Comments on: Security Hardening Octoprint/Octopi

By: chris

chris — Fri, 26 Jul 2019 06:11:14 +0000

In reply to kobi. See requirements numbers (2) and (3). nginx is running on another machine. Pointing nginx directly at octopi would mean binding the octopi server to 0.0.0.0 and making it accessible to anything on my network. There's an argument to be made that this is fine. But I don't like it, and it's not hard to change. Since setting this up a year ago, it's not broken even once, so also not much of a maintenance burden :)

By: kobi

kobi — Fri, 26 Jul 2019 04:52:13 +0000

i have a question, why do you use the tunnels, why not simply point the nginx backend to the octopi ip address directly ?

By: chris

chris — Wed, 10 Apr 2019 22:00:20 +0000

In reply to jon wingat. For this use-case, I don't think it matters. If I needed a software load balancer, I'd probably be using HA Proxy. There's so little load for anything like this, that there's not a whole lot of reason to prefer one over the other. HA Proxy also has a LUA scripting component, so I'm sure this would be possible with it as well.

By: jon wingat

jon wingat — Sun, 31 Mar 2019 21:53:31 +0000

I'm curious about your thoughts on HAProxy versus NGINX. My impression was they were similar products somebody's rant here. Is the main issue for you that you want the processes on separate servers?