Yacht
Yacht copied to clipboard
SelfhostedPro
[Feature Request] SSL integration
Is there a benefit over using a reverse proxy in front of yacht?
With traefik or nginx proxy manager it is easy to get SSL with Let's encrypt including automatic certificate renewal.
This way, you can easily host multiple services on one IP and with traefik you can add middlewares like black- and whitelists or basic authentication to protect specific services.
Please support self-sign ssl like many Project (exaple Openmediavault Portainer OpenWRT Cisco-web-config etc.) Why ? First you should question yourself why many project do that ?!
Please support self-sign ssl like many Project (exaple Openmediavault Portainer OpenWRT Cisco-web-config etc.) Why ? First you should question yourself why many project do that ?!
All of those projects have a lot of people working on them. Yacht is just me. It’s possible to do a self signed cert but it’s not high on the priorities. For now a reverse proxy is the recommended way.
May I add that adding SSL support directly into Yacht, especially when supporting something like Let's encrypt might trick people into feeling secure enough to expose a service directly to the internet. Exposing an administrational web interface this powerful without adding second factor authentication or at least an IP-Blacklist / Whitelist approach is a security concern. It is generally advised to use a VPN or reverse proxy with an appropriate security configuration to access administrative services. Anyway, if you really want to do this, you can. So why trying to re-invent the wheel?
I even forgot about this request and what i was doing at the time. Because it is a feature request i did leave it there. Yeah vpn with reverse proxy is the way to go. I use it with wireguard and traefik. On my part we can even close this issue.