Open mariocynicys opened 1 year ago
5dsadsa8ds
commented
1 year ago In that case wouldn't you end up with 1 onion URL covering all services instead of having each service with their own onion URL?
Allowing external adversaries to probe your node to see what apps you have installed and also more easily bruteforce them all?
mariocynicys
commented
1 year ago Umm, not sure how umbrel is internally structured. But I think every webapp in umbrel can have its own onion url. And the main umbrel app can reject /app paths (give 404s) when accessed through Tor to avoid people probing what apps you have.
nevets963
commented
1 year ago @meryacine 1 problem with running apps on a custom path is; not all apps support this and they assume that the root is /. So even if we add a reverse proxy to fetch the bitcoin app at /app/bitcoin-node, it would generate urls using / as the root, such as /about-us when infact it should be /app/bitcoin-node/about-us. Therefore 1 potential solution would be to have a sub-domain per app and use a wildcard DNS record e.g. *.umbrel.my-domain.com.
Why not run the installed umbrel apps on paths (e.g.
umberl.my-domain.com/app/bitcoin-node) instead of ports (umbrel.my-domain.com:84940). This is useful for people having their umbrel on the cloud, behind reverse proxies, or can't open that many ports for all the apps.For me, I can't have my umbrel in home because my bandwidth is very limited and can't take having a full node.