SilverBullet relies on a few advanced browser features to operate (specifically service workers, crypto APIs and clipboard APIs). These features are only enabled by browsers when websites are accessed via http://localhost or via TLS, that is — a https:// URL.
This is not a limitation imposed by SilverBullet, it is a restriction encoded in web standards. You may not like this restriction, but it is what it is.
Therefore, to use SilverBullet you need to either access it via localhost or put a TLS certificate on it.
You can do this in a few ways:
If you run SilverBullet locally on your machine, this is the easiest option. Everything runs fine as long as the browser sees localhost or 127.0.0.1 appear in the URL, even with http://.
The obvious drawback of this approach is that your SilverBullet instance is only accessible from the machine you run it on.
If you run SilverBullet on a remote server in your network that you have SSH access to, you can “fake” a localhost URL by creating an SSH tunnel.
You can do this as follows:
ssh -N -L 3002:localhost:3000 user@someip
This will tunnel your localhost port 3002 (accessible via http://localhost:3002) to port 3000 on the someip server. Stop the tunnel with Ctrl-c. To keep the tunnel running in the background, add the -f option.
Compared to running it locally this is slightly better, because you can now access SilverBullet from any machine you can create an SSH tunnel from.
If you don’t (or can’t) use SSH, you can create a Caddy reverse proxy. Install Caddy first, then create a Caddyfile:
localhost:3002 {
reverse_proxy someip:3000
}
And run Caddy with:
caddy run --config /path/to/Caddyfile
Now you can access your remote server via http://localhost:3002
For this, you need to get your hands on a TLS certificate.
A few options:
If you’re a Tailscale user, this a simple solution. If not, you may consider becoming one — it’s a solid service, very friendly to Self Hosted|self hosters, and free for this use case.
Part of the guide to setup SilverBullet on Linux are instructions on how to install (a free service) and use it to expose a local server (like SilverBullet) locally on your VPN, or the Internet — a setup that gives you a .ts.net subdomain with TLS certificate.
The advantage of this approach is that you have the choice to expose your SilverBullet to the wide Internet, or limit it to just your Tailscale VPN. The disadvantage is that you now rely on a third party (Tailscale).
There a various affordable providers of cloud servers that can be used to self-host SilverBullet in the cloud. It relatively easy to get a TLS certificate issued on a publicly exposed server.
The recommended approach for this requires two things:
*.duckdns.org sub-domain for free.After deploying SilverBullet on the VM (with Authentication enabled, obviously), you can deploy Caddy next to it as a reverse proxy. Caddy can automatically request TLS certificates using Let’s Encrypt.
For this, install Caddy into your VM. Then, in your Caddyfile (usually located /etc/caddy/Caddyfile) put:
silverbullet.mydomain.com {
reverse_proxy localhost:3000
}
Replace silverbullet.mydomain.com with any domain that you have configured to resolve to the IP of your server, and the :3000 port with whatever local port you run SilverBullet on.
Restart Caddy and access SilverBullet via https://silverbullet.mydomain.com. On first load, Caddy will work with Let’s Encrypt to issue a TLS certificate and install (and update) it automatically, this may take a minute, so be patient.
It is possible to self sign certificates and use those. Search the Internet for instructions on how to do this, here is website that describes the way it works and how to do it.