DusterTheFirst
commented
1 year ago This would be extremely useful for public-facing status-page. Right now, there is no difference from a status-page and the dashboard authentication wise. You can authenticate on the public facing status pages, and if we set a domain name, you can even access the dashboard from that domain, which would be unwanted for security reasons. I think being able to whitelist known, read-only apis and safe client side assets would be very useful for running uptime-kuma behind a reverse proxy and adding extra authentication or security in front of the admin side while leaving the status-pages public.
rdbahm
CommanderStorm
⚠️ Please verify that this feature request has NOT been suggested before.
🏷️ Feature Request Type
Other
🔖 Feature description
When I expose uptime-kuma via cloudflare tunnel access I could put an auth wall in front of uptime kuma. What I try to achieve is to have admin part (all except status page /status/) behind cloudflare auth (ok), but put status page behind cloudflare WITHOUT* auth (policy = bypass for /status path).
The problem is that /status page rely on ressources that are on root path like :
✔️ Solution
put all resources that could be public exposed without security concerns under a public subfolder like /public in order to easy reverse proxying.
❓ Alternatives
adding all sub ressources to a new cloudflare tunnel application but I'm concern about :
📝 Additional Context
No response