Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Caprover is nice and convenient but security wise, only a single password field is required on the admin console. (See demo here: https://captain.server.demo.caprover.com/#/login) Given this it would be nice to at least make the web admin console only accessible via an IP whitelist, but last time I used it I did not find an easy way to do that.


Can you not firewall the relevant admin webui port?


The admin webui runs on the captain sub-domain so i'm not too sure if that can be firewalled.


How does any of that matter? Firewall the relevant port so that it only allows your connecting IP.


I haven’t used it but it appears to serve everything over the same port. You could block it with a reverse proxy but not with a firewall or layer 4 proxy.


Make a 256 bit password. Problem solved?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: