Document NPM-protected deploy mode
This commit is contained in:
MiTHRAL
parent
86ea28cceb
commit
77464b8030
2 changed files with 6 additions and 5 deletions
|
|
@ -6,9 +6,7 @@ CHECK_INTERVAL_SECONDS=60
|
|||
HTTP_USER_AGENT=ArchiveStatusBot/1.0
|
||||
DISCORD_DRY_RUN=false
|
||||
DASHBOARD_ENABLED=true
|
||||
DASHBOARD_AUTH_DISABLED=true
|
||||
DASHBOARD_HOST=0.0.0.0
|
||||
DASHBOARD_PORT=8787
|
||||
DASHBOARD_USERNAME=admin
|
||||
DASHBOARD_PASSWORD_HASH=replace-with-generated-pbkdf2-hash
|
||||
DASHBOARD_SESSION_TTL_SECONDS=28800
|
||||
DASHBOARD_COOKIE_SECURE=true
|
||||
|
|
|
|||
|
|
@ -148,13 +148,16 @@ Use this target from your proxy:
|
|||
http://archive-status-bot:8787
|
||||
```
|
||||
|
||||
For HTTPS behind a reverse proxy, set:
|
||||
For Nginx Proxy Manager, put the dashboard behind an Access List or basic auth on the proxy host and disable the app's own login:
|
||||
|
||||
```env
|
||||
DASHBOARD_AUTH_DISABLED=true
|
||||
DASHBOARD_COOKIE_SECURE=true
|
||||
```
|
||||
|
||||
Leave it `false` only for direct localhost HTTP testing.
|
||||
NPM’s Access Lists use browser `Authorization` headers, so the app never needs to receive your username/password directly. Leave `DASHBOARD_AUTH_DISABLED=false` only for direct localhost testing.
|
||||
|
||||
NPM’s own docs call out that Access List basic auth and app-side auth both use `Authorization`, so the app-side login is the one to disable in production.
|
||||
|
||||
For direct local Docker testing without a proxy:
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue