Umbrel needs to support HTTPS (this is important)

[mikropsoft]

I want to expose Umbrel to the external network, but when I do so with a domain that has an SSL certificate, I receive a warning similar to the one I mentioned in issue #1832.

Opening Umbrel on the external network via HTTP doesn’t inspire confidence. This support should be implemented urgently. I kindly ask all developers to take this into consideration.

[GuiSousa135]

I agree, this is extremely important, but I don't know if it is easy to implement.

[JoseMoranUrena523]

You’d have to wait on the Umbrel developers to decide whether they want to implement HTTPS support.

[JoseMoranUrena523]

I agree, this is extremely important, but I don't know if it is easy to implement.

I assume what they'd have to do is use certbot to generate an SSL, and have whatever they use (say nginx) be able to use that SSL.

[kennym]

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

[JoseMoranUrena523]

Is this really a security issue if you're accessing your Umbrel without https via tailscale? Isn't the traffic between you and Umbrel always encrypted as long as connected to Tailscale?

I don't think its a major security issue with Tailscale, but still. What if you don't want to use Tailscale?

[jjmmbb]

My contribution: https://r.je/guide-lets-encrypt-certificate-for-local-development

[jjmmbb]

I am still searching for solutions to make a way to run .local domains using SSL. I have found two different approaches using a very useful method to improve security on Umbrel.

https://smallstep.com/blog/private-acme-server/ - It's a private ACME SERVER that can easily run over Traefik.

[sahilph]

Nginx Proxy Manager is now available on the app store. You can use that to request SSL certificates and expose certain apps to the internet.

Edit: If you wish to encrypt communications in your local network, I have created a app for that. More Info here

[LastSkywalkerER]

I decided not to create a new issue, I think the situation is similar to mine. The problem is that I need to put Umbrel on the network.

I've done this in several ways:

• I expose port 80 and 443 from the router and set up a revert proxy with SSL certificate on the local 80 port
• I set up a claudflaered tunnel with proxying to port 80 from outside the router.

In all cases I get the same error.

It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

[sahilph]

@LastSkywalkerER It seems that somewhere in the source code there is a hardcoded address addressing via http, which is not supported under https

Yes you are correct, the http is currently hardcoded, There is PR open which would fix this: #1841

Most likely, that PR will be merged in the next release. For now the workaround will be to manually add your domain to the file.

[jjmmbb]

@sahilph developed a module for httpsizer the Umbrel. My suggestion is that Umbrel add that module to core.