jpmens
commented
4 months ago It's very unlikely that we will do that. We explicitly recommend placing the Recorder behind a reverse proxy for authentication. Apart from serving /htdocs, you'd also have the /pub and the API endpoints protected which they aren't now. (The API serves data which you believe hidden by removing access to a few static files ...)
The Recorder was designed to run on a system's loopback interface fronted by an authenticating (and TLS-terminating) HTTP proxy.
Dear all,
I started using Owntracks a few days ago and owntracks-recorder is running in a docker container accessible from the internet (port forwarding) to enable my mobile to store the location data via http. Unfortunately not only the /pub service but also the website is now accessible from the internet which I absolutely do not want as it shows personal data.
I know that I could set up a reverse proxy with authentication but this seems to be an overkill in my case.
As a workaroud I mapped an empty folder to the /htdocs folder in the docker-compose file so now the webserver does not show anything. As I use owntracks-frontend I do not need the webserver from owntracks-recorder.
But as a better solution I suggest to introduce an environment variable to disable the webserver showing the location data and only serve requests to the /pub service.
Greetings, Christian