Hello,
I have a Linux machine (in same local network as server) running Firefox in Kiosk mode displaying single Django app page.
This page must be accessible only on this machine and require no interaction from users after me setting it up. Restarting Firefox or Django server should not break access.
What’s the correct way to achieve this? I found a couple ideas like using persistent cookie, certificate, or authorizing by IP. Is there some consensus on preferred way to achieve this?
You can use private key authentication between the browser and the web server (e.g. nginx).
Some of your choices may depend upon the scale of the system running the server. But if I were needing to do this, I would handle it this way -
Create a separate nginx location directive for the “protected” url.
Set up that location to use the private key authentication, passing the name portion of the key in the REMOTE_USER header.
Run a separate gunicorn instance for that location, using a different settings file. That settings file will only have that specific url defined.
The regular Django instance won’t have that url defined.
Yes, there are multiple other ways to handle this, and if you’re severely constrained by the server hardware (e.g., Raspberry Pi), then you’ll probably want to look at a different solution.