The most straightforward way to add TLS on top of SilverBulet is to use Caddy. Caddy can automatically provision an SSL certificate for you.

When you’re deploying on a public server accessible to the Internet, you can do this as follows:

sudo caddy reverse-proxy --to :3000 --from yourdomain.com:443

If you’re deploying on a local network and accessing your server via a VPN, this is a bit more tricky. The recommended setup here is to use Tailscale, which now supports TLS certificates for your VPN servers. Once you have this enabled, get a certificate via:

tailscale cert yourserver.yourtsdomain.ts.net

Caddy can automatically find these certificates once provisioned, so you can just run:

sudo caddy reverse-proxy --to :3000 --from yourserver.yourtsdomain.ts.net:443