10-31-2018, 05:11 PM
(This post was last modified: 10-31-2018, 05:11 PM by axelmatic.)
Hi there...
If I want to run gekko in the cloud, is it mandatory or more secure over domain + ssl + nginx instead of simply using the ip from the server with nginx + password?
Thanks,
axelmatic
The risk of someone having access to your gekko:
- they can see your bots
- they can start/stop bots
- they can run many backtests that will basically DOS your server
If you use IP and password without SSL you can't use any public wifi since everyone can sniff the password in plain text. That is any wifi (even with a password) where you don't control all devices on it (cafe, restaurant, friends place, etc). Even if you are on your own wifi the password is going in plain text over the internet so anyone in the network (your isp, your vpn, etc) can sniff the password and access the gekko.
Another solution instead of nginx (with password) would be SSH tunneling, I think there are some guides for how to do this with Gekko if you search around!
I have a question. Should the port on which gekko runs be kept behind a firewall or open to web?