fava in a public server
192 views
Skip to first unread message
Paulo Matos
Dec 6, 2017, 10:26:37 AM12/6/17
to Beancount
Hi,
I can run fava, the web frontend for beancount, locally however for both myself and my wife to use it, it would be great to have it in a public server. However, how can we ensure the privacy of the data?
I can host my own fava on my public server, the issue is that there doesn't seem to be a concept of users in fava.
Any suggestions?
Kind regards,
Paulo Matos
I can run fava, the web frontend for beancount, locally however for both myself and my wife to use it, it would be great to have it in a public server. However, how can we ensure the privacy of the data?
I can host my own fava on my public server, the issue is that there doesn't seem to be a concept of users in fava.
Any suggestions?
Kind regards,
Paulo Matos
yegle
Dec 6, 2017, 10:58:56 AM12/6/17
to bean...@googlegroups.com
There were discussions in the past to utilize https://github.com/bitly/oauth2_proxy to achieve the goal you want.
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+...@googlegroups.com.
To post to this group, send email to bean...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/86f1aa81-b80e-479d-92fd-91aea12ebe30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jason Chu
Dec 6, 2017, 12:03:39 PM12/6/17
to bean...@googlegroups.com
I still have a document to write that explains how I set all this stuff up, but as was pointed out by yegle, I use oauth2_proxy and letsencrypt to protect access to my publicly addressable fava instance.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com.
Oon-Ee Ng
Dec 6, 2017, 1:59:17 PM12/6/17
to bean...@googlegroups.com
My fava instance is running on pythonanywhere, and we use their login feature. It's for convenience really, doubt anyone would go to the trouble of breaking in to see how much I've spent on toilet paper and diapers.
Importantly, the actual beancount files are regularly synced to a private git account, so there's not much scope for data loss/erasure.
Importantly, the actual beancount files are regularly synced to a private git account, so there's not much scope for data loss/erasure.
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+unsubscribe@googlegroups.com.
Paulo Matos
Dec 8, 2017, 12:38:08 PM12/8/17
to bean...@googlegroups.com
I will take a look at oath2_proxy. Thanks for the reference.
> <mailto:beancount+...@googlegroups.com>.
> <https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> <https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Paulo Matos
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/86f1aa81-b80e-479d-92fd-91aea12ebe30%40googlegroups.com
> <https://groups.google.com/d/msgid/beancount/86f1aa81-b80e-479d-92fd-91aea12ebe30%40googlegroups.com?utm_medium=email&utm_source=footer>.
> https://groups.google.com/d/msgid/beancount/86f1aa81-b80e-479d-92fd-91aea12ebe30%40googlegroups.com
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to beancount+...@googlegroups.com
> <mailto:beancount+...@googlegroups.com>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to beancount+...@googlegroups.com
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to beancount+...@googlegroups.com
> <mailto:beancount+...@googlegroups.com>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to beancount+...@googlegroups.com
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Paulo Matos
yegle
Dec 12, 2017, 1:35:24 AM12/12/17
to Beancount
I've successfully configured oauth2_proxy as a reverse proxy to my fava instance. But for some reason the AJAX requests sent to change/ handler doesn't contain any Cookie: request header, which is important for oauth2_proxy to work.
I'm not familiar with Javascript enough to know why. Is this a known issue to any of you? Do you have a workaround for it?
On Wed, Dec 6, 2017 at 10:55 PM, 'Paulo Matos' via Beancount <bean...@googlegroups.com> wrote:
I will take a look at oath2_proxy. Thanks for the reference.
On 06/12/17 18:03, Jason Chu wrote:
> I still have a document to write that explains how I set all this stuff
> up, but as was pointed out by yegle, I use oauth2_proxy and letsencrypt
> to protect access to my publicly addressable fava instance.
>
> On Wed, Dec 6, 2017 at 7:58 AM yegle <cny...@gmail.com
> <mailto:cny...@gmail.com>> wrote:
>
> There were discussions in the past to utilize
> https://github.com/bitly/oauth2_proxy to achieve the goal you want.
>
>
> On Wed, Dec 6, 2017, 07:26 'Paulo Matos' via Beancount
> <bean...@googlegroups.com <mailto:beancount@googlegroups.com>> wrote:
>
> Hi,
>
> I can run fava, the web frontend for beancount, locally however
> for both myself and my wife to use it, it would be great to have
> it in a public server. However, how can we ensure the privacy of
> the data?
>
> I can host my own fava on my public server, the issue is that
> there doesn't seem to be a concept of users in fava.
>
> Any suggestions?
>
> Kind regards,
>
> Paulo Matos
>
> --
> You received this message because you are subscribed to the
> Google Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to beancount+unsubscribe@googlegroups.com
> <mailto:beancount+unsubscribe@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:beancount@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to beancount+unsubscribe@googlegroups.com
> <mailto:beancount+unsubscribe@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:beancount@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to beancount+unsubscribe@googlegroups.com
> <mailto:beancount+unsubscribe@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:beancount@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
Paulo Matos
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+unsubscribe@googlegroups.com.
To post to this group, send email to bean...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/7755925f-c211-2871-c4b1-492111a6a40b%40matos-sorge.com.
For more options, visit https://groups.google.com/d/optout.
Jason Chu
Dec 12, 2017, 9:57:56 AM12/12/17
to bean...@googlegroups.com
That's extremely weird. My changed/ requests do have a Cookie header. Changed detection works fine for me. Maybe clear cookies or clear site data to re-authenticate?
