mirror of https://github.com/zulip/zulip.git
b982222e03
The upstream of the `camo` repository[1] has been unmaintained for several years, and is now archived by the owner. Additionally, it has a number of limitations: - It is installed as a sysinit service, which does not run under Docker - It does not prevent access to internal IPs, like 127.0.0.1 - It does not respect standard `HTTP_proxy` environment variables, making it unable to use Smokescreen to prevent the prior flaw - It occasionally just crashes, and thus must have a cron job to restart it. Swap camo out for the drop-in replacement go-camo[2], which has the same external API, requiring not changes to Django code, but is more maintained. Additionally, it resolves all of the above complaints. go-camo is not configured to use Smokescreen as a proxy, because its own private-IP filtering prevents using a proxy which lies within that IP space. It is also unclear if the addition of Smokescreen would provide any additional protection over the existing IP address restrictions in go-camo. go-camo has a subset of the security headers that our nginx reverse proxy sets, and which camo set; provide the missing headers with `-H` to ensure that go-camo, if exposed from behind some other non-nginx load-balancer, still provides the necessary security headers. Fixes #18351 by moving to supervisor. Fixes zulip/docker-zulip#298 also by moving to supervisor. [1] https://github.com/atmos/camo [2] https://github.com/cactus/go-camo |
||
|---|---|---|
| .. | ||
| apache | ||
| apt/apt.conf.d | ||
| builder | ||
| certs | ||
| cron.d | ||
| grafana | ||
| iptables | ||
| munin | ||
| munin-plugins | ||
| nagios3 | ||
| nagios_plugins/zulip_zephyr_mirror | ||
| nginx/sites-available | ||
| postgresql | ||
| prometheus | ||
| supervisor/conf.d | ||
| common-session | ||
| dot_emacs.el | ||
| sshd_config | ||
| teleport_node.yaml | ||
| teleport_server.yaml | ||
| zephyr-clients.debathena | ||
| zulip-ec2-configure-interfaces | ||
| zulip-ec2-configure-interfaces_if-up.d.sh | ||