What if we just deploy your app on internal network.

On Thu, Dec 20, 2018, 3:29 AM Roger Schaerer <[email protected]
wrote:

I suggest adding the option for protecting access to exposed web-apps with
a password.
🎯 Desired outcome 💻 Backend GUI of captainduckduck

A user can check the checkbox Enable password protection for accessing
this web-app in the captain GUI settings of an app under the section HTTP
(web app) Settings.

After pressing Save & Update Configuration a random password will be
shown right below the checkbox. If needed a random username will be
displayed as well. Password and username might be optionally user editable.

The user can disable the password protection at any times.
📱 When accessing the exposed web-app

Enabling password protection restricts access to the exposed web-app on
http (and https if enabled) by showing a password dialog or input field on
a landing page when opening the exposed web-app url or any connected domain
in the browser.
💡 implementation ideas

• use nginx auth_basic
  http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html

❓ Open questions

• What happens when Port Mapping is enabled in the app?

📣 Why could this feature be useful to users?

Some examples why this feature is handy for captain users:

• When they want to protect their one click app phpmyadmin from being
  accessed and used by a random person.
• When they want to setup their one click app wordpress as not public
  exposed cms for generating static sites with a plugin like Simply
  Static https://wordpress.org/plugins/simply-static/ or WP Static
  Site Generator
  https://de.wordpress.org/plugins/static-html-output-plugin/.
• and many more... ❤️

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/githubsaturn/captainduckduck/issues/336, or mute the
thread
https://github.com/notifications/unsubscribe-auth/AAK0cVVyokvMdLt0TKCRi1NIpsHrz6Nfks5u6pOmgaJpZM4Za4u3
.

What if we just deploy your app on internal network.

This is another feasible implementation which might be easier to add as new feature.

However I think this approach lacks two benefits which I was thinking about: the app is still accessible from the outside ( :one: ) by anyone ( :two: ) which has the credentials.

This raises the following questions:

:one: What does the deploying user do to access the web-app deployed on the internal network only?

• Use a ssh tunnel?
• Other easy methods?

:two: How can the web-app be exposed to another person than the deploying user?

• I have no idea about that

I think the auth should be controlled by the app itself. Another layer of
auth on the top of auth of app is redundant and weird design. Imagine i
will always login twice using different credentilas on single app. Which is
really weird UX to me

On Thu, Dec 20, 2018, 5:50 PM Roger Schaerer <[email protected]
wrote:

What if we just deploy your app on internal network.

This is another feasible implementation which might be easier to add as
new feature.

However I think this approach lacks two benefits which I was thinking
about: the app is still accessible from the outside ( 1️⃣ ) by anyone
( 2️⃣ ) which has the credentials.

This raises the following questions:

1️⃣ What does the deploying user do to access the web-app deployed on the
internal network only?

• Use a ssh tunnel?
• Other easy methods?

2️⃣ How can the web-app be exposed to another person than the deploying
user?

• I have no idea about that

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/githubsaturn/captainduckduck/issues/336#issuecomment-448937873,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAK0cYK-OyepkYcxTPU33k43eMJi4NP5ks5u611IgaJpZM4Za4u3
.

Implemented in v1.4.0