How can I turn on https?

How can I turn on https on Umbrel web interface?

Why it is turned off by default?

3 Likes

No, Umbrel works by default all behind Tor. That means access from outside LAN can be done using onion address for each app.
Accessing on local LAN there’s NO need for https, you just access using http://umbrel.local or http://192.x.x.x your local IP of your node.

If you really need access on clearnet for specific apps like btcpay or lnbits, then follow the dedicated guides from The Guides section of this forum.

I would also like an answer to the OP’s question. I just installed umbrel and was very shocked to see that by default it is running http.
Just saying that there is no reason to run https on your LAN is not accurate. There are many valid reasons to run https on even a secured network. Concepts of Defense in Depth tell us to not rely on a single defense mechanism, but as many as feasible. If a host on LAN is compromised, they will own your umbrel quick without https.
There is definetely a way to use SSL/TLS on any address, local or not. Most routers have it built in out of the box. May not be connected to Certificate Authority, but still better than unencrypted.
Using https is always a best practice and in this day in age, http should not be used at all for anything remotely confidential.

Also, running http accross Tor does not fully secure the connection. Tor provides data CONFIDENTIALITY from the ISP, but not Tor exit node (which can be run by anyone).
Tor also does not provide data INTEGRITY which verifies that the message or information was not changed in flight.
TLS secures data INTEGRITY and CONFIDENTIALITY end to end. Tor provides a layer of anonymity and encryption.

I’m sure I can pretty easily turn on TLS by playing around with the Debian environment, but if this is not a built in feature it brings into question the security stance of Umbrel as a whole…

11 Likes

If you do not trust your own LAN… I don’t know why are you are still using internet… use smoke signals

This is such a stupid and uneducated comment. Techengineer21 is 100% correct in his/her post, and umbrel should implement https if it is to be taken seriously as a productivity tool. Heck there is already a docker image called caddy that already does this for you (automatically uses Let’s Encrypt and could be attached as a front end to all the other docker images). Adding https would only benefit this project.

13 Likes

Any updates?

I just installed Umbrel but I can´t use it anymore because I need to use a REMOTE computer to connect to my umbrel, so https is essential even though it is via TOR because even so login passwords travel through TOR clearly

Of course, I had the same thoughts. Two days ago I got Umbrel up and running on my Linux Mint box. I am quite excited.

I installed Tailscale as a solution for remote access just in case I need it. Any thoughts on that?

I would like to learn more. I’m new to using TOR extensively so I have been reading these comments with great interest.

Getting ready to launch my second BTC full node. The first on is running on a Linux box but I’m excited to fire it up inside Umbrel and start expanding my activities.

3 Likes

Well, becaouse of this I’m not so happy as I could. There is ofcourse way of using reverse proxy (and I can do it) however not having the option at all on umbrel id definitely bad practise. There is so many useful apps, but no one for simple webservice, with LE or another free valid SSL certificate? C’mon man!

1 Like