Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support new env variable for blocking public access #20

Merged
merged 3 commits into from
Jul 6, 2022
Merged

support new env variable for blocking public access #20

merged 3 commits into from
Jul 6, 2022

Conversation

kwypchlo
Copy link
Contributor

@kwypchlo kwypchlo commented Jul 4, 2022

Server is disabled when either:

  • disable reason is set manually (non empty)
  • DENY_PUBLIC_ACCESS env variable is set to true (server on takedown)

Additionally displays a proper disable message when using DENY_PUBLIC_ACCESS.

@kwypchlo kwypchlo requested a review from ro-tex July 4, 2022 13:52
@kwypchlo kwypchlo self-assigned this Jul 4, 2022
@kwypchlo kwypchlo requested a review from meeh0w as a code owner July 4, 2022 13:52
@linear
Copy link

linear bot commented Jul 4, 2022

SKY-1216 Block traffic on takedown servers but do not stop services

  • introduce new environment variable for access disabled - DENY_PUBLIC_ACCESS
  • /health-check should indicate access disabled with message "Server public access denied" (if there is already a messsage then it should look like "Some existing message & Server public access denied"
  • block in nginx skylink download and upload endpoints only (handshake and dnslink included) except for internal traffic - internal docker network (10.10.10.xxx) and current server public ip (self routed traffic)
    • endpoint /[skylink]
    • endpoint /file/[skylink]
    • endpoint [skylink].portal.tld
    • endpoint /hns/[domain]
    • endpoint [domain].hns.portal.tld
    • endpoint for dnslink
    • endpoint /skynet/restore
    • endpoint /skynet/skyfile (upload)
    • endpoint /skynet/tus (100M+ file upload)
    • endpoint /skynet/pin
    • endpoint /skynet/trustless/basesector

Optional if possible:

  • health-check service should test whether access from outside is indeed disabled (can we use some proxy when making a request)

meeh0w
meeh0w previously approved these changes Jul 4, 2022
View reviewed changes
Copy link
Contributor

@meeh0w meeh0w left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a nit.

src/utils.js Outdated Show resolved Hide resolved
ro-tex
ro-tex previously approved these changes Jul 4, 2022
View reviewed changes
src/api/disabled.js Outdated Show resolved Hide resolved
@kwypchlo kwypchlo dismissed stale reviews from ro-tex and meeh0w via 1f16f21 July 4, 2022 18:41
@kwypchlo
Copy link
Contributor Author

kwypchlo commented Jul 4, 2022
edited
Loading

All fixed. I'm going to assign myself a task to set up testing environment for this repository as a high priority follow up.

https://linear.app/skynetlabs/issue/SKY-1218/set-up-testing-environment-for-webportal-health-check

@kwypchlo kwypchlo requested review from ro-tex and meeh0w July 4, 2022 18:44
@kwypchlo kwypchlo merged commit 3c19d7e into main Jul 6, 2022
@kwypchlo kwypchlo deleted the karol/sky-1216-block-traffic-on-takedown-servers-but-do branch July 6, 2022 08:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ro-tex ro-tex ro-tex approved these changes

@meeh0w meeh0w meeh0w approved these changes

Assignees

@kwypchlo kwypchlo

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kwypchlo @ro-tex @meeh0w