941838c045
Hey, since I've been using Actual via Traefik for a few days now, I took the time to add a little bit to the documentation in that regard. I hope it fits so far. Please feel free to comment/improve anything.
2.8 KiB
title
| title |
|---|
| Activating HTTPS |
You’ll need to enable HTTPS on your home server in order to safely use all of Actual’s features. You don’t need to follow these steps if you run the server on your own computer and only access it through localhost, or if you’re using a cloud provider that handles HTTPS for you. There are a few different ways to get HTTPS to work, depending on what you’d prefer to do.
Both methods refer to not exposing Actual on the internet. If this is desired refer to Using a Reverse Proxy.
Use a self-signed certificate
Use a self-signed certificate. This is the easiest way to get HTTPS working, but it will cause your browser to display a warning that the certificate is invalid. Additionally, if anyone gets access to this certificate, they can intercept most secure traffic on your computer.
- A command line tool like mkcert can automate this process.
- Alternately, you can manually generate the certificates. Install OpenSSL for your operating system, then run
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfhost.key -out selfhost.crtin a terminal to generate the certificate and private key. You’ll need to enter a two-letter country code to get the.crtfile to be generated, but you can leave the rest of the fields blank (just hit enter at each prompt). Move theselfhost.keyandselfhost.crtfiles a location accessible to the Actual server.
Obtain certificate without exposing to the internet
Use a service like Tailscale or Caddy that allows you to create a valid HTTPS certificate without having to expose your server to the wider internet.
Update Actual Configuration
Once you have the certificate, you’ll need to configure Actual to use it. There are two ways to do this:
- Configuring with
config.json: Create aconfig.jsonfile in the same folder where you run Actual (or/dataif you’re using a Docker container). Put the paths to the.keyand.crtfiles in the file. Note: if you’re using Docker or a similar container environment, make sure the paths are accessible to the container. For example:{ "https": { "key": "/data/selfhost.key", "cert": "/data/selfhost.crt" } } - Configuring with environment variables: If you can’t easily create new files, you can also configure HTTPS using environment variables. Set the
ACTUAL_HTTPS_KEYandACTUAL_HTTPS_CERTenvironment variables to the contents of the.keyand.crtfiles, respectively. If you’re unable to include newlines in the environment variable values, you can replace any newlines with\nand Actual will automatically convert them back to newlines.