search

jason-green-io / papyri

Minecraft map item data mapping tool using Leaflet
MIT License
63 stars 9 forks source link

How secure is it to host Papyri on the Python Server? #33

Closed MnTronslien closed 3 years ago

MnTronslien commented 3 years ago

Loving the Papyri app - our server has been using it a ton ^^

This isn't really a Papyri issue but I hope you can help because I am having a hard time finding the information I need.

I was running Papyri on the Python server when I saw some weird activity trying to connect - I think it was malicious actors trying to insert commands to the server and definitely not legitimate activity of somebody using papyri. I got concerned and took my server down.

After this I moved the Papyri hosting to a provider - but the upload time there is horrendous! With the provider, the map can update once every 12 hours, vs once every hour when I had it locally.

So I guess my question (or issue) is: What do I need to do - if anything - to run the python server securely on my own machine? I know enough about internet security to get concerned, but not enough to know what precautions to take.

jason-green-io commented 3 years ago

The basic Python server HTTP module should not be used in production, only locally for fun or testing. If you do use it, it should be behind a reverse proxy like nginx. Since the files papyri generates are static, you can host them pretty much anywhere, it doesn't have to be the Python web server. Heck, I use GitHub pages for my servers. I've used a docker image and also Amazon S3.

On Tue, Dec 29, 2020 at 13:35 MnTronslien notifications@github.com wrote:

Loving the Papyri app - our server has been using it a ton ^^

This isn't really a Papyri issue but I hope you can help because I am having a hard time finding the information I need.

I was running Papyri on the Python server when I saw some weird activity trying to connect - I think it was malicious actors trying to insert commands to the server and definitely not legitimate activity of somebody using papyri. I got concerned and took my server down.

After this I moved the Papyri hosting to a provider - but the upload time there is horrendous! With the provider, the map can update once every 12 hours, vs once every hour when I had it locally.

So I guess my question (or issue) is: What do I need to do - if anything - to run the python server securely on my own machine? I know enough about internet security to get concerned, but not enough to know what precautions to take.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jason-green-io/papyri/issues/33, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVYU4ODPLS7DT6TKPJ4UKLSXIOOJANCNFSM4VNPSZJQ .

MnTronslien commented 3 years ago

Thank you for answering!