<NoobQuestions>
Hey guys, I have a question regarding the auto setup of sandstorm.
<NoobQuestions>
I am still very new to this. When I installed it via the bash | curl thing, I got an admin url token afterwards to check on my server. But there both chrome and firefox tell me, that the certficate authority is invalid and therefore the connection is insecure. But the documentation states that by using the auto-setup, one gets a valid certificate
qjkx[m] has joined #sandstorm
<TimMc>
NoobQuestions: Are you using sandcats?
<NoobQuestions>
yes, i kept all the default installation settings
<TimMc>
Oh hmm. Can you share a link to your instance? (Without the admin token, heh.)
<NoobQuestions>
uuuh
<NoobQuestions>
i just tried on another laptop and this lead straight to the config page of our router lol
<NoobQuestions>
uninstalled it obv, that should not happen^^
<TimMc>
NoobQuestions: Ah, so you haven't configured port forwarding, then.
<TimMc>
Your router was giving back *its* certificate, which of course was a bogus cert, because routers.
<NoobQuestions>
uh is it dangerous that this can be accessed publicly now?
<NoobQuestions>
even after uninstalling?^ like is this still a valid route now
<TimMc>
Were you behind the router when you tried to visit the site?
<TimMc>
It might be that the router only exposes its config page to computers inside the network, but shows it to them even when they use the public IP.
<TimMc>
Either way, your router's config page already was (or wasn't) visible to the public internet; Sandstorm doesn't change that either direction
<NoobQuestions>
yes i was, but i still would like to remove that url guess ill message them - so i had to configure port forwarding before doing the installation?
<TimMc>
yep
<TimMc>
I'm not sure there's any point in removing the DNS entry.
<TimMc>
Your IP address is more or less public information. I could run a Shodan scan that would pick up your home router even without a sandcats entry. It just scans the entire internet. :-)
<NoobQuestions>
yeah i guess, i just panicked that i f..d up there for a sec
<TimMc>
I would suggest that what's more sensitive is the association between you and the IP address, but if you're comfortable hosting your instance out of your home (which I do as well!) then you've already decided you're OK with that.
<TimMc>
I guess if you weren't planning on sharing the instance with anyone else, then maybe it's different.
<NoobQuestions>
thanks for your help
<TimMc>
NoobQuestions: If you're the only user, you could make your own cert.
<NoobQuestions>
nah its meant for a small team so we can use rocketchat(or mattermost) and wekan
<NoobQuestions>
just wanted to make sure that by doing what sandstorm.io says - making configuration of a server safe even for it noobs, i do not create a security breach
<TimMc>
Yeah, I think you're on the right track then.
<TimMc>
It might even improve security. ;-)
<TimMc>
Many routers have a switch to say "don't show the config screen to the public internet", but the switch sometimes doens't *do* anything, and configuring a port-forward over that port is the only way to block it.