On Mon, Dec 11, 2017, 10:35 PM yegle <cny...@gmail.com> wrote:
I've successfully configured oauth2_proxy as a reverse proxy to my fava instance. But for some reason the AJAX requests sent to change/ handler doesn't contain any Cookie: request header, which is important for oauth2_proxy to work.I'm not familiar with Javascript enough to know why. Is this a known issue to any of you? Do you have a workaround for it?
On Wed, Dec 6, 2017 at 10:55 PM, 'Paulo Matos' via Beancount <bean...@googlegroups.com> wrote:
I will take a look at oath2_proxy. Thanks for the reference.
On 06/12/17 18:03, Jason Chu wrote:
> I still have a document to write that explains how I set all this stuff
> up, but as was pointed out by yegle, I use oauth2_proxy and letsencrypt
> to protect access to my publicly addressable fava instance.
>
> On Wed, Dec 6, 2017 at 7:58 AM yegle <cny...@gmail.com
> <mailto:cny...@gmail.com>> wrote:
>
> There were discussions in the past to utilize
> https://github.com/bitly/oauth2_proxy to achieve the goal you want.
>
>
> On Wed, Dec 6, 2017, 07:26 'Paulo Matos' via Beancount
> <bean...@googlegroups.com <mailto:bean...@googlegroups.com>> wrote:
>
> Hi,
>
> I can run fava, the web frontend for beancount, locally however
> for both myself and my wife to use it, it would be great to have
> it in a public server. However, how can we ensure the privacy of
> the data?
>
> I can host my own fava on my public server, the issue is that
> there doesn't seem to be a concept of users in fava.
>
> Any suggestions?
>
> Kind regards,
>
> Paulo Matos
>
> --
> You received this message because you are subscribed to the
> Google Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from
> it, send an email to beancount+...@googlegroups.com
> <mailto:beancount+...@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to beancount+...@googlegroups.com
> <mailto:beancount+...@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFL5w3Xe646N%3D1R4QxcSz6P9EwEUx9-Oun6i3N8zWLRA5uLN0Q%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Beancount" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to beancount+...@googlegroups.com
> <mailto:beancount+...@googlegroups.com>.
> To post to this group, send email to bean...@googlegroups.com
> <mailto:bean...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com
> <https://groups.google.com/d/msgid/beancount/CAFFHUgvOnXBijy8PVaSkF5-p69u2SUBtCxVXB6mjyJXznd4cBw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
--
Paulo Matos
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+...@googlegroups.com.
To post to this group, send email to bean...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/7755925f-c211-2871-c4b1-492111a6a40b%40matos-sorge.com.
For more options, visit https://groups.google.com/d/optout.
--Yuchen Ying
https://about.me/yegle
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+...@googlegroups.com.
To post to this group, send email to bean...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/CAFL5w3Wv%3DwwGFbuf0GCkodtVOrcYYUnQmcPBpUGt89hEwUBTHw%40mail.gmail.com.
Jason Chu
Dec 14, 2017, 3:55:17 PM12/14/17
to bean...@googlegroups.com
One thing that does come to mind is if the cookie is for a different domain, they won't be sent to the changed/ handler, but that setup seems a little bit weird. The chrome inspector will be able to show you what domain the cookie applies to and what domain the changed request is going to.
Martin Michlmayr
Apr 3, 2018, 5:55:44 PM4/3/18
to bean...@googlegroups.com
* Jason Chu <xen...@gmail.com> [2017-12-06 17:03]:
--
Martin Michlmayr
http://www.cyrius.com/
> I still have a document to write that explains how I set all this stuff up,
> but as was pointed out by yegle, I use oauth2_proxy and letsencrypt to
> protect access to my publicly addressable fava instance.
Did you ever got around to documenting this?
> but as was pointed out by yegle, I use oauth2_proxy and letsencrypt to
> protect access to my publicly addressable fava instance.
--
Martin Michlmayr
http://www.cyrius.com/
Jason Chu
Apr 3, 2018, 6:35:39 PM4/3/18
to Martin Michlmayr, bean...@googlegroups.com
I never ended up documenting it. I still mean to, but I wish things weren't held up on me, given how little free time I have.
Stefano Zacchiroli
Apr 4, 2018, 2:34:56 AM4/4/18
to bean...@googlegroups.com
On Tue, Apr 03, 2018 at 10:35:26PM +0000, Jason Chu wrote:
> I never ended up documenting it. I still mean to, but I wish things weren't
> held up on me, given how little free time I have.
FTR the documentation which I contributed to setup Fava with
> I never ended up documenting it. I still mean to, but I wish things weren't
> held up on me, given how little free time I have.
ReverseProxy with Apache was removed from Fava because it didn't show
auth/ssl (that in turn because I do auth/ssl at a different level in my
web server) and they didn't want to have something potentially insecure
as the only piece of deployment doc --- totally understandable. Hence,
having additional examples with other technologies / different setup
would help in having more deployment doc.
Cheers.
--
Stefano Zacchiroli . za...@upsilon.cc . upsilon.cc/zack . . o . . . o . o
Computer Science Professor . CTO Software Heritage . . . . . o . . . o o
Former Debian Project Leader & OSI Board Director . . . o o o . . . o .
« the first rule of tautology club is the first rule of tautology club »
Jason Chu
Apr 4, 2018, 3:07:05 AM4/4/18
to bean...@googlegroups.com
Given how guilty I felt about not having finished this, I pounded through the last bits as quickly as I could tonight.
Please consider this PR as my documentation: https://github.com/beancount/fava/pull/736
--
You received this message because you are subscribed to the Google Groups "Beancount" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beancount+...@googlegroups.com.
To post to this group, send email to bean...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beancount/20180404063453.GF20926%40upsilon.cc.
Reply all
Reply to author
Forward
0 new messages