AVGP / cloud9hub

A workspace dashboard for Cloud9
97 stars 47 forks source link

Zpriddy #27

Open zpriddy opened 8 years ago

zpriddy commented 8 years ago

I added a layer of HTTP using letsencrypt and nginx. It now requires basic auth when accessing the c9 IDE. I did not like how everything was open to the internet without even https with c9 - more so with no password if the IDE was running considering it has access to a shell. There is more that can be done - maybe using oauth2_proxy in the future. This is just a quick security improvement. @Harjot1Singh @AVGP Feel free to contact me if you have any questions about these changes or would like to start working together - me@zpriddy.com

Harjot1Singh commented 8 years ago

@zpriddy Hey, nice idea. Are you able to implement a way of making this optional, maybe through the config files?

zpriddy commented 8 years ago

It should be simple enough to do.. Im not really a js coder but it is something that I can look into.

zpriddy commented 8 years ago

So.. In thinking about this.. I think it would be good to have https on all connections...

The only concern that I have is that c9 is using ports 3000-5000 right? This would mean that we would need 2000 ports on nginx config - that might be overwhelming..

Is there any chance that we can limit it to 100 ports? and then start recycling those ports? I was trying to do that but failed to do so. I saw in the history that @Harjot1Singh fixed a bug to allow all those ports.. Is there any good reason why we cant un do that? Any downside to that?

Harjot1Singh commented 8 years ago

@zpriddy Sorry for coming back to it now. I'm not sure what you mean, cloud9hub originally used those 2000 ports, before I changed anything. The range can easily be changed though.