Stable Diffusion ComfyUI SSL TLS Certificate —
ComfyUI SSL/TLS
ComfyUI SSL TLS HTTPS Certificate Let's Encrypt Nginx Caddy Reverse Proxy Self-signed Cloudflare Tunnel Security Remote Access
| Method | Difficulty | Cost | Auto Renewal | Best For |
|---|---|---|---|---|
| Nginx + Let's Encrypt | ปานกลาง | ฟรี | Yes (certbot) | Production Server |
| Caddy | ง่าย | ฟรี | Yes (Built-in) | Quick Setup |
| Self-signed | ง่าย | ฟรี | Manual | Internal/Dev |
| Cloudflare Tunnel | ง่าย | ฟรี | Yes | No Port Forward |
| Traefik | ปานกลาง-สูง | ฟรี | Yes (ACME) | Docker/K8s |
Nginx Configuration
# === Nginx Reverse Proxy for ComfyUI ===
# Step 1: Install Nginx
# sudo apt update && sudo apt install nginx
# Step 2: Create Nginx Config
# sudo nano /etc/nginx/sites-available/comfyui
# server {
# listen 80;
# server_name comfyui.example.com;
#
# location / {
# proxy_pass http://127.0.0.1:8188;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_read_timeout 86400;
# client_max_body_size 100M;
# }
# }
# Step 3: Enable site
# sudo ln -s /etc/nginx/sites-available/comfyui /etc/nginx/sites-enabled/
# sudo nginx -t && sudo systemctl reload nginx
# Step 4: Get SSL Certificate
# sudo apt install certbot python3-certbot-nginx
# sudo certbot --nginx -d comfyui.example.com
from dataclasses import dataclass
@dataclass
class SetupStep:
step: int
action: str
command: str
verify: str
steps = [
SetupStep(1, "Install Nginx",
"sudo apt update && sudo apt install nginx -y",
"sudo systemctl status nginx (Active: running)"),
SetupStep(2, "Create Config",
"sudo nano /etc/nginx/sites-available/comfyui",
"sudo nginx -t (syntax is ok)"),
SetupStep(3, "Enable Site",
"sudo ln -s /etc/nginx/sites-available/comfyui /etc/nginx/sites-enabled/",
"curl http://localhost → ComfyUI"),
SetupStep(4, "Install Certbot",
"sudo apt install certbot python3-certbot-nginx -y",
"certbot --version"),
SetupStep(5, "Get Certificate",
"sudo certbot --nginx -d comfyui.example.com",
"https://comfyui.example.com → ComfyUI"),
SetupStep(6, "Auto Renewal",
"sudo certbot renew --dry-run",
"crontab -l → certbot renew ทุกวัน"),
]
print("=== Setup Steps ===")
for s in steps:
print(f" Step {s.step}: {s.action}")
print(f" Command: {s.command}")
print(f" Verify: {s.verify}")Alternative Methods
# === Caddy & Self-signed & Cloudflare ===
# Method 2: Caddy (Easiest)
# sudo apt install caddy
# sudo nano /etc/caddy/Caddyfile
#
# comfyui.example.com {
# reverse_proxy localhost:8188
# }
#
# sudo systemctl restart caddy
# Done! Caddy auto-gets Let's Encrypt certificate
# Method 3: Self-signed Certificate
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
