mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-12-24 03:05:03 +01:00
Deactivated public api of listmonk by default, which was a security hole
This commit is contained in:
parent
e009a9d42c
commit
3e49bd84dc
@ -190,6 +190,7 @@ bigbluebutton_enable_greenlight: "true"
|
||||
|
||||
#### Listmonk
|
||||
listmonk_admin_username: "admin"
|
||||
listmonk_public_api_activated: False # Security hole. Can be used for spaming
|
||||
|
||||
#### Mastodon
|
||||
mastodon_version: "latest"
|
||||
|
3
roles/docker-listmonk/files/deactivate-public-api.conf
Normal file
3
roles/docker-listmonk/files/deactivate-public-api.conf
Normal file
@ -0,0 +1,3 @@
|
||||
location /api/public/subscription {
|
||||
return 403;
|
||||
}
|
@ -2,6 +2,15 @@
|
||||
- name: "include docker/compose/database.yml"
|
||||
include_tasks: docker/compose/database.yml
|
||||
|
||||
- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated
|
||||
set_fact:
|
||||
nginx_docker_reverse_proxy_extra_configuration: >-
|
||||
{% if not listmonk_public_api_activated %}
|
||||
{{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
|
||||
{% else %}
|
||||
""
|
||||
{% endif %}
|
||||
|
||||
- name: "include tasks nginx-docker-proxy-domain.yml"
|
||||
include_tasks: nginx-docker-proxy-domain.yml
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user