Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Securing self-hosted instances? #144

Closed
joshdick opened this issue Jul 1, 2023 · 1 comment
Closed

Securing self-hosted instances? #144

joshdick opened this issue Jul 1, 2023 · 1 comment

Comments

@joshdick
Copy link

joshdick commented Jul 1, 2023

Since wefwef has a backend component that proxies traffic to Lemmy, but doesn't appear to have any accounts system of its own, how do I prevent the public from using my wefwef installation (and thus proxying traffic on behalf of any user) if my wefwef installation is exposed to the Internet?

Possibilities I've thought of, both of which are clunky or don't solve the problem:

  • Restrict CUSTOM_LEMMY_SERVERS configuration exclusively the Lemmy instance I use
  • Figure out a way to make an Internet-facing proxy password-protect access to Lemmy using something like HTTP basic auth, and hope that doesn't break the client

Is there a way to do this that I'm not aware of? Or if not, is functionality like this planned?

Thanks for all of your hard work on wefwef, it's an amazing Lemmy client!
@aeharding
Copy link
Owner

Hi thanks!

This problem should go away once the following is merged in:

LemmyNet/lemmy#3421

After that, I'll wait a few weeks for all large instances to upgrade and then probably remove reverse proxying (unless some large instance is has it turned off).

Closing for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshdick @aeharding