TLS termination is not enabled by default. This means that the traffic between your snap devices and the Snap Store Proxy will not be encrypted.
This document explains how to enable TLS termination in the Snap Store Proxy.
Obtain an x509 key and certificate pair for your Snap Store Proxy domain. You can determine the domain by running:
snap-proxy config proxy.domain
This name will be the subject or one of the alternative names on the certificate.
How to obtain the certificate/key pair is out of scope of this document.
Running the below command will import the key/certificate pair and re-configure your Snap Store Proxy:
cat my.cert my.key | sudo snap-proxy import-certificate
After this is done, TLS termination will be enabled, and any HTTP traffic to your Snap Store Proxy will be redirected to HTTPS.
The TLS certificate above may be self signed or issued by a certificate authority that is not included in the system certificate store on your snap devices. If this is true, then you need to make sure that the certificates in question are added to the system certificate store on those devices. On Ubuntu devices this might be achieved by placing the certificate in question in a specific directory:
sudo cp selfsigned.crt /usr/local/share/ca-certificates/
snapd has to be restarted.
sudo systemctl restart snapd
After that, snapd will be able to successfully verify the certificate.
Once you've confirmed that your Snap Store Proxy is running and accepting HTTPS connections, you can register your Snap Store Proxy.
At any time, you can use:
to check the status of your Snap Store Proxy.