There are things in software design that really confuse me.
-
There are things in software design that really confuse me.
Like, #ipfs look awesome. But telling me "do not open port 5001 to the public because the RPC API give general admin access" while also providing the Web Interface on the very same port isโฆ likeโฆ very much not smart. ๐ง
Not like you shouldn't use a reverse proxy anyway. Stillโฆ this doesn't make too much sense.
#software #hosting #selfHosting -
Krutoniumreplied to Natasha Nox ๐บ๐ฆ๐ต๐ธ last edited by
@Natanox ...Honestly that sounds like it should be treated as a bug and fixed. Like, yesterday.
-
Natasha Nox ๐บ๐ฆ๐ต๐ธreplied to Krutonium last edited by
@krutonium Yeahโฆ Of course I can configure nginx to point to the exact webUI adress, but given it's the same port as the API but merely a different subfolder I could swear there's some sort of exploitation danger at hand here.
-
Arlo Godfreyreplied to Natasha Nox ๐บ๐ฆ๐ต๐ธ last edited by
@Natanox Only the local device should be utilizing the RPC API, same for the CLI API.
The webui is the same-- only for the owner of the node. If you need to manage ipfs remotely, I recommend normal ssh.
-
Natasha Nox ๐บ๐ฆ๐ต๐ธreplied to Arlo Godfrey last edited by
@Arlodottxt Somewhat weird to me to offer a web interface if it's not meant to be used on the web.
Anyway, those ports do now lead to nowhere and I got comfy managing the ipfs docker via CLI. So I guess it's fine.