From 2c61dc623728c1c6c8387e5fcf47ce42ae9d0cba Mon Sep 17 00:00:00 2001 From: Helge Date: Sun, 27 Oct 2024 16:39:34 +0100 Subject: [PATCH] Enable setting the port and allowPrivateAddress through environment vars By setting BEHIND_PROXY: "true" HOLLO_PORT: 80 ALLOW_PRIVATE_ADDRESS: "true" one allows private addresses and runs on port 80. --- .env.sample | 6 ++++++ src/federation/index.ts | 1 + src/index.tsx | 5 ++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index 58a0ff5f..8e42a850 100644 --- a/.env.sample +++ b/.env.sample @@ -5,6 +5,12 @@ SECRET_KEY=secret_key # generate a secret key with `openssl rand -base64 32` LOG_LEVEL=info LOG_QUERY=false BEHIND_PROXY=false +LISTEN_PORT=3000 # if BEHIND_PROXY=true used as port for the server +# Setting ALLOW_PRIVATE_ADDRESS to true disables SSRF (Server-Side Request Forgery) protection +# Set to true to test in local network +# Will be replaced by list of allowed IPs once https://github.com/dahlia/fedify/issues/157 +# is implemented. +ALLOW_PRIVATE_ADDRESS=false REMOTE_ACTOR_FETCH_POSTS=10 AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= diff --git a/src/federation/index.ts b/src/federation/index.ts index 8a790955..885ce15e 100644 --- a/src/federation/index.ts +++ b/src/federation/index.ts @@ -109,6 +109,7 @@ if (getRedisUrl() == null) { export const federation = createFederation({ kv, queue, + allowPrivateAddress: process.env.ALLOW_PRIVATE_ADDRESS === "true", }); federation diff --git a/src/index.tsx b/src/index.tsx index 4c05a5cd..0f65b5e0 100644 --- a/src/index.tsx +++ b/src/index.tsx @@ -20,5 +20,8 @@ app.get("/nodeinfo/2.0", (c) => c.redirect("/nodeinfo/2.1")); // biome-ignore lint/complexity/useLiteralKeys: tsc complains about this (TS4111) const BEHIND_PROXY = process.env["BEHIND_PROXY"] === "true"; +const HOLLO_PORT = Number.parseInt(process.env.LISTEN_PORT ?? "3000", 10); -export default BEHIND_PROXY ? { fetch: behindProxy(app.fetch.bind(app)) } : app; +export default BEHIND_PROXY + ? { fetch: behindProxy(app.fetch.bind(app)), port: HOLLO_PORT } + : app;