mirror of
https://github.com/acepanel/acepanel.github.io.git
synced 2026-02-06 17:34:53 +08:00
102 lines
3.1 KiB
Markdown
102 lines
3.1 KiB
Markdown
# Security Settings
|
|
|
|
The security settings page is used to configure panel security-related options to protect the panel from unauthorized access.
|
|
|
|
|
|
|
|
## Login Timeout
|
|
|
|
Set the validity period of login sessions in minutes. If there is no activity beyond this time, you will be automatically logged out and need to re-authenticate.
|
|
|
|
The default value is 120 minutes.
|
|
|
|
## Access Entry
|
|
|
|
Set the access path for the panel. After setting the access entry, you need to access via `https://IP:port/entry-path`.
|
|
|
|
For example, if set to `/admin`, the access address becomes `https://IP:port/admin`.
|
|
|
|
This is a simple but effective security measure that can prevent the panel from being discovered by scanners.
|
|
|
|
## Entry Error Page
|
|
|
|
The HTTP status code returned when accessing an incorrect entry path:
|
|
|
|
- **418 I'm a teapot**: Returns an interesting error code and error page
|
|
- **Nginx 404**: Returns the same 404 page as Nginx
|
|
- **Close Connection**: Closes the connection directly without returning any content
|
|
|
|
## Login Captcha
|
|
|
|
When enabled, entering the wrong password multiple times during login will trigger a captcha to prevent brute force attacks.
|
|
|
|
## Request IP Header
|
|
|
|
When the panel is deployed behind a reverse proxy (such as Nginx, CDN), you need to set the correct IP header to obtain the real client IP.
|
|
|
|
Common values:
|
|
|
|
- `X-Real-IP`: Default used by Nginx
|
|
- `X-Forwarded-For`: Standard proxy header
|
|
- `CF-Connecting-IP`: Used by Cloudflare
|
|
|
|
## Bind Domain
|
|
|
|
Restrict panel access to specified domains only. After adding a domain, access via IP or other domains will be blocked.
|
|
|
|
Suitable for:
|
|
|
|
- Improving security
|
|
- Using with SSL certificates
|
|
|
|
## Bind IP
|
|
|
|
Restrict panel access to specified IP addresses only. Multiple IP addresses can be added.
|
|
|
|
Suitable for:
|
|
|
|
- Fixed office networks
|
|
- Jump server access
|
|
|
|
::: warning Note
|
|
Before binding IP, please ensure your IP address is static, otherwise you may be unable to access the panel.
|
|
:::
|
|
|
|
## Bind UA
|
|
|
|
Restrict panel access to browsers with specified User-Agent only.
|
|
|
|
This is an advanced security option that can be used with custom browser plugins.
|
|
|
|
## Offline Mode
|
|
|
|
When enabled, the panel will not connect to external networks, including:
|
|
|
|
- Checking for updates
|
|
- Downloading applications
|
|
- Syncing cache data
|
|
|
|
Suitable for intranet environments or scenarios with strict network restrictions.
|
|
|
|
## Auto Update
|
|
|
|
When enabled, the panel will automatically check and install updates daily. It is recommended to keep this enabled to receive the latest security fixes.
|
|
|
|
## Panel HTTPS
|
|
|
|
Enable HTTPS encrypted access for the panel:
|
|
|
|
- **Disabled**: Access via HTTP
|
|
- **ACME (Auto)**: Automatically apply for and renew Let's Encrypt certificates, requires IP to support port 80 access
|
|
- **Custom Certificate**: Use your own SSL certificate
|
|
|
|
::: tip Recommended
|
|
It is recommended to enable HTTPS in production environments to protect the transmission security of login credentials and sensitive data.
|
|
:::
|
|
|
|
## Panel Public IP
|
|
|
|
Configure the public IP address of the panel, currently mainly used for applying IP certificates from Let's Encrypt.
|
|
|
|
Supports both IPv4 and IPv6 addresses.
|