Skip to content

docs: add “internet-exposed self-hosted” hack (yes, it’s cursed) #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
H1D wants to merge 3 commits into
base: main
Choose a base branch
from
+55 −0
Open

docs: add “internet-exposed self-hosted” hack (yes, it’s cursed) #46

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
bbbef15
self-hosted yet protected
H1D Sep 24, 2025
4fe0d3e
Update README.md
H1D Sep 24, 2025
e77ef05
docs: move self-hosted public access guide to docs directory
H1D Oct 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,8 @@ You can also configure LLM provider settings in the application or via environme
- **Google Gemini**: `GOOGLE_MODEL_NAME` and `GOOGLE_API_KEY`
- **Mistral**: `MISTRAL_MODEL_NAME` and `MISTRAL_API_KEY`

> 💡 **Need internet access with authentication?** See [docs/self-hosted-public-access.md](docs/self-hosted-public-access.md) for a workaround (yes, it's cursed).

## ⌨️ Local Development

We use:
Expand Down
53 changes: 53 additions & 0 deletions docs/self-hosted-public-access.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Self-Hosted Public Access

> ⚠️ **Warning: This is a workaround ("hack") for exposing self-hosted instances to the internet.**
> This approach has security implications and should be used with caution. For production deployments, consider implementing proper authentication with reverse proxy or using the official cloud version.

## Overview

By default, TaxHacker's self-hosted mode (`SELF_HOSTED_MODE=true`) disables the built-in authentication system, assuming the instance runs on a trusted local network or behind a reverse proxy with its own authentication.

However, if you want to expose your self-hosted instance to the internet **and** still use TaxHacker's built-in login system, you can use this workaround.

## How It Works

The approach involves:

1. Running TaxHacker with `SELF_HOSTED_MODE=false` (cloud mode)
2. Manually creating a user via direct database access
3. Retrieving the OTP (one-time password) from the database
4. Using that OTP to sign in

## Setup Instructions

### 1. Configure Environment Variables

Run with these environment variables:

```env
SELF_HOSTED_MODE=false
DISABLE_SIGNUP=true
BASE_URL=<URL you'll use to access TaxHacker>
```

### 2. Create a User Directly in the Database

Create your user directly in the database (replace email as needed):

```bash
docker exec -it postgres psql -U postgres -d taxhacker -c "INSERT INTO users (id, email, name, membership_plan, is_email_verified, updated_at) VALUES ('6f5b4f8e-6f7a-4c3d-9b8b-7f2d2d61a9c3','[email protected]','Owner','unlimited', true, now());"
```

### 3. Sign In with OTP from Database

Open your instance in the browser, click Sign In, and enter your email address.

Fetch the latest OTP from the database and use it to sign in:

```bash
docker exec -it postgres psql -U postgres -d taxhacker -c "SELECT value FROM verification ORDER BY created_at DESC LIMIT 1;"
```

### 4. Seed the Database

Because we skipped the normal route, database seeding won't happen automatically. Open `<YOUR_URL>/settings/danger` and click `[Reset fields, currencies and categories]`