Museum API over HTTPS with self-signed certificates?
Hey!
Im currently setting up my Ente Auth sync server. Right now, the API server is currently only reachable over HTTP though, which i dont want beacuse of the security reasons. I have read about the reverse-proxy in the documentations but i dont want to expose this server to the internet, im currently using a VPN into my network and reaching it locally. I have tried to setup a Nginx proxy forwarder with self signed certificates and everything, its working fine in the browser when accessing "https://serverip:newport/ping" BUT when trying to enter it in the app, it just instantly says that the endpoint is wrong.
So the reverse proxy and everything is clearly working but the app just wont accept it as it is right now. Are there any ways to fix this? How do you usually do it?
9 Replies
Ente recommends using HTTPS for the server. For security reasons, Ente will not accept incoming HTTP traffic.
You can configure a reverse proxy to make application services accessible. This also allows configuration of HTTPS through SSL certificate management. See the documentation for more information: https://help.ente.io/self-hosting/administration/reverse-proxy
If you're using reverse proxy servers such as NGINX, check out their documentation.
-# If your issue is resolved, feel free to use the /solved command to close this thread. If you'd like to ask me another question use /docsearch
Reverse proxy | Ente Help
Documentation and help for Ente's products
Here are my current config files:
And i used "
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
-keyout certs/privkey.pem \
-out certs/fullchain.pem \
-subj "/CN=example.internal.domain.se" \
-addext "subjectAltName = DNS:example.internal.domain.se"
"
And i dont have any public DNS records for "example.internal.domain.se", only local records for my LAN. :)
I have the exact same problem right now (trying to host Ente Photos rn, but the problem stays the same).
Is it possbile to make the Ente Android app accept self-signed certificates? I've loaded the cert into the System CA truststore. My browser accepts it, but the app doesn't.
Can anybody help here? I can't be the only one that doesn't want to open Ente to the Internet if not necessary.
At least for me, I ran Ente with a reverse proxy ontop to dish out https certs. Everything is local so i didnt have to open anything to the public to access it
The only thing i noticed with the proxy is that i had to run it with caddy, NGINX was not cooperating with ente
Yeah that's what I want to do. How are you doing that? Are you using DNS-01 challenges (not an option for me)? Or self signed certs with
tls internal in the Caddyfile?Yeah DNS-01 challange to grab a lets encrypt cert. I currently have my domain from Cloudflare, but i used to use duckdns to get a free domain i can use for my proxy.
I could use a internal tls cert too I think as well, my caddy is ran through opnsense which has its own internal tls cert it can use for getting HTTPS
DNS-01 challenges work, because the Ente app trusts Let's Encrypt as it is a well known certificate authority.
But the Ente app doesn't trust self signed certificates which is exactly my problem.
Nice that it works for you but I won't use DNS-01 challenges as my hosting provider doesn't support them and I won't trust cloudflare.
Ty nonetheless!
if its local only you can run your own CA