kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2024-11-23 13:11:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Deactivated public api of listmonk by default, which was a security hole

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2024-11-07 19:56:29 -03:00
parent e009a9d42c
commit 3e49bd84dc
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/all
View File

@ -190,6 +190,7 @@ bigbluebutton_enable_greenlight: "true"
#### Listmonk #### Listmonk
listmonk_admin_username: "admin" listmonk_admin_username: "admin"
listmonk_public_api_activated: False # Security hole. Can be used for spaming
#### Mastodon #### Mastodon
mastodon_version: "latest" mastodon_version: "latest"

3
roles/docker-listmonk/files/deactivate-public-api.conf Normal file
View File

@ -0,0 +1,3 @@
location /api/public/subscription {
return 403;
}

9
roles/docker-listmonk/tasks/main.yml
View File

@ -2,6 +2,15 @@
- name: "include docker/compose/database.yml" - name: "include docker/compose/database.yml"
include_tasks: docker/compose/database.yml include_tasks: docker/compose/database.yml
- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated
set_fact:
nginx_docker_reverse_proxy_extra_configuration: >-
{% if not listmonk_public_api_activated %}
{{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
{% else %}
""
{% endif %}
- name: "include tasks nginx-docker-proxy-domain.yml" - name: "include tasks nginx-docker-proxy-domain.yml"
include_tasks: nginx-docker-proxy-domain.yml include_tasks: nginx-docker-proxy-domain.yml