Commit graph

4 commits

Author SHA1 Message Date
Norm 51f09531c4 Disable gzip compression in Caddyfile
Currently Akkoma doesn't have any proper mitigations against BREACH,
which exploits the use of HTTP compression to exfiltrate sensitive data.
(see: https://akkoma.dev/AkkomaGang/akkoma/pulls/721#issuecomment-11487)

To err on the side of caution, disable gzip compression for now until we
can confirm that there's some sort of mitigation in place (whether that
would be Heal-The-Breach on the Caddy side or any Akkoma-side
mitigations).
2024-06-17 23:13:55 -04:00
Norm 962847fdc3 Uncomment media subdomain settings in Caddyfile
Now that a media subdomain is strongly recommended for security reasons,
there is no reason for them to be commented out by default.
2024-06-17 23:12:55 -04:00
Francis Dinh 40627a94d4
Add config for media subdomain for Caddy
A recent group of vulnerabilities have been found in Pleroma (and
inherited by Akkoma) that involve media files either uploaded by local
users or proxied from remote instances (if media proxy is enabled).

It is recommended that media files are served on a separate subdomain
in order to mitigate this class of vulnerabilities.

Based on https://meta.akkoma.dev/t/another-vector-for-the-injection-vulnerability-found/483/2
2023-05-29 14:04:00 -04:00
norm c0e6f30e4d Update sample config files (#48)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/48
Co-authored-by: norm <normandy@biribiri.dev>
Co-committed-by: norm <normandy@biribiri.dev>
2022-07-06 18:50:01 +00:00