Security: Update default config values to use HTTPS for the site URL
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
parent
12ca67effc
commit
ebb5646571
|
@ -382,10 +382,10 @@ func (c *Config) StaticUri() string {
|
|||
return c.CdnUrl(c.BaseUri(StaticUri))
|
||||
}
|
||||
|
||||
// SiteUrl returns the public server URL (default is "http://localhost:2342/").
|
||||
// SiteUrl returns the public server URL (default is "https://photoprism.local:2342/").
|
||||
func (c *Config) SiteUrl() string {
|
||||
if c.options.SiteUrl == "" {
|
||||
return "http://localhost:2342/"
|
||||
return "https://photoprism.local:2342/"
|
||||
}
|
||||
|
||||
return strings.TrimRight(c.options.SiteUrl, "/") + "/"
|
||||
|
|
|
@ -433,7 +433,7 @@ func TestConfig_ContentUri(t *testing.T) {
|
|||
func TestConfig_SiteUrl(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
|
||||
assert.Equal(t, "http://localhost:2342/", c.SiteUrl())
|
||||
assert.Equal(t, "https://photoprism.local:2342/", c.SiteUrl())
|
||||
c.options.SiteUrl = "http://superhost:2342/"
|
||||
assert.Equal(t, "http://superhost:2342/", c.SiteUrl())
|
||||
c.options.SiteUrl = "http://superhost"
|
||||
|
@ -443,20 +443,20 @@ func TestConfig_SiteUrl(t *testing.T) {
|
|||
func TestConfig_SiteDomain(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
|
||||
assert.Equal(t, "localhost", c.SiteDomain())
|
||||
assert.Equal(t, "photoprism.local", c.SiteDomain())
|
||||
c.options.SiteUrl = "https://foo.bar.com:2342/"
|
||||
assert.Equal(t, "foo.bar.com", c.SiteDomain())
|
||||
c.options.SiteUrl = ""
|
||||
assert.Equal(t, "localhost", c.SiteDomain())
|
||||
assert.Equal(t, "photoprism.local", c.SiteDomain())
|
||||
}
|
||||
|
||||
func TestConfig_SitePreview(t *testing.T) {
|
||||
c := NewConfig(CliTestContext())
|
||||
assert.Equal(t, "http://localhost:2342/static/img/preview.jpg", c.SitePreview())
|
||||
assert.Equal(t, "https://photoprism.local:2342/static/img/preview.jpg", c.SitePreview())
|
||||
c.options.SitePreview = "http://preview.jpg"
|
||||
assert.Equal(t, "http://preview.jpg", c.SitePreview())
|
||||
c.options.SitePreview = "preview123.jpg"
|
||||
assert.Equal(t, "http://localhost:2342/preview123.jpg", c.SitePreview())
|
||||
assert.Equal(t, "https://photoprism.local:2342/preview123.jpg", c.SitePreview())
|
||||
}
|
||||
|
||||
func TestConfig_SiteTitle(t *testing.T) {
|
||||
|
|
|
@ -59,19 +59,11 @@ func (c *Config) TLSKey() string {
|
|||
|
||||
// TLS returns the HTTPS certificate and private key file name.
|
||||
func (c *Config) TLS() (publicCert, privateKey string) {
|
||||
privateKey = c.TLSKey()
|
||||
|
||||
if privateKey == "" {
|
||||
if c.DisableTLS() {
|
||||
return "", ""
|
||||
}
|
||||
|
||||
publicCert = c.TLSCert()
|
||||
|
||||
if publicCert == "" {
|
||||
return "", ""
|
||||
}
|
||||
|
||||
return publicCert, privateKey
|
||||
return c.TLSCert(), c.TLSKey()
|
||||
}
|
||||
|
||||
// DisableTLS checks if HTTPS should be disabled.
|
||||
|
|
|
@ -360,7 +360,7 @@ var Flags = CliFlags{
|
|||
Flag: cli.StringFlag{
|
||||
Name: "site-url, url",
|
||||
Usage: "public site `URL`",
|
||||
Value: "http://localhost:2342/",
|
||||
Value: "https://photoprism.local:2342/",
|
||||
EnvVar: "PHOTOPRISM_SITE_URL",
|
||||
}}, {
|
||||
Flag: cli.StringFlag{
|
||||
|
|
|
@ -192,6 +192,7 @@ func NewOptions(ctx *cli.Context) *Options {
|
|||
func (c *Options) expandFilenames() {
|
||||
c.ConfigPath = fs.Abs(c.ConfigPath)
|
||||
c.StoragePath = fs.Abs(c.StoragePath)
|
||||
c.UsersPath = fs.Abs(c.UsersPath)
|
||||
c.BackupPath = fs.Abs(c.BackupPath)
|
||||
c.AssetsPath = fs.Abs(c.AssetsPath)
|
||||
c.CachePath = fs.Abs(c.CachePath)
|
||||
|
|
|
@ -117,7 +117,6 @@ func FindUser(find User) *User {
|
|||
|
||||
// Find matching record.
|
||||
if err := stmt.First(m).Error; err != nil {
|
||||
event.AuditErr([]string{"user", "not found", "%s"}, err)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ func Start(ctx context.Context, conf *config.Config) {
|
|||
log.Infof("server: starting in auto tls mode on %s [%s]", server.Addr, time.Since(start))
|
||||
go StartAutoTLS(server, tlsManager, conf)
|
||||
} else if publicCert, privateKey := conf.TLS(); publicCert != "" && privateKey != "" {
|
||||
log.Infof("server: starting in manual tls mode")
|
||||
log.Infof("server: starting in tls mode")
|
||||
server = &http.Server{
|
||||
Addr: fmt.Sprintf("%s:%d", conf.HttpHost(), conf.HttpPort()),
|
||||
Handler: router,
|
||||
|
|
Loading…
Reference in a new issue