Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. HedgeDoc
  3. /status, /metrics is public

/status, /metrics is public

Scheduled Pinned Locked Moved HedgeDoc
4 Posts 3 Posters 1.0k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #1

    As a heads up, in HedgeDoc, the /status and /metrics route are public in https://github.com/hedgedoc/hedgedoc/pull/1857 . Just wondering if people here consider it "private" ? I can fix the package accordingly.

    luckowL 1 Reply Last reply
    1
    • girishG girish

      As a heads up, in HedgeDoc, the /status and /metrics route are public in https://github.com/hedgedoc/hedgedoc/pull/1857 . Just wondering if people here consider it "private" ? I can fix the package accordingly.

      luckowL Offline
      luckowL Offline
      luckow
      translator
      wrote on last edited by luckow
      #2

      @girish please change it so that it is private. If it is possible (maybe sometime in the future, I am interested in the Prometheus endpoint), implement it as a "switch" in the .env file.

      A little context: this kind of information is public at the status endpoint (https://demo.hedgedoc.org/status)

      4499c911-a789-48f6-8142-c463f9a58947-grafik.png

      For a demo instance, that might be fine. But as an administrator of a self-hosted Hedgedoc, I want to decide what kind of transparency I want to share with the world.

      Pronouns: he/him | Primary language: German

      1 Reply Last reply
      2
      • nebulonN Offline
        nebulonN Offline
        nebulon
        Staff
        wrote on last edited by
        #3

        I am both ways here, as mentioned in the upstream issue, we can filter out those urls, if we would use an additional reverse proxy specifically for the app. However this adds another nginx instance and since it is not maintained upstream, we might miss future routes which also need protection the same way.

        Ideally I still think this is really part of the upstream project to maybe even have settings for that.

        luckowL 1 Reply Last reply
        0
        • nebulonN nebulon

          I am both ways here, as mentioned in the upstream issue, we can filter out those urls, if we would use an additional reverse proxy specifically for the app. However this adds another nginx instance and since it is not maintained upstream, we might miss future routes which also need protection the same way.

          Ideally I still think this is really part of the upstream project to maybe even have settings for that.

          luckowL Offline
          luckowL Offline
          luckow
          translator
          wrote on last edited by
          #4

          @nebulon upstream has "heard us" 🙂
          https://github.com/hedgedoc/hedgedoc/issues/2082

          Pronouns: he/him | Primary language: German

          1 Reply Last reply
          1
          Reply
          • Reply as topic
          Log in to reply
          • Oldest to Newest
          • Newest to Oldest
          • Most Votes


          • Login

          • Don't have an account? Register

          • Login or register to search.
          • First post
            Last post
          0
          • Categories
          • Recent
          • Tags
          • Popular
          • Bookmarks
          • Search