search

hummingbot / dashboard

Application that helps you create, backtest, deploy, and manage Hummingbot instances
Apache License 2.0
189 stars 124 forks source link

Dashboard uses HTTP (where HTTPS should be expected) #77

Open eMTee72 opened 1 year ago

eMTee72 commented 1 year ago

Describe the bug

The Dashboard is used as an interface to your containers. The Dashboard is protected by a username & password combination. However, this information is served over an HTTP connection, which suggests the data between the Dashboard container and the web browser is unprotected, resulting in exposing confidential information (login credentials / financial data / others?) to the network.

Steps to reproduce bug

  1. Deploy a Dashboard container.
  2. The Dashboard is now accessible on HTTP://IP-address:8501. This should become HTTPS://IP-address:8501
fengtality commented 1 year ago

Great suggestion - I agree that this should be added in the long term. Right now, Dashboard is still in beta so our main priority is getting feedback so that we can improve the user experience and interface of the main pages.

cllasyx commented 2 months ago

If you need HTTPS so desperately, deploy reverse proxy with internal certificates. I suggest and am myself using Caddy also in docker container which is a bit of pain to set up but works wonders once done.