Closed ismoiliy98 closed 55 minutes ago
I would look into firewalls, like UFW to control that.
An alternative would be to replace "planet" in the nginx config to some random string. Probably the easiest solution.
I would look into firewalls, like UFW to control that.
An alternative would be to replace "planet" in the nginx config to some random string. Probably the easiest solution.
Replacing planet
in the nginx config makes sense; we can use it as a secret path string. But isn't it trackable through the request made by the JS client, e.g. MapLibre?
I mean if you want to make a public website then it'll always be visible in dev tools. But if you are worried about security, then the server is really locked-down, there is no processes running just nginx and ssh, so the attack surface is very limited. I mean there is no Python/PHP/Node or anything running on the server, just static files being hosted.
Thank you @hyperknot
I think the issue may be closed
@hyperknot, thank you for this fantastic project
I want to self-host
openfreemap
. Is there a way to restrict access to self-hosted instances with some auth mechanism? Maybe some guidance should be added to docs on implementing it.As I understand, right now, if I self-host it, then anyone has access to my server and can use it by knowing the endpoint.