Skip to content

Remote access and HTTPS

On your home network, plain http://<host-ip>:4437 is fine — and your data is end-to-end encrypted on top regardless. Away from home, you need a path back to the server. Three good options, easiest first.

Install Tailscale (or WireGuard, or your NAS vendor’s VPN) on the server host and your devices. Your server gets a stable private address that works from anywhere, nothing is exposed to the public internet, and no certificates are involved. Use the Tailscale address as the server URL in Vetroscope.

One habit to build: if sync shows Unreachable while you’re out, check the VPN is connected — that’s the cause almost every time.

If you already run Caddy, Traefik, or nginx (or want a public hostname), put the container behind it and let the proxy terminate HTTPS with a real certificate. Point Vetroscope at https://sync.yourdomain.com. A Cloudflare Tunnel works the same way without opening ports. Copy-paste configs for all four are in the reverse proxy guide on GitHub.

The server can terminate HTTPS itself — set VS_TLS_CERT and VS_TLS_KEY to a PEM certificate and key. With a self-signed certificate, Vetroscope shows the certificate’s fingerprint on first connection and asks you to trust it; verify the fingerprint against the server before accepting.