From 9e9a2e503c8c660efd58b2951150afdc0f7b88cb Mon Sep 17 00:00:00 2001 From: aptalca Date: Tue, 20 Oct 2020 13:15:35 -0400 Subject: [PATCH] rutorrent: block rpc by default, it's unprotected --- rutorrent.subdomain.conf.sample | 15 +++++++++++++++ rutorrent.subfolder.conf.sample | 15 +++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/rutorrent.subdomain.conf.sample b/rutorrent.subdomain.conf.sample index c7ed27a..e177ba6 100644 --- a/rutorrent.subdomain.conf.sample +++ b/rutorrent.subdomain.conf.sample @@ -38,6 +38,21 @@ server { } location /RPC2 { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia + #include /config/nginx/authelia-location.conf; + + # block rpc access by default because it is unprotected + # you can comment out the next line to enable remote rpc calls + deny all; + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app rutorrent; diff --git a/rutorrent.subfolder.conf.sample b/rutorrent.subfolder.conf.sample index 98a7931..451da38 100644 --- a/rutorrent.subfolder.conf.sample +++ b/rutorrent.subfolder.conf.sample @@ -27,6 +27,21 @@ location ^~ /rutorrent/ { } location ^~ /rutorrent/RPC2 { + # enable the next two lines for http auth + #auth_basic "Restricted"; + #auth_basic_user_file /config/nginx/.htpasswd; + + # enable the next two lines for ldap auth, also customize and enable ldap.conf in the default conf + #auth_request /auth; + #error_page 401 =200 /ldaplogin; + + # enable for Authelia, also enable authelia-server.conf in the default site config + #include /config/nginx/authelia-location.conf; + + # block rpc access by default because it is unprotected + # you can comment out the next line to enable remote rpc calls + deny all; + include /config/nginx/proxy.conf; resolver 127.0.0.11 valid=30s; set $upstream_app rutorrent;