Skip to content

Comments

Zpriddy#27

Open
zpriddy wants to merge 2 commits intoAVGP:latestfrom
zpriddy:zpriddy
Open

Zpriddy#27
zpriddy wants to merge 2 commits intoAVGP:latestfrom
zpriddy:zpriddy

Conversation

@zpriddy
Copy link

@zpriddy zpriddy commented Feb 7, 2016

I added a layer of HTTP using letsencrypt and nginx. It now requires basic auth when accessing the c9 IDE. I did not like how everything was open to the internet without even https with c9 - more so with no password if the IDE was running considering it has access to a shell. There is more that can be done - maybe using oauth2_proxy in the future. This is just a quick security improvement. @harjot1singh @AVGP Feel free to contact me if you have any questions about these changes or would like to start working together - me@zpriddy.com

Zachary Priddy added 2 commits February 7, 2016 20:40
make cloud9 run on localhost and links to https
36e8cf3 
Changed the port checker to only check localhost and make cloud9 launcher only launch to local host. The reason for this chnage is to imporove security. This allowes you to run nginx with proxy_pass allowing you to password protect c9 as well as run it with https. This is an issue because once you launch c9 from c9hub the c9 instance is open to the world on port 300X with no auth, password, or https. Yes this fix causes you to have to login again but it is much better than leaving it open to the world. I also removed livereloader from the page footer fixing 404 errors.
Updated README to add nginx setup
ecd6b60 
Updated walkthough for https using letsencrypot and nginx with password auth to the c9 IDE. Aslo added sample nginx confix file
@harjot1singh
Copy link
Collaborator

harjot1singh commented Feb 8, 2016

@zpriddy Hey, nice idea. Are you able to implement a way of making this optional, maybe through the config files?

@zpriddy
Copy link
Author

zpriddy commented Feb 10, 2016

It should be simple enough to do.. Im not really a js coder but it is something that I can look into.

@zpriddy
Copy link
Author

zpriddy commented Feb 10, 2016

So.. In thinking about this.. I think it would be good to have https on all connections...

The only concern that I have is that c9 is using ports 3000-5000 right? This would mean that we would need 2000 ports on nginx config - that might be overwhelming..

Is there any chance that we can limit it to 100 ports? and then start recycling those ports? I was trying to do that but failed to do so. I saw in the history that @harjot1singh fixed a bug to allow all those ports.. Is there any good reason why we cant un do that? Any downside to that?

@harjot1singh
Copy link
Collaborator

harjot1singh commented May 2, 2016

@zpriddy Sorry for coming back to it now. I'm not sure what you mean, cloud9hub originally used those 2000 ports, before I changed anything. The range can easily be changed though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zpriddy @harjot1singh