Add security section to readme

See #1062.

Add security section to readme
See #1062.
ff99a1d7 · Asher · 7f07b8f6 · ff99a1d7 · ff99a1d7 · ff99a1d7
隐藏空白更改
内联并排

Showing with 28 addition and 10 deletion

.travis.yml .travis.yml +1 -1

README.md README.md +27 -0

doc/quickstart.md doc/quickstart.md +0 -9

未找到文件。
--- a/.travis.yml
+++ b/.travis.yml
@@ -61,7 +61,7 @@ deploy:

  - provider: script
    skip_cleanup: true
-    script: docker build -f ./scripts/ci.dockerfile --build-arg -t codercom/code-server:"$TAG" -t codercom/code-server:v2 . && docker push codercom/code-server:"$TAG" && docker push codercom/code-server:v2
+    script: docker build -f ./scripts/ci.dockerfile -t codercom/code-server:"$TAG" -t codercom/code-server:v2 . && docker push codercom/code-server:"$TAG" && docker push codercom/code-server:v2
    on:
      repo: cdr/code-server
      branch: master

--- a/README.md
+++ b/README.md
@@ -56,6 +56,33 @@ arguments when launching code-server with Docker. See
 - For self-hosting and other information see [doc/quickstart.md](doc/quickstart.md).
 - For hosting on cloud platforms see [doc/deploy.md](doc/deploy.md).

+## Security
+
+### Authentication
+To enable built-in password authentication use `code-server --auth password`. By
+default it will use a randomly generated password but you can set the
+`$PASSWORD` environment variable to use your own.
+
+Do not expose `code-server` to the open internet without some form of
+authentication.
+
+### Encrypting traffic with HTTPS
+If you aren't doing SSL termination elsewhere you can directly give
+`code-server` a certificate with `code-server --cert` followed by the path to
+your certificate. Additionally, you can use certificate keys with `--cert-key`
+followed by the path to your key. If you pass `--cert` without any path
+`code-server` will generate a self-signed certificate.
+
+If `code-server` has been passed a certificate it will also respond to HTTPS
+requests and will redirect all HTTP requests to HTTPS. Otherwise it will respond
+only to HTTP requests.
+
+You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
+for free.
+
+Do not expose `code-server` to the open internet without SSL, whether built-in
+or through a proxy.
+
 ### Build

 See

--- a/doc/quickstart.md
+++ b/doc/quickstart.md
@@ -7,15 +7,6 @@
 ## Usage
 Run `code-server --help` to view available options.

-### Encrypting traffic with HTTPS
-To encrypt the traffic between the browser and server use `code-server --cert`
-followed by the path to your certificate. Additionally, you can use certificate
-keys with `--cert-key` followed by the path to your key. If you pass `--cert`
-without any path code-server will generate a self-signed certificate.
-
-You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
-for free.
-
 ### Nginx Reverse Proxy
 The trailing slashes are important.