mirror of
https://github.com/zulip/zulip.git
synced 2026-06-21 21:32:29 +08:00
b982222e03
The upstream of the `camo` repository[1] has been unmaintained for several years, and is now archived by the owner. Additionally, it has a number of limitations: - It is installed as a sysinit service, which does not run under Docker - It does not prevent access to internal IPs, like 127.0.0.1 - It does not respect standard `HTTP_proxy` environment variables, making it unable to use Smokescreen to prevent the prior flaw - It occasionally just crashes, and thus must have a cron job to restart it. Swap camo out for the drop-in replacement go-camo[2], which has the same external API, requiring not changes to Django code, but is more maintained. Additionally, it resolves all of the above complaints. go-camo is not configured to use Smokescreen as a proxy, because its own private-IP filtering prevents using a proxy which lies within that IP space. It is also unclear if the addition of Smokescreen would provide any additional protection over the existing IP address restrictions in go-camo. go-camo has a subset of the security headers that our nginx reverse proxy sets, and which camo set; provide the missing headers with `-H` to ensure that go-camo, if exposed from behind some other non-nginx load-balancer, still provides the necessary security headers. Fixes #18351 by moving to supervisor. Fixes zulip/docker-zulip#298 also by moving to supervisor. [1] https://github.com/atmos/camo [2] https://github.com/cactus/go-camo |
||
|---|---|---|
| .. | ||
| authentication-methods.md | ||
| deployment.md | ||
| email-gateway.md | ||
| email.md | ||
| expensive-migrations.md | ||
| export-and-import.md | ||
| giphy-gif-integration.md | ||
| index.md | ||
| install-existing-server.md | ||
| install.md | ||
| maintain-secure-upgrade.md | ||
| management-commands.md | ||
| mobile-push-notifications.md | ||
| multiple-organizations.md | ||
| password-strength.md | ||
| postgresql.md | ||
| requirements.md | ||
| security-model.md | ||
| settings.md | ||
| ssl-certificates.md | ||
| troubleshooting.md | ||
| upgrade-or-modify.md | ||
| upload-backends.md | ||
| video-calls.md | ||