@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
1@title Configuring a File Domain
2@group config
3
4Setup guide for an alternate file domain or CDN.
5
6Overview
7========
8
9Serving files that users upload from the same domain that Phorge runs on
10is a security risk.
11
12In general, doing this creates a risk that users who have permission to upload
13files may be able to upload specially crafted files (like Flash or Java
14applets) which can execute with domain permissions in some contexts (usually
15because of security issues with Flash and Java, but both products have a rich
16history of security issues). The attacker can then trick another user into
17executing the file and gain access to their session.
18
19The best way to mitigate this threat is to serve files from a separate domain.
20For example, if Phorge is hosted at `https://phorge.example.com/`,
21you can serve files from `https://files.exampleusercontent.com/`.
22
23The alternate file domain should be a completely different domain from your
24primary domain, not just a different subdomain. For example, Google uses
25`googleusercontent.com`, //not// `usercontent.google.com`.
26
27You can also configure the alternate file domain to serve through a CDN, which
28will improve performance.
29
30Approaches
31=========
32
33Broadly, you can either choose a CDN service and configure that (which will
34also defuse the security risks) or you can configure a second domain with the
35same settings as your first domain. A CDN service may be easier to set up and
36can improve performance.
37
38| Method | Setup Difficulty | Cost | Notes |
39|---|---|---|---|
40| AWS CloudFront | Very Easy | Cheap | Recommended |
41| Cloudflare | Easy | Free/Cheap | Recommended |
42| Self Hosted | Moderate | Free | No CDN unless you're an ops wizard. |
43
44Approach: AWS CloudFront
45========
46
47CloudFront is a CDN service that's part of Amazon Web Services. It makes
48particular sense to use if you're hosting your install in AWS.
49
50To configure it, set up a new CloudFront distribution which is pointed at
51your Phorge install as an origin (make sure you point it at the primary
52domain name of your install, not just a load balancer or instance). You do not
53need to set up a new domain name, which makes setup a bit more straightforward.
54
55Most settings can be left at their default values, but you should change
56the **Allowed HTTP Methods** setting from `GET, HEAD` to
57`GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE`.
58
59Once configured, accessing the distribution's domain name should return a
60Phorge error page indicating that Phorge does not recognize the
61domain. If you see this page, it means you've configured things correctly.
62
63Continue to "Configuring Phorge", below.
64
65Approach: Cloudflare
66========
67
68WARNING: You should review all your Cloudflare settings, and be very
69sure to turn off all optimization features, including systems like
70"Rocket Loader". These features will break Phorge in strange and
71mysterious ways that are unpredictable. Only allow Cloudflare to cache files,
72and never optimize them.
73
74[[ https://www.cloudflare.com | Cloudflare ]] is a general-purpose CDN service.
75
76To set up Cloudflare, you'll need to register a second domain and go through
77their enrollment process to host the alternate domain on their servers. Use a
78CNAME record to forward a subdomain to your Phorge install.
79
80Cloudflare will automatically generate SSL certificates for hosted domains,
81which can significantly reduce the cost and complexity of setup.
82
83Once configured, accessing the CNAME-forwarded subdomain should return a
84Phorge error page indicating that Phorge does not recognize the
85domain. If you see this page, it means you've configured things correctly.
86
87Continue to "Configuring Phorge", below.
88
89Approach: Self Hosted
90========
91
92To do this, just set up a second domain exactly like your primary domain is
93set up. When setup is complete, visiting the domain should return a Phorge
94error page indicating that Phorge does not recognize the domain. This
95means that you've configured things correctly.
96
97Note that if you use SSL (which you should), you'll also need to get a
98certificate for this alternate domain and configure that, too.
99
100You can also configure a self-hosted domain to route through a caching server
101to provide some of the performance benefits of a CDN, but this is advanced and
102outside the scope of this documentation.
103
104Continue to "Configuring Phorge", below.
105
106Configuring Phorge
107========
108
109After you've set up a CDN or an alternate domain, configure Phorge to
110recognize the domain. Run this command, providing the domain you have
111configured in place of the `<domain>` token. You should include the protocol,
112so an example domain might be `https://cdn.examplecdn.com/`.
113
114 phorge/ $ ./bin/config set security.alternate-file-domain <domain>
115
116Phorge should now serve CSS, JS, images, profile pictures, and user
117content through the file domain. You can verify this with "View Source" or
118by downloading a file and checking the URL.