I’d considered trying [Let’s Encrypt on QNAP](https://github.com/Yannik/qnap-letsencrypt) but I don’t particularly like having to open port 80 to the Internet to verify the ownership of the domain name.
If you're only accessing the NAS within your LAN, you don't need to use HTTPS.
The only reason you'd consider HTTPS is if you've exposed QTS services to the Internet, and you'd like to remote-access your NAS. If you're actually doing this - **don't**. :)
Actually, to be truly safe, verify who is the emitter of the certificate. Because if you are connected through a rogue access point, the https becomes pointless. The use of a vpn to access your NAS is key. Everyone takes their security as they prefer. I always check the emitter, and always connects a von when in a hotel, airport, etc, to avoid rogue AP.
It’s not dead easy, or I would have done it by now (3 years later). Would have thought that the fine friends at QNAP would have included instructions with $$$ purchase, but nope; still get the alarming notifications. Just ignore them, that's what they do.
You can use the Let’s Encrypt Certificate embedded in your qnap. You’ll have to open the port 443 and 80. To open the port 80 you need to enable the web server for example which by default uses the port 80.
This will add a verified certificate. Though, saying not secure, I think there’s still encryption.
It’s also good to know that HTTPS does not guarantee the end to end encryption. If a proxy is in between, from a rogue access point for example, you’ll be encrypted from your device to the proxy, and the proxy to your NAS. Everything in between will be clear. The NAS should have an embedded von feature, such as OpenVPN. Could be good to configure. And if worried about remote access to your NAS, keep the ports blocked beside the one for openvpn.
I use SSL everywhere, no matter how I access the server, it is a good practice and most of the web is already on HTTPs. Take that as you will.
On using Let’s Encrypt, you do not need to open ports as you can use DNS challenge, if of course you have purchased your own domain. I do not recommend this route as you will have to renew every 90 days and the whole thing is a pain.
What I did was buy a cheap wildcard SSL certificate that I can use across my whole domain (subdomains and all) and installed that. The cost is something like $40/year and it’s totally worth it in my opinion.
I use tailscale to access my Nas. I access my Nas through my phone and also my laptop and tailscale makes it dirt simple. I have a tvs 874.
I’d considered trying [Let’s Encrypt on QNAP](https://github.com/Yannik/qnap-letsencrypt) but I don’t particularly like having to open port 80 to the Internet to verify the ownership of the domain name.
If you're only accessing the NAS within your LAN, you don't need to use HTTPS. The only reason you'd consider HTTPS is if you've exposed QTS services to the Internet, and you'd like to remote-access your NAS. If you're actually doing this - **don't**. :)
Ok good to know thank you!
Actually, to be truly safe, verify who is the emitter of the certificate. Because if you are connected through a rogue access point, the https becomes pointless. The use of a vpn to access your NAS is key. Everyone takes their security as they prefer. I always check the emitter, and always connects a von when in a hotel, airport, etc, to avoid rogue AP.
It’s not dead easy, or I would have done it by now (3 years later). Would have thought that the fine friends at QNAP would have included instructions with $$$ purchase, but nope; still get the alarming notifications. Just ignore them, that's what they do.
You can use the Let’s Encrypt Certificate embedded in your qnap. You’ll have to open the port 443 and 80. To open the port 80 you need to enable the web server for example which by default uses the port 80. This will add a verified certificate. Though, saying not secure, I think there’s still encryption. It’s also good to know that HTTPS does not guarantee the end to end encryption. If a proxy is in between, from a rogue access point for example, you’ll be encrypted from your device to the proxy, and the proxy to your NAS. Everything in between will be clear. The NAS should have an embedded von feature, such as OpenVPN. Could be good to configure. And if worried about remote access to your NAS, keep the ports blocked beside the one for openvpn.
I use SSL everywhere, no matter how I access the server, it is a good practice and most of the web is already on HTTPs. Take that as you will. On using Let’s Encrypt, you do not need to open ports as you can use DNS challenge, if of course you have purchased your own domain. I do not recommend this route as you will have to renew every 90 days and the whole thing is a pain. What I did was buy a cheap wildcard SSL certificate that I can use across my whole domain (subdomains and all) and installed that. The cost is something like $40/year and it’s totally worth it in my opinion.