Make plausible/analytics container port local only #24
Conversation
This change makes the container plausible/analytics accessible only from localhost (127.0.0.1). I think that this should be the default because: - to use plausible with a https website, plausible should be served from https. Requires reverse proxy. - using plausible with http makes it vulnerable to "hackers" when entering admin password and the entire traffic can be seen by "anyone", thus making it insecure.
|
|
|
With port forwarding you could access the web ui before setting up a reverse proxy. |
|
Yeah I'm happy to merge but documentation will need to be updated. I am planning to cut a release this month so I'll do it then. |
|
@ukutaht Should this be closed? |
|
@ukutaht will this be merged or closed? Almost two years have passed :) |
|
I think having it accessible from the world is a good first experience with hosting it since you don't need to finish the proxy setup to play around with the product itself. Some might run it in a private or firewalled network with the reverse proxy on a separate machine. How about adding a very strong suggestion in the docs to not leave the container exposed to the world? That way we do our part in helping people secure their installations but also have a nice first-run experience. |
…se proxy (#271) * Update self-hosting.md Relates to plausible/community-edition#24 * Update docs/self-hosting.md Co-authored-by: Adam Rutkowski <hq@mtod.org> Co-authored-by: Adam Rutkowski <hq@mtod.org>
This change makes the container plausible/analytics accessible only from localhost (127.0.0.1).
I think that this should be the default because:
The docs should reflect these points even if this PR is not accepted.