umbrel
umbrel copied to clipboard
getumbrel
HTTPS Support
Communicating with the node over HTTP on your local network seems dicey. Would you be interested in a pull request that would generate SSL certs locally and then allow you to download the root cert from the settings menu? I might be able to hack that together.
Thanks for the suggestion!
During beta, Umbrel makes the assumption that the local network is secure. This is pretty much the industry standard and how every consumer router or smart device that exposes a web interface work.
We agree this isn't really good enough as an industry standard. We think we have some clever ideas on how we can do secure communication out of the box for a stable release. However I think it's out of scope for the beta.
Secure communication over a local network is not an easy problem to solve. I don't think encouraging users to install root certs is a good idea. That should only be done by very technical users who know what they're doing and understand the implications. As an aside, if you're concerned your local network is not secure then anything malicious could inject a fake root cert when you download it over HTTP, and then compromise your entire browser/OS when you install the bad cert.
For now, if you're worried about plain text local network communication, I'd recommend accessing your Umbrel via the Tor hidden service which will ensure all data is encrypted in transit.
Checkout our security doc if you haven't already: https://github.com/getumbrel/umbrel/blob/master/SECURITY.md
I would vote to re-open this, not because of unencrypted data in the local network but because of unencrypted data leaving Tor. If I understand Tor correctly, then without HTTPS, traffic in Tor is only encrypted up to the exit node. No extra encryption exists between the exit node and the destination. There was a prominent attack on Tor traffic exploiting this in 2007. Without HTTPS, the exit node or some eavesdropper between the exit node and the destination could very easily read my Umbrel password. Likewise, if I use the Electrum server without HTTPS over Tor, my wallet information would be totally exposed between the exit node and the destination. Why not use a self-signed certificate, since I am both the user and the certificate creator?
Ah, I found this is discussed in #190 and irrelevant since you don't ever exit to clearnet. Also see #686.
Hello, just wanted to chime in with my two cents. I've got good results in modifying my nginx.conf and using certbot + dns01 challenges to get SSL certs for use locally. My dns records just point at the private IP so nothing touches clearnet while getting that nice green checkmark in the browser
Adding my vote for this one. This is required to run BTCPayServer I believe.
The following instructions could be a useful resource (specific to BTCPayServer but presumably could be generalised):
Installing the NGINX reverse proxy with an SSL certificate for Umbrel / BTCPay Server
This uses certbot, not something I have come across before (I thought you had to pay for SSL certificates) and also requires dynamic DNS if you have no fixed IP.
I wonder if anyone knows of a [free] command-line service for dynamic DNS allocation in a similar fashion to certbot for SSL certificates. If so, this would presumably mean this could all be configured from an installation without much user configuration other than port forwarding on their router. Perhaps something like How to Install the Dynamic Update Client on Linux is part of the solution.
I would be very interested to see if this could be done.
Just noting that enabling access via HTTPS would allow browsers to access and use camera functionality.
See https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia
FYI issue you will have related to this topic: https://community.getumbrel.com/t/apps-remain-in-starting-but-actually-work-fine/6338/7
All it takes is one Umbrel vuln to bring down half of the lightning network?
HTTPS integration needs to be the #1 priority for the Umbrel team at this point. As the network continues to scale, it is unacceptable to assume that everyone's local network should be secure, especially when that service communicates with the outside world.
Yes, why closed? An umbrel https connection would also be a benefit for specter, because it allows Notifications_API.
This makes running a home node via Tor insecure. Self signed cert is fine for private use. Seems like a basic requirement.
Besides that it insecure for Tor, Apple will soon block API calls (currently depreciated), making it impossible for apps like Zeus and others to connect to Umbrel over Tor. Currently, NSAllowsArbitraryLoads -> true is required to make the connection possible.
HTTPS is required for some browser api's breaking some things in nextcloud, could this please be re-opened?
HTTPS is required for some browser api's breaking some things in nextcloud, could this please be re-opened?
I want https because of nextcloud as well. With just the tor I can't use the nextcloud app.
HTTPS SUPPORT ..AND SOME ?
Its a fine balance between Security/Usability/Functionality & initial Design purpose. Umbrel is primarily a Bitcoin Node which has morphed into a Personal OS/Server.
HTTPS is important as briefly highlighted by some of the comments above and vendor changes are coming which will break some of the methods used currently by some apps/users of this product. However, conversely we have to ask ourselves as a community what it is exactly that we want from Umbrel?
