username/Password for that app. ⚠️

I also read through NPM app submission PR comments and saw Umbrel devs and @sahilph talking about using different hosts for Proxy Hosts inside NPM instead of umbrel.local: app docker container name, uptime-kuma_server_1, or internal Umbrel's gateway IP, 10.21.0.1... but none of those work either.

You almost got that right, but instead of gateway IP, you will have the app's internal hostname/ip and internal port.

In your case, for uptime kuma:
internal hostname: uptime-kuma_server_1
internal port: 3001

Created a Proxy Host in NPM to forward subdomain up.example.com to http://umbrel.local:8385 (Uptime Kuma), SSL deactivated

So basically you will have to change it to http://uptime-kuma_server_1:3001

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests