ragflow icon indicating copy to clipboard operation
ragflow copied to clipboard
Published 1 week ago verified publisher icon infiniflow

[Question]: How to disable public registration?

Open Gluepower opened this issue 1 year ago • 7 comments

Describe your problem

I installed ragflow on cloud so need to disable public registration. Want to avoid someone finding my instance and being able to log in. Is there a way to do that? Even with code, any solution and help appreciated please!

Gluepower avatar Aug 28 '24 06:08 Gluepower

You need to change code of front end to disable registration. Use keyword 'sign up' to find the code in folder 'web', comment out them. Compile the code using npm build.

KevinHuSh avatar Aug 28 '24 06:08 KevinHuSh

hope add this future on coming version

chminsc avatar Feb 11 '25 23:02 chminsc

使用Nginx反向代理拒绝掉 /v1/user/register 的访问就可以禁止用户注册 具体来说,使用这样的conf文件启动Nginx反向代理,就可以实现将原本的默认使用80端口访问服务变成使用18888端口访问服务,同时没有办法进行注册 You can block user registration by denying access to /v1/user/register via an Nginx reverse proxy. You can use a Nginx configuration file like the one below.

server {
    listen 18888;
    server_name the-server-ip

    location /v1/user/register {
	deny all;
    	return 403;
    }

    location / {
        proxy_pass http://the-server-ip:80;
    }
}

cyk-git avatar Feb 16 '25 09:02 cyk-git

hope add this future on coming version

good job. but are there any other protocols, apis should be banned for security reasons?

chminsc avatar Feb 16 '25 13:02 chminsc 

location /v1/user/register {
  deny all;
  return 403;
}

location / {
  allow all;
  proxy_pass http://localhost:80;
  proxy_set_header Host $http_host;
  proxy_set_header Cookie $http_cookie;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
{
  proxy_pass http://localhost:80;
}
location ~ .*\.(js|css)?$
{
  proxy_pass http://localhost:80;
}

Marchccc avatar Feb 26 '25 09:02 Marchccc

You need to change code of front end to disable registration. Use keyword 'sign up' to find the code in folder 'web', comment out them. Compile the code using npm build.

This is a non-solution. Changing the HTML will not prevent registrations, it just prevents the form from being rendered. As suggested by other users, preventing requests to the API endpoint would actually disable registration.

It blows my mind that there are literally zero administrative controls for this application. Every user is equally powerful and registration is broadly opened by default with no option whatsoever to disable it.

Where the hell are the basic user management and permission controls?

I love the rest of the features, but this one missing feature basically renders the stack unusable for any serious applications whatsoever.

jncrenshaw avatar Mar 19 '25 23:03 jncrenshaw

This is just so f*** stupid. Such a simple function surprisingly has no official implementation.

Faultiness avatar May 19 '25 13:05 Faultiness

Disabling registration is actually supported since 0.18.0 via ENV parameter. What I really miss is registration API

blumfontein avatar May 24 '25 10:05 blumfontein

I found it in documentation

User registration REGISTER_ENABLED 1: (Default) Enable user registration. 0: Disable user registration.

ayeah avatar Jun 07 '25 08:06 ayeah

I think there should also be a way to easily hide the default log in, not only registration. Since our users are using OIDC then the default log in form is confusing.

Odrec avatar Aug 06 '25 14:08 Odrec