turris-auth+lighttpd: make sure that turris webapps are not accessible in case turris-auth is not running
In case that turris-auth check & redirection (https://<router-ip>/login?/
)
https://<router-ip>/login?/<target_url> --> https://<router-ip>/<target_url>
is not available to lighttpd for some reason - for example turris-auth config for lighttpd cannot be loaded - then turris webapps are directly accessible without authentication.
It would be useful to have failsave config for lighttpd (or some other measure), which would block access to reforis in case that turris-auth is not running, but reforis is running.
Please note that in case turris-auth is running, but runtime error occurs, reforis and pakon (and probably other turris webapps that lacks internal authentication) won't be accessible - which is fine, because they are still, although in weird way, protected by turris-auth.
cc: @mhrusecky, @jschlehofer, @shenek