GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Untitled attachment

Download link

Notices where this attachment appears

  1. Embed this notice
    Alex Gleason (alex@gleasonator.com)'s status on Saturday, 27-May-2023 02:44:16 JST Alex Gleason Alex Gleason

    Pleroma / Akkoma / Rebased need to be patched, but here’s how you can secure your site without any code changes:

    yoursite.com/media -> media.yoursite.com yoursite.com/proxy -> proxy.yoursite.com

    To do this, add the following configuration to your site:

    config :pleroma, Pleroma.Upload, base_url: "https://media.yoursite.com" config :pleroma, :media_proxy, base_url: "https://proxy.yoursite.com"

    You will need to add DNS records for the subdomains. For media, it’s recommended to use an S3 bucket (or equivalent). For the proxy, you can simply point the DNS to the same server, and edit your Nginx file. A sample Nginx file is here: https://termbin.com/tj7q You’re on your own setting up letsencrypt, etc.

    Here’s what does NOT work:

    • A CSP one-liner in Nginx. That’s not how CSP works. CSP affects the page it was loaded on, not other resources. This is straight up misinformation.

    • Disabling the media proxy on its own. The media proxy does appear to be vulnerable, but it cannot be the only action you take.

    In conversation Saturday, 27-May-2023 02:44:16 JST from gleasonator.com permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.