-
Notifications
You must be signed in to change notification settings - Fork 554
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTPS Support #546
Comments
Thanks for the suggestion! During beta, Umbrel makes the assumption that the local network is secure. This is pretty much the industry standard and how every consumer router or smart device that exposes a web interface work. We agree this isn't really good enough as an industry standard. We think we have some clever ideas on how we can do secure communication out of the box for a stable release. However I think it's out of scope for the beta. Secure communication over a local network is not an easy problem to solve. I don't think encouraging users to install root certs is a good idea. That should only be done by very technical users who know what they're doing and understand the implications. As an aside, if you're concerned your local network is not secure then anything malicious could inject a fake root cert when you download it over HTTP, and then compromise your entire browser/OS when you install the bad cert. For now, if you're worried about plain text local network communication, I'd recommend accessing your Umbrel via the Tor hidden service which will ensure all data is encrypted in transit. Checkout our security doc if you haven't already: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md |
I would vote to re-open this, not because of unencrypted data in the local network but because of unencrypted data leaving Tor. If I understand Tor correctly, then without HTTPS, traffic in Tor is only encrypted up to the exit node. No extra encryption exists between the exit node and the destination. There was a prominent attack on Tor traffic exploiting this in 2007. Without HTTPS, the exit node or some eavesdropper between the exit node and the destination could very easily read my Umbrel password. Likewise, if I use the Electrum server without HTTPS over Tor, my wallet information would be totally exposed between the exit node and the destination. Why not use a self-signed certificate, since I am both the user and the certificate creator? |
Hello, just wanted to chime in with my two cents. I've got good results in modifying my nginx.conf and using certbot + dns01 challenges to get SSL certs for use locally. My dns records just point at the private IP so nothing touches clearnet while getting that nice green checkmark in the browser |
Adding my vote for this one. This is required to run BTCPayServer I believe. |
Agreed, this really needs to be addressed |
The following instructions could be a useful resource (specific to BTCPayServer but presumably could be generalised): Installing the NGINX reverse proxy with an SSL certificate for Umbrel / BTCPay Server This uses certbot, not something I have come across before (I thought you had to pay for SSL certificates) and also requires dynamic DNS if you have no fixed IP. I wonder if anyone knows of a [free] command-line service for dynamic DNS allocation in a similar fashion to certbot for SSL certificates. If so, this would presumably mean this could all be configured from an installation without much user configuration other than port forwarding on their router. Perhaps something like How to Install the Dynamic Update Client on Linux is part of the solution. I would be very interested to see if this could be done. |
Why was this closed? |
Just noting that enabling access via HTTPS would allow browsers to access and use camera functionality. See https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia |
FYI issue you will have related to this topic: https://community.getumbrel.com/t/apps-remain-in-starting-but-actually-work-fine/6338/7 |
All it takes is one Umbrel vuln to bring down half of the lightning network? HTTPS integration needs to be the #1 priority for the Umbrel team at this point. As the network continues to scale, it is unacceptable to assume that everyone's local network should be secure, especially when that service communicates with the outside world. |
Again, why was this closed? |
Yes, why closed? An umbrel https connection would also be a benefit for specter, because it allows Notifications_API. |
This makes running a home node via Tor insecure. Self signed cert is fine for private use. Seems like a basic requirement. |
Besides that it insecure for Tor, Apple will soon block API calls (currently depreciated), making it impossible for apps like Zeus and others to connect to Umbrel over Tor. Currently, NSAllowsArbitraryLoads -> true is required to make the connection possible. |
HTTPS is required for some browser api's breaking some things in nextcloud, could this please be re-opened? |
I want https because of nextcloud as well. With just the tor I can't use the nextcloud app. |
HTTPS SUPPORT ..AND SOME ?Its a fine balance between Security/Usability/Functionality & initial Design purpose. Umbrel is primarily a Bitcoin Node which has morphed into a Personal OS/Server. HTTPS is important as briefly highlighted by some of the comments above and vendor changes are coming which will break some of the methods used currently by some apps/users of this product. However, conversely we have to ask ourselves as a community what it is exactly that we want from Umbrel? Do we want a Secure & Sandboxed BTC LN node env based around TOR and using Private Self-Signed SSL Certs (as-is now) I am sure the Devs are thinking long and hard about the course of direction they are taking Umbrel. Its a Stellar project and have blown me away with their work.. Personally, I would like to be able to better see the abstracted layers more clearly through a Customisable UI where instead of using Hidden services and NGINX reverse/transparent proxies acting as the abstraction layer between the modular components which docker offers and change this to a thin middleware management layer with options on how we can route services or how we offer services to the public or remain private; A simple way to explain this would be to Imagine a customisable WAF (WebApp Firewall) kind of like a Pi-Hole but expended to manage routing of Apps/Protocols/Services/IP's of Umbrel apps and services where we can dictate what is exposed what is hidden. Umbrel is in a good place now.. but I do think there is a very important area of conversation to be had around this topic, obviously as was mentioned above there are huge implications for the LN Network if any vulns were to strike Umbrel OS which is why due caution around this topic is important. Maybe there is a middle ground between the competing needs of Umbrel/LN/Privacy Vs a Personal Server which has part-Publicly exposed services 'or' isolated public exposure over clearnet. This topic should should remain open IMHO as its a crucial area of particular interest to Users and developers alike. |
