umbrel icon indicating copy to clipboard operation
umbrel copied to clipboard

Published 20 hours ago verified publisher icon getumbrel

Umbrel needs to support HTTPS (this is important)

Open mikropsoft opened this issue 1 year ago • 13 comments

I want to expose Umbrel to the external network, but when I do so with a domain that has an SSL certificate, I receive a warning similar to the one I mentioned in issue #1832.

Opening Umbrel on the external network via HTTP doesn’t inspire confidence. This support should be implemented urgently. I kindly ask all developers to take this into consideration.

mikropsoft avatar Aug 12 '24 09:08 mikropsoft

I agree, this is extremely important, but I don't know if it is easy to implement.

GuiSousa135 avatar Aug 15 '24 13:08 GuiSousa135

You’d have to wait on the Umbrel developers to decide whether they want to implement HTTPS support.

JoseMoranUrena523 avatar Aug 16 '24 20:08 JoseMoranUrena523

I agree, this is extremely important, but I don't know if it is easy to implement.

I assume what they'd have to do is use certbot to generate an SSL, and have whatever they use (say nginx) be able to use that SSL.

JoseMoranUrena523 avatar Aug 17 '24 14:08 JoseMoranUrena523

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

kennym avatar Aug 26 '24 15:08 kennym

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

I don't think its a major security issue with Tailscale, but still. What if you don't want to use Tailscale?

JoseMoranUrena523 avatar Aug 26 '24 15:08 JoseMoranUrena523

My contribution: https://r.je/guide-lets-encrypt-certificate-for-local-development

jjmmbb avatar Oct 02 '24 03:10 jjmmbb

I am still searching for solutions to make a way to run .local domains using SSL. I have found two different approaches using a very useful method to improve security on Umbrel.

https://smallstep.com/blog/private-acme-server/ - It's a private ACME SERVER that can easily run over Traefik.

jjmmbb avatar Oct 03 '24 04:10 jjmmbb

Nginx Proxy Manager is now available on the app store. You can use that to request SSL certificates and expose certain apps to the internet.

Edit: If you wish to encrypt communications in your local network, I have created a app for that. More Info here

sahilph avatar Oct 06 '24 09:10 sahilph

I decided not to create a new issue, I think the situation is similar to mine. The problem is that I need to put Umbrel on the network.

I've done this in several ways:

  • I expose port 80 and 443 from the router and set up a revert proxy with SSL certificate on the local 80 port
  • I set up a claudflaered tunnel with proxying to port 80 from outside the router.

In all cases I get the same error.

image

It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

LastSkywalkerER avatar Nov 16 '24 03:11 LastSkywalkerER

@LastSkywalkerER It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

Yes you are correct, the http is currently hardcoded, There is PR open which would fix this: #1841

Most likely, that PR will be merged in the next release. For now the workaround will be to manually add your domain to the file.

sahilph avatar Nov 17 '24 07:11 sahilph

@sahilph developed a module for httpsizer the Umbrel. My suggestion is that Umbrel add that module to core.

jjmmbb avatar Nov 17 '24 23:11 jjmmbb

Fix this now, this should be priority 1] on any of your to do lists.

Anynomouss avatar Apr 17 '25 07:04 Anynomouss

Fix this now, this should be priority 1] on any of your to do lists.

Since this is more of a company software, I don't think they will care much about it.

mikropsoft avatar Apr 23 '25 08:04 mikropsoft