Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    /status, /metrics is public

    HedgeDoc
    3
    4
    246
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girish
      girish Staff last edited by

      As a heads up, in HedgeDoc, the /status and /metrics route are public in https://github.com/hedgedoc/hedgedoc/pull/1857 . Just wondering if people here consider it "private" ? I can fix the package accordingly.

      luckow 1 Reply Last reply Reply Quote 1
      • luckow
        luckow translator @girish last edited by luckow

        @girish please change it so that it is private. If it is possible (maybe sometime in the future, I am interested in the Prometheus endpoint), implement it as a "switch" in the .env file.

        A little context: this kind of information is public at the status endpoint (https://demo.hedgedoc.org/status)

        4499c911-a789-48f6-8142-c463f9a58947-grafik.png

        For a demo instance, that might be fine. But as an administrator of a self-hosted Hedgedoc, I want to decide what kind of transparency I want to share with the world.

        Pronouns: he/him | Primary language: German

        1 Reply Last reply Reply Quote 2
        • nebulon
          nebulon Staff last edited by

          I am both ways here, as mentioned in the upstream issue, we can filter out those urls, if we would use an additional reverse proxy specifically for the app. However this adds another nginx instance and since it is not maintained upstream, we might miss future routes which also need protection the same way.

          Ideally I still think this is really part of the upstream project to maybe even have settings for that.

          luckow 1 Reply Last reply Reply Quote 0
          • luckow
            luckow translator @nebulon last edited by

            @nebulon upstream has "heard us" 🙂
            https://github.com/hedgedoc/hedgedoc/issues/2082

            Pronouns: he/him | Primary language: German

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Powered by NodeBB