Announcement

Collapse
No announcement yet.

Limit public access to the dump1090 page only?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Limit public access to the dump1090 page only?

    I was contemplating embedding my dump1090 radar image in my webpage.
    I only want the dump1090 page visible.
    As I want it as lightweight as possible, I was thinking of just using the lighttpd itself.

    My LAN is X.Y.Z

    I've made this so far:
    $HTTP["remoteip"] !~ "X.Y.Z\.|127.0.0.1" {
    url.access-deny = ( "" )
    $HTTP["url"] =~ "^/dump1090/gmap\.html$" {
    url.access-deny = ("disable")
    }
    }
    It surely opens up for the LAN, and only allows access to the dump1090/gmap.html
    However the gmap.html doesn't show the data, and reports it can't fetch data.
    I guess I need to open up for more files, but I'm not really an expert on lighttpd and which files dump1090 uses.

    I could get it shown by doing:
    $HTTP["remoteip"] !~ "Z.Y.Z\.|127.0.0.1" {
    url.access-deny = ( "" )
    $HTTP["url"] =~ "/dump1090/" {
    url.access-deny = ("disable")
    }
    }
    But is that safe?

    I then thought, hey, I'll change the root for non-local to make it prettier:
    $HTTP["remoteip"] !~ "X.Y.Z\.|127.0.0.1" {
    alias.url += (
    "/" => "/usr/share/dump1090-mutability/html/",
    "/data" => "/run/dump1090-mutability/"
    )
    }
    But that just gives me problems.

    Any ideas on if the first part (limit access) is ok, and how to get the last part (prettyfying it) working?

  • #2
    Going by the server setup for my Pihole config I needed, youll need to specify all the .js permissions and .php along with them if you go specific like that.
    A black hole for Internet advertisements. Contribute to pi-hole/pi-hole development by creating an account on GitHub.


    Or as I was eluding to in other thread - this may work for lighttpd too? Or at least chuck it in nginx like I have.
    It does a capture all for one of my services and passed it all to the real port. So can't get past it until auth'd

    And you add a user with htpasswd

    server {
    listen <external port>;

    location / {
    auth_basic "Protected";
    auth_basic_user_file /home/pi/directory/server/htpasswd;

    proxy_pass http://127.0.0.1:<real port>;
    }
    Posts not to be taken as official support representation - Just a helpful uploader who tinkers

    Comment


    • #3
      Hi Oblivian

      Yes, thankyou, I just didn't want to clutter up the other thread :-)
      I don't really need authentication, I just want to embed it into my homepage.
      I know the Pi is surprisingly strong, and my first thought was nginx as well, as I've toyed with that a lot of years ago as well, but is it really necessary?
      I'm not that familiar with lighttpd, but I guess it would be nice to just be able to use that instead of installing yet another product on the Pi.

      Comment


      • #4
        Well theres a tonne of JS scripting around the dump1090 page. And it's core URLs are for local display as far as I know. So embedding/external linking may not be so easy

        I would assume similar to the access for pihole you need to allow those along with the $http calls above?

        For instance each type is specified for pihole

        location /*.js {
        index pihole/index.js;

        So unless the way you are configuring lighttpd will do all sub directories and scripts I don't see it happening so easy?
        Posts not to be taken as official support representation - Just a helpful uploader who tinkers

        Comment


        • #5
          This seems to go into it with a bit more detail on paths etc and may give tips

          Posts not to be taken as official support representation - Just a helpful uploader who tinkers

          Comment

          Working...
          X