Happy to re-open this issue to keep track of it. Since there's been a lot of discussion here recently I'll link to the places this has been brought up before. If you're wondering why Umbrel doesn't yet support SSL, it's because it's not trivial to support SSL over the local network in a way that doesn't fail to actually prevent MITM attacks or introduce dangerous security footguns, you can read more on the reasons why in these previous discussions:
We definitely want to support this at some point, and we have some ideas to experiment with, but it’s not a simple fix and we want to devote some more time in the future to make sure whatever solution we implement overcomes the existing shortcomings of using SSL on the local network. |
I just installed a test version of Umbrel and to my surprise I also discovered that the default configuration is insecure:
This effectively means ingress traffic from "anywhere" to Umbrel can be sniffed. Assuming the "local" network is "secure" is foolish and just plain wrong. At a minimum adding Let's Encrypt support would be the easiest way to fix this. |
Umbrel without SSL is a toy. I just started to test this software stack and already want to move to other solutions because it's incomprehensible to me, how can Umbrel be a serious proposition for a Bitcoin/LN node without proper encryption. The assumption about safe network is just plain wrong. The tale about unsolvable problem of MITM on local networks is preposterous. If Umbrel image has to be written to SD card then it's a no brainer to generate/add certs at this point to the card as well. As mentioned by @jbrill - all it takes to bring down Umbrel is one exploit that can be automated and as Cave Johnson said it - "We're done here". Lack of SSL and no seed-based-non-default-passwords is IMHO simply reckless. |
Add SSL, without this, nobody can use umbrel in production purposes, and TOR is not convient for speed and specific browser requirement. |
i able to fix problem using https://github.com/suyashkumar/ssl-proxy |
I indeed use something similar but ,based on nginx. |
There should be a gui for this kinda like the nextcloud cli tool for adding ssl/tls |
There's a nice proposal for fixing this: https://makers.bolt.fun/story/easy-switch-tor-clearnet-for-bundle-nodes--155 |
Why not just include a self signed cert by default? |
for self hosting you need https |
Still no updates on this? |
Maybe umbrel can implement traefik ( https://doc.traefik.io/traefik/ ) a good start can be adding labels in docker files like :
See : |
+1 please find a solution for this! Looks like there are several good suggestions how to resolve this already (example) |
+1 we need HTTPS |
1 similar comment
+1 we need HTTPS |
i need https connection for btcpay server connect to woocommers any idea how can i do this. |
You can either wait for this issue to be closed (and it's been open since 2021), or you could get an Embassy from Start9. |
Also MyNodeBTC Premium (some ~$99) works too,
From: guttermonk ***@***.***>
Sent: perjantai 29. maaliskuuta 2024 2.05
To: getumbrel/umbrel ***@***.***>
Cc: Tomi Lind ***@***.***>; Comment ***@***.***>
Subject: Re: [getumbrel/umbrel] HTTPS Support (#546)
i need https connection for btcpay server connect to woocommers any idea how can i do this.
You can either wait for this issue to be closed (and it's been open since 2021), or you could get an Embassy from Start9.
—
Reply to this email directly, view it on GitHub<#546 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABXJ6ZZMFCIW32JT4DFVLKDY2SV4NAVCNFSM4XY4M6RKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMBSGYZTIOJTGQZQ>.
You are receiving this because you commented.Message ID: ***@***.******@***.***>>
|
It's concerning that the devs believe the "local net" should be trusted, and so SSL is not a SUPER HIGH PRIORITY... I can't run LND in any form of production without proper security, local net included/especially. The security rule is simple... NOTHING IS TRUSTED. Trustless networking IS the industry standard now, and has been for 2+ years... I really hope this issue gets resolved. This is reckless. |
+1 |
+1 |
+1 just implement https the whole world is asking for it and needing it. |
+1 |
+1 please |
+1 |
+1³x24ⁿ |
I just wanted to add two small tips for this thread:
|
I have created Nginx Proxy Manager App for Umbrel, available on my community App Store. I have also created a pull request #1296 to add it in Umrel App Store. While this may not solve all the security issues discussed, it can help to access certain apps that require HTTPS EDIT: This app is now available on the Official App Store As well. |
end up doing |
3 years and nothing to support HTTPS... |
Hello All, I have created a app called "Umbrel HTTPSizer". This app allows you to secure your umbrel in you local network using a self-signed HTTPS Certificates. This app can be installed from my Community App store After Installation, a "First Run" page will be displayed with instructions on what to do next. It also has instructions on how to trust the generated root CA certificate so that you will not get errors on your browser. More info available in the wiki I have tested this on Umbrel v1.2.2. |
@sahilph, I've been unable to properly expose apps through Nginx Proxy Manager. Not even using HTTP, so configuring HTTPS is completely out of reach for me. Steps I followed:Let's say my domain is
I also read through NPM app submission PR comments and saw Umbrel devs and @sahilph talking about using different hosts for Proxy Hosts inside NPM instead of Also tried routing to apps using paths instead of subdomains, eg. I tried everything I could come up with, honestly. Today I'll give it another round of tries to see if I missed anything, but I've already spent hours trying to set this up properly to no luck. I'm really stuck with this and Umbrel supporting HTTPS by default would be more than ideal, I'd say even necessary! @mayankchhabra @lukechilds @nmfretz |
@wh0am1-dev Nginx Proxy manager is ideally meant to be used for apps that have their own authentication and are not protected by Umbrel's auth server (Like Jellyfin, Plex, etc ). It is not currently possible to use NPM with Umbrel's auth server. So if you want to use NPM for apps which are protected by auth server, you will have to bypass the auth server and by pointing NPM to the app's internal hostname/ip and internal port.
You almost got that right, but instead of gateway IP, you will have the app's internal hostname/ip and internal port. In your case, for uptime kuma:
So basically you will have to change it to http://uptime-kuma_server_1:3001 |
Communicating with the node over HTTP on your local network seems dicey. Would you be interested in a pull request that would generate SSL certs locally and then allow you to download the root cert from the settings menu? I might be able to hack that together.
The text was updated successfully, but these errors were encountered: