smortex
commented
3 weeks ago Hopefully this will help to avoid the number of PuppetBoard instances exposed on the Internet to continue to be so common. Here is a report from shodan for the trend of the number of results for the search "http.title:puppetboard"
The module configure PuppetBoard, but also has classes to setup Apache configuration to serve it. Unfortunately, such configuration is very site specific, and providing it in the module confuse users who discover that their setup is exposed to the internet without authentication.
At some point, LDAP authentication was added which partially fix the issue, but only for users who can authenticate their users with LDAP.
It is also quite common to use the Puppet CA to authenticate clients, or use Passenger instead of wsgi, or use another web server than apache, and any combination of this, making a generic solution not viable.
Remove all these apache-specific examples from the module classes, and provide examples configuration for different setups. It will be easier to add new integration examples by just dropping more files in the example directory, without cluttering the module with complex mostly private code.