Security: Update default config values to use HTTPS for the site URL
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
parent
12ca67effc
commit
ebb5646571
|
@ -382,10 +382,10 @@ func (c *Config) StaticUri() string {
|
||||||
return c.CdnUrl(c.BaseUri(StaticUri))
|
return c.CdnUrl(c.BaseUri(StaticUri))
|
||||||
}
|
}
|
||||||
|
|
||||||
// SiteUrl returns the public server URL (default is "http://localhost:2342/").
|
// SiteUrl returns the public server URL (default is "https://photoprism.local:2342/").
|
||||||
func (c *Config) SiteUrl() string {
|
func (c *Config) SiteUrl() string {
|
||||||
if c.options.SiteUrl == "" {
|
if c.options.SiteUrl == "" {
|
||||||
return "http://localhost:2342/"
|
return "https://photoprism.local:2342/"
|
||||||
}
|
}
|
||||||
|
|
||||||
return strings.TrimRight(c.options.SiteUrl, "/") + "/"
|
return strings.TrimRight(c.options.SiteUrl, "/") + "/"
|
||||||
|
|
|
@ -433,7 +433,7 @@ func TestConfig_ContentUri(t *testing.T) {
|
||||||
func TestConfig_SiteUrl(t *testing.T) {
|
func TestConfig_SiteUrl(t *testing.T) {
|
||||||
c := NewConfig(CliTestContext())
|
c := NewConfig(CliTestContext())
|
||||||
|
|
||||||
assert.Equal(t, "http://localhost:2342/", c.SiteUrl())
|
assert.Equal(t, "https://photoprism.local:2342/", c.SiteUrl())
|
||||||
c.options.SiteUrl = "http://superhost:2342/"
|
c.options.SiteUrl = "http://superhost:2342/"
|
||||||
assert.Equal(t, "http://superhost:2342/", c.SiteUrl())
|
assert.Equal(t, "http://superhost:2342/", c.SiteUrl())
|
||||||
c.options.SiteUrl = "http://superhost"
|
c.options.SiteUrl = "http://superhost"
|
||||||
|
@ -443,20 +443,20 @@ func TestConfig_SiteUrl(t *testing.T) {
|
||||||
func TestConfig_SiteDomain(t *testing.T) {
|
func TestConfig_SiteDomain(t *testing.T) {
|
||||||
c := NewConfig(CliTestContext())
|
c := NewConfig(CliTestContext())
|
||||||
|
|
||||||
assert.Equal(t, "localhost", c.SiteDomain())
|
assert.Equal(t, "photoprism.local", c.SiteDomain())
|
||||||
c.options.SiteUrl = "https://foo.bar.com:2342/"
|
c.options.SiteUrl = "https://foo.bar.com:2342/"
|
||||||
assert.Equal(t, "foo.bar.com", c.SiteDomain())
|
assert.Equal(t, "foo.bar.com", c.SiteDomain())
|
||||||
c.options.SiteUrl = ""
|
c.options.SiteUrl = ""
|
||||||
assert.Equal(t, "localhost", c.SiteDomain())
|
assert.Equal(t, "photoprism.local", c.SiteDomain())
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestConfig_SitePreview(t *testing.T) {
|
func TestConfig_SitePreview(t *testing.T) {
|
||||||
c := NewConfig(CliTestContext())
|
c := NewConfig(CliTestContext())
|
||||||
assert.Equal(t, "http://localhost:2342/static/img/preview.jpg", c.SitePreview())
|
assert.Equal(t, "https://photoprism.local:2342/static/img/preview.jpg", c.SitePreview())
|
||||||
c.options.SitePreview = "http://preview.jpg"
|
c.options.SitePreview = "http://preview.jpg"
|
||||||
assert.Equal(t, "http://preview.jpg", c.SitePreview())
|
assert.Equal(t, "http://preview.jpg", c.SitePreview())
|
||||||
c.options.SitePreview = "preview123.jpg"
|
c.options.SitePreview = "preview123.jpg"
|
||||||
assert.Equal(t, "http://localhost:2342/preview123.jpg", c.SitePreview())
|
assert.Equal(t, "https://photoprism.local:2342/preview123.jpg", c.SitePreview())
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestConfig_SiteTitle(t *testing.T) {
|
func TestConfig_SiteTitle(t *testing.T) {
|
||||||
|
|
|
@ -59,19 +59,11 @@ func (c *Config) TLSKey() string {
|
||||||
|
|
||||||
// TLS returns the HTTPS certificate and private key file name.
