For completely private services, the obvious answer is a VPN. But what about the ones that need to be “partially” public? Whether just read only, or with restrictions to publicly registered accounts.

For example, If I wanted to open up a git host where I allow public registrations so they can send issues/patches but can’t create repos (kinda impossible with pull requests but you get my point)

Is there any specific thing you can do, or do you just disable registrations completely except for something “out-of-band” (ask me on XYZ to create an account for you, git send-email, mirrors to public services, etc…)

Of course, individual software may have access control features built in, but as a whole, is there anything reasonably generic?

  • philipcristiano
    link
    fedilink
    English
    21 year ago

    Not git(ea) but Synapse: I use separate Traefik routers for internal and external endpoints. Internal has access to all paths but for external entry points I allow or deny list paths as needed. It’s error prone as it can either break the app if not everything required is allowlisted, or cause a security issue if not everything is deny listed.