Remote access and HTTPS
On your home network, plain http://<host-ip>:4437 is fine — and your data
is end-to-end encrypted on top regardless. Away from home, you need a path
back to the server. Three good options, easiest first.
Tailscale or a VPN (recommended)
Section titled “Tailscale or a VPN (recommended)”Install Tailscale (or WireGuard, or your NAS vendor’s VPN) on the server host and your devices. Your server gets a stable private address that works from anywhere, nothing is exposed to the public internet, and no certificates are involved. Use the Tailscale address as the server URL in Vetroscope.
One habit to build: if sync shows Unreachable while you’re out, check the VPN is connected — that’s the cause almost every time.
Reverse proxy with HTTPS
Section titled “Reverse proxy with HTTPS”If you already run Caddy, Traefik, or nginx (or want a public hostname),
put the container behind it and let the proxy terminate HTTPS with a real
certificate. Point Vetroscope at https://sync.yourdomain.com. A
Cloudflare Tunnel works the same way without opening ports. Copy-paste
configs for all four are in the
reverse proxy guide on GitHub.
Built-in TLS
Section titled “Built-in TLS”The server can terminate HTTPS itself — set VS_TLS_CERT and VS_TLS_KEY
to a PEM certificate and key. With a self-signed certificate, Vetroscope
shows the certificate’s fingerprint on first connection and asks you to
trust it; verify the fingerprint against the server before accepting.