What is Nostr?
Alex Gleason /
npub108p…yev6
2023-05-26 17:44:07

Alex Gleason on Nostr: Pleroma / Akkoma / Rebased need to be patched, but here’s how you can secure your ...

Pleroma / Akkoma / Rebased need to be patched, but here’s how you can secure your site without any code changes:

yoursite.com/media -> media.yoursite.com yoursite.com/proxy -> proxy.yoursite.com

To do this, add the following configuration to your site:

config :pleroma, Pleroma.Upload,
base_url: "https://media.yoursite.com";

config :pleroma, :media_proxy,
base_url: "https://proxy.yoursite.com";

You will need to add DNS records for the subdomains. For media, it’s recommended to use an S3 bucket (or equivalent). For the proxy, you can simply point the DNS to the same server, and edit your Nginx file. A sample Nginx file is here: https://termbin.com/tj7q You’re on your own setting up letsencrypt, etc.

Here’s what does NOT work:



A CSP one-liner in Nginx. That’s not how CSP works. CSP affects the page it was loaded on, not other resources. This is straight up misinformation.


Disabling the media proxy on its own. The media proxy does appear to be vulnerable, but it cannot be the only action you take.
Author Public Key
npub108pv4cg5ag52nq082kd5leu9ffrn2gdg6g4xdwatn73y36uzplmq9uyev6