Running locally with TLS but without using nginx nor Apache

Hey everyone, first time poster, nice to meet you

Testing the waters with SB, I want to run it on my Raspberry and keep it as an offline capable PWA on my phone. To do that I read that I need to access it via https and that means I need to use certbot to set up a TLS.

I’ve found @edison23’s useful guide for setting things up with Apache.

I’ve no other use for Apache currently and I’m hesitant to install it just to support TLS with SB. Is there a way to set things up for local use (i.e. inside my home network, no external access needed), without using Apache or nginx?

Thank you in advance.

Easiest way I know is to use Caddy. It uses sane defaults for most of the stuff you’d have to worry about using Nginx and Apache.

However, the biggest problem will be issuing the certificates.

Caddy will generate self-signed certs for you, but your phone won’t trust them out of the box.

So, I’m testing the waters and here’s what I’ve managed up to now. It’s super hacky and definitely not something I’ll keep around. I’ll document what I’ve done, maybe it’ll help someone else, maybe someone else helps me by chiming in.

I’ve started SB with the following command:

silverbullet -L0.0.0.0 .local/silverbullet/

Then, I’m starting caddy with the following command:

caddy reverse-proxy --from machinename.local --to :3000

You should replace machinename.local with your server’s .local name, maybe it could work with the IP directly.

Now when I visit https://machinename.local, I click continue/accept to the browser’s scary message about the untrustworthy connection and, I’m in!

SB syncs locally as an offline PWA and when I kill the server, it continues to work and sync the changes back when the server comes back.

The basic blocks and functionality are there, now I need to find a cleaner and more proper way to perform the above steps.

add --disable-redirects to that caddy invocation to listen only on 443 (i.e. block port 80).