Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added section related to https deployment #556 #557

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Added section related to https deployment #556 #557

wants to merge 7 commits into from
+73 −0

Conversation

fernandinand
Copy link
Contributor

Please review this new section related to HTTPS deployment

@fernandinand fernandinand self-assigned this Feb 20, 2025
@fernandinand fernandinand linked an issue Feb 20, 2025 that may be closed by this pull request
Include security section (HTTPS) #556
Open
@fernandinand fernandinand requested review from PeterPetrik and removed request for PeterPetrik February 20, 2025 11:09
MarcelGeo
MarcelGeo requested changes Feb 24, 2025
View reviewed changes
Copy link
Contributor

@MarcelGeo MarcelGeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think do not mention docker-compose here. As we discussed with @varmar05 , ssl-proxy.conf is just example of how to use it with nginx. You can follow this guide on your infrastructure. If you want to use it with docker-compose as you mentioned, ssl-proxy.conf should be updated also with specific paths from nginx.conf (/download , etc.)

I think that you can mention here also specific security headers from ssl-proxy.conf.

src/server/security/index.md Outdated

The above example uses automated keys generated by CertBot. For more information, visit [CertBot](https://certbot.eff.org/instructions) website and check how you can generate your own keys.

Lastly, adjust the provided NGINX `docker compose` deployment file on the <GitHubRepo id="MerginMaps/server/blob/master/docker-compose.yml" desc="proxy service section" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we do not need to menion this CE docker-compose. Use just your docker-compose or something like this.

scripts/wordlist.txt
@@ -249,6 +253,7 @@ shapefiles
spatialindex
spatialite
sqlite
ssl
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we use SSL?

src/server/security/index.md Outdated
- ./projects:/data # map data dir to host
- - ./nginx.conf:/etc/nginx/conf.d/default.conf
+ - ./ssl-proxy.conf:/etc/nginx/conf.d/default.conf
- ./logs:/var/log/nginx/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure If we want to discuss here also logs. There is no context for it.

alex-cit
alex-cit approved these changes Feb 26, 2025
View reviewed changes
src/server/security/index.md Outdated
# Secure Mergin Maps installation

::: warning
This sections aims to provide some guidelines and a minimalistic example on how to secure a Mergin Maps deployment.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This sections aims to provide some guidelines and a minimalistic example on how to secure a Mergin Maps deployment.
This sections aims to provide some guidelines and a minimalistic example on how to secure a <MainPlatformName /> deployment.

@fernandinand fernandinand requested a review from MarcelGeo March 3, 2025 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PeterPetrik PeterPetrik PeterPetrik left review comments

@varmar05 varmar05 varmar05 left review comments

@alex-cit alex-cit alex-cit approved these changes

@MarcelGeo MarcelGeo Awaiting requested review from MarcelGeo

Assignees

@fernandinand fernandinand

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Include security section (HTTPS)
5 participants
@fernandinand @PeterPetrik @MarcelGeo @varmar05 @alex-cit