How can I turn on https?

How can I turn on https on Umbrel web interface?

Why it is turned off by default?

No, Umbrel works by default all behind Tor. That means access from outside LAN can be done using onion address for each app.
Accessing on local LAN there’s NO need for https, you just access using http://umbrel.local or http://192.x.x.x your local IP of your node.

If you really need access on clearnet for specific apps like btcpay or lnbits, then follow the dedicated guides from The Guides section of this forum.

I would also like an answer to the OP’s question. I just installed umbrel and was very shocked to see that by default it is running http.
Just saying that there is no reason to run https on your LAN is not accurate. There are many valid reasons to run https on even a secured network. Concepts of Defense in Depth tell us to not rely on a single defense mechanism, but as many as feasible. If a host on LAN is compromised, they will own your umbrel quick without https.
There is definetely a way to use SSL/TLS on any address, local or not. Most routers have it built in out of the box. May not be connected to Certificate Authority, but still better than unencrypted.
Using https is always a best practice and in this day in age, http should not be used at all for anything remotely confidential.

Also, running http accross Tor does not fully secure the connection. Tor provides data CONFIDENTIALITY from the ISP, but not Tor exit node (which can be run by anyone).
Tor also does not provide data INTEGRITY which verifies that the message or information was not changed in flight.
TLS secures data INTEGRITY and CONFIDENTIALITY end to end. Tor provides a layer of anonymity and encryption.

I’m sure I can pretty easily turn on TLS by playing around with the Debian environment, but if this is not a built in feature it brings into question the security stance of Umbrel as a whole…

1 Like

If you do not trust your own LAN… I don’t know why are you are still using internet… use smoke signals