Problem: unifi has no ssl certs

There’s a few solutions to this online:

  • Run acme on the router, get ssl certs, import
  • Import ssl certs from tailscale (tried, didtn’t work)

With the UDM being at the other end of the house, I’m not worried by sniffing.

Solution:

Run a reverse proxy (in this case caddy) that serves SSL and proxies through to the router. Run a tailscale node next to caddy with the name “router”. Have caddy use tailscale’s SSL certs. Have Caddy redirect http traffic to the full ts.net name.

Now, when I go to http://router, I get a redirect to https, with a valid cert from tailscale. Traffic from the proxy to the UDM is also encrypted.

Future work

Can we use tailscale for auth for router login?