Open burningTyger opened 7 years ago
Would RENDERER_NO_ACCESS_KEY=true
environment variable suffice?
Why not just set RENDERER_ACCESS_KEY=
?
That would need accessKey=
to give the blank key as query param, might as well set some simple access key then.
I could change the default startup behaviour of not starting when no keys are defined, but that would make it unauthenticated by default.
But since RENDERER_ACCESS_KEY
is set, one could reason that RENDERER_ACCESS_KEY=
would imply that unauthenticated use is intended... When the environment var is missing, you could say the service isn't configured properly.
Since there is no encryption tied to authentication it creates a false impression of security. So if you either use the service through docker or standalone you will have to enable encryption somehow. I usually use an nginx reverse proxy for that. If I have that in place I might as well add basic auth since it can be handled in the same directive. I'd drop the auth token altogether.
BTW: Thank you very much for the awesome repo. I tried all the available solutions but yours works well and fast. I changed some dependencies to slim down the image a bit though.
I'm considering this service along with another docker container and would use it from within my private docker network. No auth needed.