search

freqtrade / frequi

Freqtrade UI - Frontend for Freqtrade
https://github.com/freqtrade/freqtrade
GNU General Public License v3.0
545 stars 247 forks source link

Public IP Instance possible? #1918

Closed Immortality-IMT closed 1 month ago

Immortality-IMT commented 1 month ago

x

stash86 commented 1 month ago

frequi never meant to be opened to public.

If you want to do so, it's better to just create your own dashboard and use API call to get the data from the bot (which is what frequi also doing).

stash86 commented 1 month ago

well, you are free to fork and modify frequi if you think it's faster/easier than to create a dashboard from scratch.

Just for reference, it took me less than a month to create the initial version of my own dashboard from scratch on PHP. It's simple and not come close to frequi, but it's doing what I want, a read-only dashboard to show my bots to public in safe way.

To answer your question, if you want to embed the login info in safe way, you need server side processing, which is what PHP and Node.JS provide. VueJS (from what I know) is client-side, so there is no way to store your login info securely, as you have mentioned above

xmatthias commented 1 month ago

Neither FreqUI, nor the freqtrade API (which is required to get the data) are meant to be exposed to the public internet. We clearly state this in the documentation:

We strongly recommend to not expose this API to the internet and choose a strong, unique password, since others will potentially be able to control your bot.

While we can't technically prevent this - we also do not want to facilitate this - as it's a security risk - since everyone could control your bot with the right password, and hence sell your assets (or buy tanking coins ...).

Freqtrade (as well as freqUI) targets private users working on their strategies, deploying their strategies - hence there is no need for advanced permission control, like read only users.

A "public dashboard" - or "multiple users" sounds like an enterprise feature - something you'd need to sell freqtrade to users - but not for your own usage. I see no good reason to provide such functionality for users doing trading for their personal gain (or fun).

As such, features aimed at commercial usecases (selling freqtrade as a feature) is not something we'll be facilitating as part of our free, voluntary, open source work.

As such, please understand that this is not something we'll be working on or provide assistance with.

xmatthias commented 1 month ago

I've edited your post above to remove the description.

I'd prefer to not have an instruction on "how to get hacked easily" on our repositories, hence i'll ask you not to share this again in our channels (github, discord, ...).

While you're free in doing so for yourself - it's not safe, will result in a broken bot (you can't use these functionalities for yourself, either) - and random future readers finding this will eventually not be able to determine this, and just think "oh great, letme use this" - without understanding the consequences.

Also, performing such modifications will result in a modified (and hence, unsupported) bot.

Thanks for your understanding and following of this in the future.