vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2026-04-04 17:21:23 -07:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Add Note about Testing and GraphQL NOT protected.

Browse Source
This commit is contained in:
luckylinux
2026-01-11 08:01:05 +01:00
parent a14c97dbab
commit d3a2e94cc4
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/REVERSE_PROXY.md
View File

@@ -568,6 +568,7 @@ The Traffic Flow will therefore be as follows:
- Authentik Outpost: Client accesses `https://authentik.MYDOMAIN.TLD:9443` -> reverse Proxy to internal Port 6000 (Authentik Outpost Proxy - unencrypted) - Authentik Outpost: Client accesses `https://authentik.MYDOMAIN.TLD:9443` -> reverse Proxy to internal Port 6000 (Authentik Outpost Proxy - unencrypted)
### Security Considerations ### Security Considerations
#### Caddy should be run rootless
> [!WARNING] > [!WARNING]
> By default Caddy runs as `root` which is a Security Risk. > By default Caddy runs as `root` which is a Security Risk.
> In order to solve this, it's recommended to create an unprivileged User `caddy` and Group `caddy` on the Host: > In order to solve this, it's recommended to create an unprivileged User `caddy` and Group `caddy` on the Host:
@@ -639,6 +640,10 @@ nobody:x:65534:
caddy:x:980: caddy:x:980:
``` ```
#### Authentication of GraphQL Endpoint
> [!WARNING]
> Currently the GraphQL Endpoint is NOT authenticated !
### Environment Files ### Environment Files
Depending on the Preference of the User (Environment Variables defined in Compose/Quadlet or in external `.env` File[s]), it might be prefereable to place at least some Environment Variables in external `.env` and `.env.<application>` Files. Depending on the Preference of the User (Environment Variables defined in Compose/Quadlet or in external `.env` File[s]), it might be prefereable to place at least some Environment Variables in external `.env` and `.env.<application>` Files.
@@ -1373,3 +1378,13 @@ http {
} }
``` ```
### Login
Now try to login by visiting `https://netalertx.MYDOMAIN.TLD`.
You should be greeted with a Login Screen by Authentik.
If you are already logged in Authentik, log out first. You can do that by visiting `https://netalertx.MYDOMAIN.TLD/outpost.goauthentik.io/sign_out`, then click on `Log out of authentik` (2nd Button). Or you can just sign out from your Authentik Admin Panel at `https://authentik.MYDOMAIN.TLD`.
If everything works as expected, then you can now set `SETPWD_enable_password=false` to disable double Authentication.
![Authentik Login Screen](./img/REVERSE_PROXY/authentik-login.png)

BIN
docs/img/REVERSE_PROXY/authentik-login.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB