Closed SaschMie closed 1 year ago
brianmiller
commented
1 year ago https://github.com/brianmiller/phvalheim-server/issues/19 will be ready today and solves this issue.
Admin security requires a reversed proxy to isolate the interfaces. This is too difficult for most to deploy and configure. Issue #19 eliminates the need for a reverse proxy, bringing access control internal to PhValheim.
You can watch GitHub or our Discord for release notifications.
brianmiller
commented
1 year ago 
SaschMie
commented
1 year ago actual the site is running through nginx proxy manager, but i dont know how i should get auth to the /admin location
brianmiller
commented
1 year ago v1.7+ removes the need for a reverse proxy, but also doesn't include admin security v1.9+ will include admin security later today
https://github.com/brianmiller/phvalheim-server#reverse-proxy-config-example is the nginx reverse proxy example. Note the deny rule under the admin/ location section. This is the piece that prevents the admin interface from being access through the reverse proxy. In this example, you would need to navigate to the docker host directly to get access to the admin UI.
You can see this condition is complicated but necessary. v1.9+ will remove this complexity while still leaving the option for a reverse proxy, if desired. E.g., single public IP with TCP/80 and TCP/443 already used. Most people don't have multiple static public IPs :)
-Brian
brianmiller
commented
1 year ago The admin RBAC is taking longer than expected. I'll pick it back up next week.
For now, your best bet is to use a reverse proxy with the proper deny rules to secure the admin interfaces.
SaschMie
commented
1 year ago How is that working with NGINX Proxy Manager, is there a example?
brianmiller
commented
1 year ago
So i have a url and my players go there and connect with steam to the server. Thats working but why has the /admin no secuirty? Everyone can delete this servers