Request to add tls support

[bustedware]

Description

requesting for the following changes to be considered:

1. currently the walletd ui and api are served from the same port over http. support for https should be added in order to secure remote access.
2. not sure if its possible with the way the ui likely interacts with the api, but separating ui and api ports would also be desirable in case the user wants to access the ui remotely but leave the api bound to localhost / different interface.

Version

No response

What operating system are you running (e.g. Ubuntu 22.04, macOS, Windows 11)?

No response

Anything else?

No response

[alexfreska]

This should be done with whatever web server you use, I recommend Caddy, for example:

mywallet.com {
  reverse_proxy localhost:9980
}

[bustedware]

Hi @alexfreska

I was able to intercept the basic authentication header and sniff my credentials even when using Caddy running on the same host as walletd

Caddyfile:

mywallet.com {
  tls mywallet.crt mywallet.key
  reverse_proxy localhost:9980
}

Intercepting with tcpdump

tcpdump -i any port 9980 -s 0 -vv -X

Imagining that a compromised host or vulnerability in the walletd software would be able to expose these packets. Even worse having to run a separate service to proxy these connections. Having the walletd software itself be the termination point for tls connections would add an additional layer of security to our assets