Closed JaredWith1r closed 8 years ago
evanmj
commented
8 years ago If every one of your services are secured you might be okay, but I'm running auth_basic on the whole server so the dash (this code) and my services all require auth. I'm using nginx as a reverse proxy to protect it. Nginx port 443 is all I pole through the firewall. That lets me auth on the server and I leave most things un-authed behind it. Interested in what others are doing.
JaredWith1r
commented
8 years ago Everything is behind whatever security they have provided, and I'm pretty comfortable with that. I'm showing the dashboard of my Pi-Hole server, which has no security, but also basically just shows stats.
All of those things you said sound a lot more secure than my setup, which makes me think I should look into implementing at least some of it.
JaredWith1r
commented
8 years ago Just checked out the end of the VERY front page for the site, about adding auth to my apache server. So yeah, my bad.
Close away, or leave open to encourage discussions about security.
mescon
commented
8 years ago Well, what you're suggesting isn't half bad, though it goes hand in hand with multi-user security as well. Also, having the basic auth thing at the very bottom might be a bad move by me, so I'll move it to the top in the next couple of updates on here :-)
JaredWith1r
commented
8 years ago Thanks man, anything to help! I'm really enjoying the project and trying to take full advantage of its capabilities.
Keep up the great work.
MartinAyla
commented
8 years ago +1 built-in security (a front door) would be really nice :)
I saw the post about setting up user account control, but what about setting up a front door for just one username/password?
Also, are there any inherent security risks hosting this page openly? Pretty ignorant to all of this so far. Thanks for the great project thus far!