hyperknot
commented
2 hours ago I would look into firewalls, like UFW to control that.
An alternative would be to replace "planet" in the nginx config to some random string. Probably the easiest solution.
Closed ismoiliy98 closed 55 minutes ago
hyperknot
commented
2 hours ago I would look into firewalls, like UFW to control that.
An alternative would be to replace "planet" in the nginx config to some random string. Probably the easiest solution.
ismoiliy98
commented
1 hour ago I would look into firewalls, like UFW to control that.
An alternative would be to replace "planet" in the nginx config to some random string. Probably the easiest solution.
Replacing planet in the nginx config makes sense; we can use it as a secret path string. But isn't it trackable through the request made by the JS client, e.g. MapLibre?
hyperknot
commented
1 hour ago I mean if you want to make a public website then it'll always be visible in dev tools. But if you are worried about security, then the server is really locked-down, there is no processes running just nginx and ssh, so the attack surface is very limited. I mean there is no Python/PHP/Node or anything running on the server, just static files being hosted.
ismoiliy98
commented
55 minutes ago Thank you @hyperknot
I think the issue may be closed
@hyperknot, thank you for this fantastic project
I want to self-host
openfreemap. Is there a way to restrict access to self-hosted instances with some auth mechanism? Maybe some guidance should be added to docs on implementing it.As I understand, right now, if I self-host it, then anyone has access to my server and can use it by knowing the endpoint.