|
// TLS returns the HTTPS certificate and private key file name.
|
||||||
func (c *Config) TLS() (publicCert, privateKey string) {
|
func (c *Config) TLS() (publicCert, privateKey string) {
|
||||||
privateKey = c.TLSKey()
|
if c.DisableTLS() {
|
||||||
|
|
||||||
if privateKey == "" {
|
|
||||||
return "", ""
|
return "", ""
|
||||||
}
|
}
|
||||||
|
|
||||||
publicCert = c.TLSCert()
|
return c.TLSCert(), c.TLSKey()
|
||||||
|
|
||||||
if publicCert == "" {
|
|
||||||
return "", ""
|
|
||||||
}
|
|
||||||
|
|
||||||
return publicCert, privateKey
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// DisableTLS checks if HTTPS should be disabled.
|
// DisableTLS checks if HTTPS should be disabled.
|
||||||
|
|
|
@ -360,7 +360,7 @@ var Flags = CliFlags{
|
||||||
Flag: cli.StringFlag{
|
Flag: cli.StringFlag{
|
||||||
Name: "site-url, url",
|
Name: "site-url, url",
|
||||||
Usage: "public site `URL`",
|
Usage: "public site `URL`",
|
||||||
Value: "http://localhost:2342/",
|
Value: "https://photoprism.local:2342/",
|
||||||
EnvVar: "PHOTOPRISM_SITE_URL",
|
EnvVar: "PHOTOPRISM_SITE_URL",
|
||||||
}}, {
|
}}, {
|
||||||
Flag: cli.StringFlag{
|
Flag: cli.StringFlag{
|
||||||
|
|
|
@ -192,6 +192,7 @@ func NewOptions(ctx *cli.Context) *Options {
|
||||||
func (c *Options) expandFilenames() {
|
func (c *Options) expandFilenames() {
|
||||||
c.ConfigPath = fs.Abs(c.ConfigPath)
|
c.ConfigPath = fs.Abs(c.ConfigPath)
|
||||||
c.StoragePath = fs.Abs(c.StoragePath)
|
c.StoragePath = fs.Abs(c.StoragePath)
|
||||||
|
c.UsersPath = fs.Abs(c.UsersPath)
|
||||||
c.BackupPath = fs.Abs(c.BackupPath)
|
c.BackupPath = fs.Abs(c.BackupPath)
|
||||||
c.AssetsPath = fs.Abs(c.AssetsPath)
|
c.AssetsPath = fs.Abs(c.AssetsPath)
|
||||||
c.CachePath = fs.Abs(c.CachePath)
|
c.CachePath = fs.Abs(c.CachePath)
|
||||||
|
|
|
@ -117,7 +117,6 @@ func FindUser(find User) *User {
|
||||||
|
|
||||||
// Find matching record.
|
// Find matching record.
|
||||||
if err := stmt.First(m).Error; err != nil {
|
if err := stmt.First(m).Error; err != nil {
|
||||||
event.AuditErr([]string{"user", "not found", "%s"}, err)
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -82,7 +82,7 @@ func Start(ctx context.Context, conf *config.Config) {
|
||||||
log.Infof("server: starting in auto tls mode on %s [%s]", server.Addr, time.Since(start))
|
log.Infof("server: starting in auto tls mode on %s [%s]", server.Addr, time.Since(start))
|
||||||
go StartAutoTLS(server, tlsManager, conf)
|
go StartAutoTLS(server, tlsManager, conf)
|
||||||
} else if publicCert, privateKey := conf.TLS(); publicCert != "" && privateKey != "" {
|
} else if publicCert, privateKey := conf.TLS(); publicCert != "" && privateKey != "" {
|
||||||
log.Infof("server: starting in manual tls mode")
|
log.Infof("server: starting in tls mode")
|
||||||
server = &http.Server{
|
server = &http.Server{
|
||||||
Addr: fmt.Sprintf("%s:%d", conf.HttpHost(), conf.HttpPort()),
|
Addr: fmt.Sprintf("%s:%d", conf.HttpHost(), conf.HttpPort()),
|
||||||
Handler: router,
|
Handler: router,
|
||||||
|
|
Loading…
Reference in a new issue