AkkomaGang/akkoma
AkkomaGang
/
akkoma
12
63
Fork 83
Code Issues 173 Pull Requests 15 Packages Projects 2 Releases 12 Wiki Activity

Add config for media subdomain for Caddy #555

Merged
floatingghost merged 1 commits from norm/akkoma:media-subdomain-caddyfile into develop 2023-07-17 16:30:43 +00:00
Conversation 3 Commits 1 Files Changed 1 +20
norm commented 2023-05-29 15:23:53 +00:00
Contributor
Copy Link

A recent group of vulnerabilities have been found in Pleroma (and
inherited by Akkoma) that involve media files either uploaded by local
users or proxied from remote instances (if media proxy is enabled).

It is recommended that media files are served on a separate subdomain
in order to mitigate this class of vulnerabilities.

I've currently have those sections commented out since I'm not sure if everyone will be able to use a subdomain, but I can change that if needed.

A recent group of vulnerabilities have been found in Pleroma (and inherited by Akkoma) that involve media files either uploaded by local users or proxied from remote instances (if media proxy is enabled). It is recommended that media files are served on a separate subdomain in order to mitigate this class of vulnerabilities. --- I've currently have those sections commented out since I'm not sure if everyone will be able to use a subdomain, but I can change that if needed.
norm commented 2023-05-29 15:29:38 +00:00
Author
Contributor
Copy Link

Sidenote: There's also a suggested config change for nginx, but since I've not used it in a while, I'll leave that to someone else to tacke that.

Sidenote: There's also a [suggested config change for nginx](https://webb.spiderden.org/2023/05/26/pleroma-mitigation/), but since I've not used it in a while, I'll leave that to someone else to tacke that.
norm force-pushed media-subdomain-caddyfile from 796778d698 to 40627a94d4 2023-05-29 18:04:35 +00:00 Compare
floatingghost commented 2023-07-15 20:50:19 +00:00
Owner
Copy Link

probably a good thing to recommend , I'll need to test it quickly since it doesn't match my personal config but provisionally approved

probably a good thing to recommend , I'll need to test it quickly since it doesn't match my personal config but provisionally approved
👍 1
floatingghost commented 2023-07-17 16:30:36 +00:00
Owner
Copy Link

tested, all good, thanks!

tested, all good, thanks!
floatingghost merged commit 2aac70d690 into develop 2023-07-17 16:30:43 +00:00
floatingghost deleted branch media-subdomain-caddyfile 2023-07-17 16:30:43 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No Label
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#555
No description provided.
Delete Branch "norm/akkoma:media-subdomain-caddyfile"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?