Do we want a Secure & Sandboxed BTC LN node env based around TOR and using Private Self-Signed SSL Certs (as-is now) or Do we want to have the functionality of a fully featured tech-stack with full blown operability over clearnet in an advanced form from where Umbrel has its abilities currently?
I am sure the Devs are thinking long and hard about the course of direction they are taking Umbrel. Its a Stellar project and have blown me away with their work..
Personally, I would like to be able to better see the abstracted layers more clearly through a Customisable UI where instead of using Hidden services and NGINX reverse/transparent proxies acting as the abstraction layer between the modular components which docker offers and change this to a thin middleware management layer with options on how we can route services or how we offer services to the public or remain private; A simple way to explain this would be to Imagine a customisable WAF (WebApp Firewall) kind of like a Pi-Hole but expended to manage routing of Apps/Protocols/Services/IP's of Umbrel apps and services where we can dictate what is exposed what is hidden.
Umbrel is in a good place now.. but I do think there is a very important area of conversation to be had around this topic, obviously as was mentioned above there are huge implications for the LN Network if any vulns were to strike Umbrel OS which is why due caution around this topic is important.
Maybe there is a middle ground between the competing needs of Umbrel/LN/Privacy Vs a Personal Server which has part-Publicly exposed services 'or' isolated public exposure over clearnet.
This topic should should remain open IMHO as its a crucial area of particular interest to Users and developers alike.
Happy to re-open this issue to keep track of it.
Since there's been a lot of discussion here recently I'll link to the places this has been brought up before. If you're wondering why Umbrel doesn't yet support SSL, it's because it's not trivial to support SSL over the local network in a way that doesn't fail to actually prevent MITM attacks or introduce dangerous security footguns, you can read more on the reasons why in these previous discussions:
- https://github.com/getumbrel/umbrel-os/pull/53#issue-661821443
- https://github.com/getumbrel/umbrel/issues/190#issuecomment-683626245
- https://github.com/getumbrel/umbrel/issues/985#issuecomment-921041368
We definitely want to support this at some point, and we have some ideas to experiment with, but it’s not a simple fix and we want to devote some more time in the future to make sure whatever solution we implement overcomes the existing shortcomings of using SSL on the local network.
I just installed a test version of Umbrel and to my surprise I also discovered that the default configuration is insecure:
root@umbrel:~# ss -tapn | grep LISTEN
LISTEN 0 4096 0.0.0.0:80 0.0.0.0:* users:(("docker-proxy",pid=49619,fd=4))
This effectively means ingress traffic from "anywhere" to Umbrel can be sniffed.
Assuming the "local" network is "secure" is foolish and just plain wrong.
At a minimum adding Let's Encrypt support would be the easiest way to fix this.
Umbrel without SSL is a toy. I just started to test this software stack and already want to move to other solutions because it's incomprehensible to me, how can Umbrel be a serious proposition for a Bitcoin/LN node without proper encryption.
The assumption about safe network is just plain wrong. The tale about unsolvable problem of MITM on local networks is preposterous. If Umbrel image has to be written to SD card then it's a no brainer to generate/add certs at this point to the card as well.
As mentioned by @jbrill - all it takes to bring down Umbrel is one exploit that can be automated and as Cave Johnson said it - "We're done here". Lack of SSL and no seed-based-non-default-passwords is IMHO simply reckless.
Add SSL, without this, nobody can use umbrel in production purposes, and TOR is not convient for speed and specific browser requirement. Take care about security is most important that you need to do!
I indeed use something similar but ,based on nginx. What would be a super add-on is a way to create a nginx config file with all the proper ports and forwards defined (e.g based on the .env file)
There should be a gui for this kinda like the nextcloud cli tool for adding ssl/tls
There's a nice proposal for fixing this:
https://makers.bolt.fun/story/easy-switch-tor-clearnet-for-bundle-nodes--155
i able to fix problem using https://github.com/suyashkumar/ssl-proxy
@connected201 Did you build it on your Umbrel node (putting golang on there etc) or were you able to get "docker-compose -f ..." to work?
no, i run ssl proxy and connect to web interface over ssl proxy, rad documentation, just download ssl proxy and run like this ssl-proxy -from 0.0.0.0:4430 -to 127.0.0.1:8000 where 127.0.0.1:8000 is docker web interface for casaos or other container
This should be possible using Tailscale: https://tailscale.com/kb/1153/enabling-https/ However, Umbrel does not expose port 443 by default.
