KairuByte
commented
1 year ago Can’t help but agree. Very odd to be serving full account access on multiple stores… over http.
Open Primajin opened 1 year ago
KairuByte
commented
1 year ago Can’t help but agree. Very odd to be serving full account access on multiple stores… over http.
vogler
commented
1 year ago Not sure if this is out of scope.
Most people will run this in their small local network with a firewall on the router that has ports closed by default and where there's no danger of eavesdropping (e.g. wifi client in promiscuous mode (still needs to be inside the network)). MITM only becomes a problem when you open the port to the internet (and only for VNC, HTTPS is still used for all browser requests incl. auth). If you do that or run it on some VPS, you probably have other HTTP services and run some reverse-proxy for HTTPS anyway.
I use Caddy which makes this very easy. You just need to run
caddy reverse-proxy --from example.com --to localhost:6080So, intuitively my feeling is 'no, this goes against the Unix philosophy', but not sure how much this still applies here.
I can check how much caddy or nginx would increase the image size and add some HTTPS_DOMAIN option.
Primajin
commented
1 year ago Maybe also a first iteration could be a wiki page how someone could set it up themselves - e.g. when they followed the page of setting up their own environment in Oracle Cloud - how can they then serve the thing via https while it's running?
vogler
commented
1 year ago Yea, that sounds reasonable.
Hey there, do you think it's possible to run some
certbot/let's encryptso that we can serve the noVNC also via https - when running the script in the cloud it would be better to havehttps.