This repository has been archived by the owner on Jun 15, 2023. It is now read-only.
forked from jpillora/cloud-torrent
-
Notifications
You must be signed in to change notification settings - Fork 310
AuthSecurity
Preston edited this page Nov 29, 2019
·
4 revisions
The quick install script let you install Simple Torrent with oneline commnad, but it didn't provide proper securities. Additional setps are required after Proof-of-Working.
bash <(wget -qO- https://raw.githubusercontent.com/boypt/simple-torrent/master/scripts/quickinstall.sh)The script install a systemd unit as /etc/systemd/system/cloud-torrent.service:
[Unit]
Description=Cloud torrent download manager
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=~
Environment=AUTH=user:ctorrent
Environment=PORT=3000
ExecStart=/usr/local/bin/cloud-torrent -c ./cloud-torrent.json --host 0.0.0.0 --disable-log-time
Restart=always
RestartPreventExitStatus=42
RestartSec=
[Install]
WantedBy=multi-user.target
-
User=rootlet the program running under root, this maybe a security breach, CHANGE it. - Now your username and password are transmitting in HTTP plain text (base64 encoded), consider using https, or a frontend web server, eg: Caddy/Nginx. See:Behind WebServer (reverse proxying)
- After editing the unit file, run
systemctl daemon-reloadthensystemctl restart cloud-torrent.