| ▲ | traceroute66 4 days ago | ||||||||||||||||
> You only access Dokploy through https, removing a whole class of attacks Words such as the above on the blog post send shivers through my spine each time I read them. They are, for example, a common sight on websites description of their security. "we use https so everything is ok" says the fluffy website description, carefully omitting to mention any of the stuff that really matters. Instead they just stop abruptly at the mention of the magical https. Shrug. Or another classic example is all those people who think a dumb pass-through nginx/caddy https proxy infront of their backend suddenly makes the backend secure ! Coming back to this specific wording, I'm not sure what "whole class of attacks" they are expecting to suddenly thwart just because they are running over https ? I would suggest its a bit of a bold statement, to put it kindly. I assume they are referring to the low-hanging-fruit like MITM etc, but as everyone knows that's not really where the real security concerns are in 2025 ... | |||||||||||||||||
| ▲ | anal_reactor 4 days ago | parent | next [-] | ||||||||||||||||
Not to mention situations where I specifically don't want security. Like: > your password must be at least 20 characters long, contain mixed-case letters, digits, five kanji, and at least one byte that isn't a valid UTF-8 codepoint > but I'm setting up a small VM on my private PC to run a script that scrapes porn > DID I FUCKING STUTTER > ok ok I'm sorry calm down | |||||||||||||||||
| |||||||||||||||||
| ▲ | 4 days ago | parent | prev | next [-] | ||||||||||||||||
| [deleted] | |||||||||||||||||
| ▲ | indigodaddy 4 days ago | parent | prev [-] | ||||||||||||||||
Weird though that their installation page says to navigate to http://IP:3000 (specifically noting http and not https). Perhaps part of the setup will create a cert for your chosen domain and then from then on have you use https://domain:3000 ? | |||||||||||||||||