Drop media proxy same-domain default for base_url

Even more than with user uploads, a same-domain proxy setup bears
significant security risks due to serving untrusted content under
the main domain space.

A risky setup like that should never be the default.
This commit is contained in:
Oneric 2024-03-10 18:57:40 +00:00
parent 11ae8344eb
commit fc36b04016
2 changed files with 23 additions and 6 deletions

View file

@ -6,7 +6,16 @@ With the `mediaproxy` function you can use nginx to cache this content, so users
## Activate it ## Activate it
* Edit your nginx config and add the following location: * Edit your nginx config and add the following location to your main server block:
```
location /proxy {
return 404;
}
```
* Set up a subdomain for the proxy with its nginx config on the same machine
*(the latter is not strictly required, but for simplicity well assume so)*
* In this subdomains server block add
``` ```
location /proxy { location /proxy {
proxy_cache akkoma_media_cache; proxy_cache akkoma_media_cache;
@ -26,9 +35,9 @@ config :pleroma, :media_proxy,
enabled: true, enabled: true,
proxy_opts: [ proxy_opts: [
redirect_on_failure: true redirect_on_failure: true
] ],
#base_url: "https://cache.akkoma.social" base_url: "https://cache.akkoma.social"
``` ```
If you want to use a subdomain to serve the files, uncomment `base_url`, change the url and add a comma after `true` in the previous line. You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.
* Restart nginx and Akkoma * Restart nginx and Akkoma

View file

@ -14,6 +14,8 @@ defmodule Pleroma.Web.MediaProxy do
@cachex Pleroma.Config.get([:cachex, :provider], Cachex) @cachex Pleroma.Config.get([:cachex, :provider], Cachex)
@mix_env Mix.env()
def cache_table, do: @cache_table def cache_table, do: @cache_table
@spec in_banned_urls(String.t()) :: boolean() @spec in_banned_urls(String.t()) :: boolean()
@ -144,8 +146,14 @@ def filename(url_or_path) do
if path = URI.parse(url_or_path).path, do: Path.basename(path) if path = URI.parse(url_or_path).path, do: Path.basename(path)
end end
def base_url do if @mix_env == :test do
Config.get([:media_proxy, :base_url], Endpoint.url()) def base_url do
Config.get([:media_proxy, :base_url], Endpoint.url())
end
else
def base_url do
Config.get!([:media_proxy, :base_url])
end
end end
defp proxy_url(path, sig_base64, url_base64, filename) do defp proxy_url(path, sig_base64, url_base64, filename) do