docker-firefox icon indicating copy to clipboard operation
docker-firefox copied to clipboard

Published 20 hours ago verified publisher icon jlesage

can we get password and user auth

Open carolynsteeves1 opened this issue 2 years ago • 11 comments

Hello! I love it, i was just wondering why it isnt possible to make an user and password for the web interface. It seems like an huge vulnerable attacking point

carolynsteeves1 avatar Oct 26 '22 16:10 carolynsteeves1

Could you provide more details about the scenario where you see a vulnerability ?

I guess the people mostly deploy the container under their private/trusted network. When the container needs to be exposed to the internet, this is better done with a reverse proxy. Security, like imposing a username/password, is done by the reverse proxy.

jlesage avatar Oct 31 '22 03:10 jlesage

you can use base auth in nginx,this firefox reservy by nginx.

lifetraveler avatar Oct 31 '22 09:10 lifetraveler

I'm curious as on how to do this as well. Would like to restrict it from my internal users who try to go directly to the URL

patrick-GH avatar Nov 08 '22 19:11 patrick-GH

@patrick-GH, so the network connected to the host running the container is not "trusted" ?

jlesage avatar Nov 10 '22 13:11 jlesage

Note that today, you can at least use the VNC_PASSWORD environment variable to set a password to access the interface. See https://github.com/jlesage/docker-firefox#vnc-password

jlesage avatar Nov 10 '22 13:11 jlesage

Bonjour, Est ce possible de logger toutes les IP des clients qui se connecte à l'URL dans un fichier de LOG ? Merci beaucoup Hello, Is it possible to log all client IPs that connect to the URL in a log file? Thanks

Almaric78 avatar Dec 30 '22 15:12 Almaric78

Could you provide more details about the scenario where you see a vulnerability ?

I guess the people mostly deploy the container under their private/trusted network. When the container needs to be exposed to the internet, this is better done with a reverse proxy. Security, like imposing a username/password, is done by the reverse proxy.

Hello, I have a Synology NAS and Docker on it, how to configure a reverse proxy for this service ? Is it possible to configure an Alias in Login Portal of DSM ? I tried but I did not succeed. Thanks a lot for your nice application.

Almaric78 avatar Dec 30 '22 16:12 Almaric78

Bonjour, Est ce possible de logger toutes les IP des clients qui se connecte à l'URL dans un fichier de LOG ? Merci beaucoup Hello, Is it possible to log all client IPs that connect to the URL in a log file? Thanks

Bonjour (je vais répondre en anglais pour le bénéfice de tous),

You can have a look at log/nginx/access.log, under the directory you mapped to /config.

jlesage avatar Jan 02 '23 02:01 jlesage

Hello, I have a Synology NAS and Docker on it, how to configure a reverse proxy for this service ? Is it possible to configure an Alias in Login Portal of DSM ? I tried but I did not succeed. Thanks a lot for your nice application.

I don't have a Synology myself, but I know it has a build-in reverse proxy you can use. You should be able to find tutorials about it. For example:

  • https://kb.synology.com/en-ca/DSM/help/DSM/AdminCenter/system_login_portal_advanced?version=7
  • https://mariushosting.com/synology-how-to-use-reverse-proxy-on-dsm-7/

jlesage avatar Jan 02 '23 02:01 jlesage

You can have a look at log/nginx/access.log, under the directory you mapped to /config.

Thanks ! but the nginx server log always the Gateway 172.17.0.1 of docker Bridge and not the final IP / client..

Almaric78 avatar Jan 02 '23 15:01 Almaric78

Humm on my setup the log does contain the real IP address of the clients. Does your container use the default bridge network ? Are you accessing the container from your local network ?

jlesage avatar Jan 03 '23 02:01 jlesage