msokk
commented
7 years ago Would RENDERER_NO_ACCESS_KEY=true environment variable suffice?
Open burningTyger opened 7 years ago
msokk
commented
7 years ago Would RENDERER_NO_ACCESS_KEY=true environment variable suffice?
Reggino
commented
7 years ago Why not just set RENDERER_ACCESS_KEY=?
msokk
commented
7 years ago That would need accessKey= to give the blank key as query param, might as well set some simple access key then.
I could change the default startup behaviour of not starting when no keys are defined, but that would make it unauthenticated by default.
Reggino
commented
7 years ago But since RENDERER_ACCESS_KEY is set, one could reason that RENDERER_ACCESS_KEY= would imply that unauthenticated use is intended... When the environment var is missing, you could say the service isn't configured properly.
burningTyger
commented
7 years ago Since there is no encryption tied to authentication it creates a false impression of security. So if you either use the service through docker or standalone you will have to enable encryption somehow. I usually use an nginx reverse proxy for that. If I have that in place I might as well add basic auth since it can be handled in the same directive. I'd drop the auth token altogether.
BTW: Thank you very much for the awesome repo. I tried all the available solutions but yours works well and fast. I changed some dependencies to slim down the image a bit though.
I'm considering this service along with another docker container and would use it from within my private docker network. No auth needed.