Add a way to protect a lightpanda instance

[VillainsRule]

This could be easy as adding a password argument to lightpanda serve or as advanced as a server that could be sent some kind of token to validate it

I know this is on cloud.lightpanda.io but I'm not sure if this is in lightpanda's source itself anywhere (and if it is, I'm not sure how to use it)

[krichprollsch]

Hello @VillainsRule,

The browser doesn't have any way to protect the server. Authentication on cloud.lightpanda.io is handled by a dedicated reverse proxy.

By default, the browser listens only on 127.0.0.1. So I suggest you to use a reverse proxy like Caddy to expose and protect the server.

To auth your connection, I think the simpler would be to use a query matcher to ensure a query string token is set i the URL with the correct value.

Something like (not sure if it works, I didn't test it):

example.com {
	@token query token=MY_TOKEN
	reverse_proxy @token 127.0.0.1:9222
}

• https://caddyserver.com/docs/caddyfile/matchers#query
• https://caddyserver.com/docs/caddyfile/matchers
• https://caddyserver.com/docs/caddyfile/patterns#reverse-proxy
• https://caddyserver.com/docs/caddyfile/directives/reverse_proxy