community-edition
community-edition copied to clipboard
Make plausible/analytics container port local only
This change makes the container plausible/analytics accessible only from localhost (127.0.0.1).
I think that this should be the default because:
- to use plausible with a https website, plausible should be served from https. Requires reverse proxy.
- using plausible with http makes it vulnerable to "hackers" when entering admin password and the entire traffic can be seen by "anyone", thus making it insecure.
The docs should reflect these points even if this PR is not accepted.
~~Not to mention opening docker ports like originally set up bypasses various firewall tools - including ufw
- creating a whole host of other potential security holes.~~(I was mistaken about this part, don't mind me) I do think this change will also need a bit of a documentation update because the instructions for loading the login screen over http rely on the port being open globally without a reverse proxy.
With port forwarding you could access the web ui before setting up a reverse proxy.
Yeah I'm happy to merge but documentation will need to be updated. I am planning to cut a release this month so I'll do it then.
@ukutaht Should this be closed?
@ukutaht will this be merged or closed? Almost two years have passed :)
I think having it accessible from the world is a good first experience with hosting it since you don't need to finish the proxy setup to play around with the product itself.
Some might run it in a private or firewalled network with the reverse proxy on a separate machine.
How about adding a very strong suggestion in the docs to not leave the container exposed to the world? That way we do our part in helping people secure their installations but also have a nice first-run experience.
@ukutaht I've created a PR for docs here.