New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reinforce the need for TLS when exposing the server to the internet #22
Comments
You're right, this is a good suggestion, although I have no idea how to implement it. Any tips on where to start ? |
There are a few ways, Use ssh port forwarding to not expose the server at all to the public internet. Pros:
Use a reverse proxy server this however requires nginx or caddy for example and a SSL certificate, self signed or from say let's encrypt. Pros:
These last two points can helped by caddy. Implement TLS in the server itself this however is very easy to get wrong and needs maintenance. I have only included this for completeness you should only do this when you know what you are doing. |
Another pro of ssh is no need for firewall rules if a rule for ssh already exists. |
I will be looking into these options, thank you. You'll be updated when I actually start modifying the code. |
Unless you go the third route there should be no code changes needed. Just some Readme changes to point users in the right direction. |
Well, if you can explain the step-by-step process of setting this up on a server, then feel free to make a PR 😁 |
Contact Details
m.xavier@ieee.org
Describe your idea
Reinforce the need for TLS when exposing the server to the internet, the server is now more secure with the ephemeral tokens but the read-me still doesn't warn about the need to use a reverse proxy with TLS when exposing the server to the internet as it is still very much insecure to exchange the credentials over plain HTTP. I can help with this if you need.
Code of Conduct
The text was updated successfully, but these errors were encountered: