You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+82Lines changed: 82 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -101,4 +101,86 @@ Legacy variables `POOL_HTTP_IP` and `POOL_HTTP_PORT` are still honored.
101
101
102
102
For production hardenings consider: enabling HTTPS, adding reverse proxy headers, mounting persistent volumes, and restricting exposed ports. Ensure ownership of the mounted `config.json` permits writes by the container user (UID 1000 in the official image); otherwise configuration changes will be disabled.
103
103
104
+
## Remote access
105
+
As configured in Quick Start above, the dashboard is only suitable to be used on your local network. To secure the website for accessing remotely on the internet you will need to use a [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) that is conigured to use encryption and authentication. There are several reverse proxies available, including [Nginx](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) and [Caddy](https://caddyserver.com/docs/quick-starts/reverse-proxy), but for this example [YARP](https://dotnet.github.io/yarp/) will be used.
104
106
107
+
Let's Encrypt provides free SSL certificates that requires a domain name which can be obtained from [Duck DNS](https://www.duckdns.org/) after signup. [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) enables strong authentication and is designed to enable passwordless login through hardware keys, biometrics (fingerprint/face), or mobile authenticators. With these in place you can remotely access your dashboard in a secure manner over the internet.
108
+
109
+
You will need to modify the docker compose file that was previously setup and confirmed running under http://localhost:5150 and add the following additional services (retaining njspc & njspc-dash) and new volume (to existing volumes). You will need to replace values for `DUCKDNS_DOMAIN` & `DUCKDNS_TOKEN` with the appropriate details from your Duck DNS account.
On the initial run you will need to edit the `customsettings.json` file located in the `proxy-config` volume with the following and replace `example.duckdns.org` with your domain.
Once running, the proxy will be available on TCP port 8443. Typically you would configure your home router to setup a [port forward](https://www.noip.com/support/knowledgebase/general-port-forwarding-guide) rule accepting TCP port 443 and forwarding to TCP port 8433 on the machine running the proxy. Then your website should be publicly (and securely) accessible at https://njspc.example.duckdns.org/ (substituting example with the custom domain name that you selected).
185
+
186
+
You will then need to register your security key as described in https://github.com/mguinness/YarpWebAuthn#usage. If you have any problems or questions, please create an issue at https://github.com/mguinness/YarpWebAuthn for further assistance.
0 commit comments