There are things in software design that really confuse me.
-
There are things in software design that really confuse me.
Like, #ipfs look awesome. But telling me "do not open port 5001 to the public because the RPC API give general admin access" while also providing the Web Interface on the very same port is… like… very much not smart. 🧐
Not like you shouldn't use a reverse proxy anyway. Still… this doesn't make too much sense.
#software #hosting #selfHosting -
@Natanox ...Honestly that sounds like it should be treated as a bug and fixed. Like, yesterday.
-
@krutonium Yeah… Of course I can configure nginx to point to the exact webUI adress, but given it's the same port as the API but merely a different subfolder I could swear there's some sort of exploitation danger at hand here.
-
@Natanox Only the local device should be utilizing the RPC API, same for the CLI API.
The webui is the same-- only for the owner of the node. If you need to manage ipfs remotely, I recommend normal ssh.
-
@Arlodottxt Somewhat weird to me to offer a web interface if it's not meant to be used on the web.
Anyway, those ports do now lead to nowhere and I got comfy managing the ipfs docker via CLI. So I guess it's fine.