# -keyout /etc/ssl/private/comfyui.key \
# -out /etc/ssl/certs/comfyui.crt \
# -subj "/CN=comfyui.local"
# Method 4: Cloudflare Tunnel
# curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared
# chmod +x cloudflared
# ./cloudflared tunnel login
# ./cloudflared tunnel create comfyui
# ./cloudflared tunnel route dns comfyui comfyui.example.com
# ./cloudflared tunnel run --url http://localhost:8188 comfyui
@dataclass
class Method:
method: str
pros: str
cons: str
setup_time: str
use_case: str
methods = [
Method("Caddy Reverse Proxy",
"Auto HTTPS, Config 2 บรรทัด, Auto Renewal",
"ไม่ Flexible เท่า Nginx, Community เล็กกว่า",
"5 นาที",
"Quick Setup, Small Project"),
Method("Self-signed Certificate",
"ไม่ต้องมี Domain, ใช้ IP ได้, Offline ได้",
"Browser Warning, ต้อง Accept ทุกครั้ง",
"5 นาที",
"Internal Use, Development, LAN"),
Method("Cloudflare Tunnel",
"ไม่ต้องเปิด Port, ไม่ต้องมี Public IP, HTTPS อัตโนมัติ",
"ต้องมี Cloudflare Account, Latency เพิ่มเล็กน้อย",
"10 นาที",
"Home Server, No Port Forward, Dynamic IP"),
Method("Traefik (Docker)",
"Auto HTTPS, Docker Native, Load Balancing",
"ซับซ้อน, เรียนรู้นาน",
"30 นาที",
"Docker Compose, Multi-service"),
]
print("=== Alternative Methods ===")
for m in methods:
print(f"\n [{m.method}]")
print(f" Pros: {m.pros}")
print(f" Cons: {m.cons}")
print(f" Setup: {m.setup_time}")
print(f" Use: {m.use_case}")Security Hardening
# === Security Best Practices ===
@dataclass
class SecurityRule:
rule: str
config: str
impact: str
rules = [
SecurityRule("TLS 1.2+ Only",
"ssl_protocols TLSv1.2 TLSv1.3; (Nginx)",
"ปิด TLS 1.0/1.1 ที่มีช่องโหว่"),
SecurityRule("Strong Cipher Suite",
"ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:...;",
"ใช้เฉพาะ Cipher ที่แข็งแรง"),
SecurityRule("HSTS Header",
"add_header Strict-Transport-Security 'max-age=31536000';",
"บังคับ Browser ใช้ HTTPS เสมอ"),
SecurityRule("Firewall",
"sudo ufw allow 443/tcp && sudo ufw deny 8188",
"เปิดเฉพาะ HTTPS ปิด ComfyUI Port จากภายนอก"),
SecurityRule("Basic Auth",
"auth_basic 'ComfyUI'; auth_basic_user_file /etc/nginx/.htpasswd;",
"ต้อง Login ก่อนเข้า ComfyUI"),
SecurityRule("Rate Limiting",
"limit_req_zone $binary_remote_addr zone=comfyui:10m rate=10r/s;",
"ป้องกัน DDoS Abuse"),
]
print("=== Security Rules ===")
for r in rules:
print(f" [{r.rule}]")
print(f" Config: {r.config}")
print(f" Impact: {r.impact}")เคล็ดลับ
- Caddy: ถ้าต้องการง่ายที่สุด ใช้ Caddy Config 2 บรรทัด
- WebSocket: ต้องตั้ง Upgrade Connection ใน Nginx สำหรับ ComfyUI
- Firewall: ปิด Port 8188 จากภายนอก เปิดเฉพาะ 443
- Renewal: Let's Encrypt หมดอายุ 90 วัน ตั้ง Auto Renewal
- Auth: ใส่ Basic Auth หรือ OAuth ป้องกันคนแปลกหน้าเข้า
ทำไมต้องใช้ SSL/TLS กับ ComfyUI
HTTP Plaintext ดักฟังได้ Prompt ภาพ API Key Browser Block Mixed Content Clipboard API ต้อง HTTPS Security Best Practice
อ่านเพิ่ม: Nginx คืออะไร? สอนตั้งค่า Nginx เป็น Web Server, Reverse Pro · อ่านเพิ่ม: Fail2ban ป้องกัน Brute Force บน Linux Server · อ่านเพิ่ม: Caddy คืออะไร? Web Server ที่จัดการ HTTPS อัตโนมัติ ทดแทน Ng