prosody-filer icon indicating copy to clipboard operation
prosody-filer copied to clipboard

Published 20 hours ago verified publisher icon ThomasLeister

Prosody updated info

Open meaz opened this issue 4 years ago • 5 comments

Hi,

Prosody devs updated the mod_http_upload_external page. This module should not be added to modules_enabledn but as a component:

Component "upload.example.org" "http_upload_external"
http_upload_external_base_url = "https://your.example.com/upload/service"
http_upload_external_secret = "your shared secret"

So you may want to update your readme file ;)

meaz avatar Mar 31 '20 10:03 meaz

@meaz: A bit off-topic, but is there any background info to why the recommendation changed? I would like to understand what I am doing, but the page does not seem to be tracked in the version control system or anything.

Gigadoc2 avatar Mar 31 '20 16:03 Gigadoc2

I'm sorry, I don't know. I've just noticed the change ;)

meaz avatar Mar 31 '20 16:03 meaz

Luckily I could find some information in the backlog of [email protected]:

At the protocol level it's entirely possible to have it on the virtualhost, but in practice this seems to be confusing and errorprone In this case the anon users would have gotten upload slots like https://anon.sub.example.org:5821/upload/random If you have a proxy in front then this might not work due to that Other times people configure it so that multiple instances of http upload have the exact same URL, and then uploads fail because you talk to the wrong instance

If I understand this correctly, all this mostly applies to the internal mod_http_upload, as it would then create multiple upload endpoints (one for each vhost). For mod_http_upload_external there are probably less issues, but it still seems sensible to advertise the upload functionality only once (with the dedicated component) instead of multiple times (one per vhost) with each pointing to the same URL.

However, if I understand things right (I am still very confused about the relationship between DNS domains and XMPP components), having upload be a dedicated component also requires you to have DNS and certificates set up for that subdomain (independent of the actual HTTPS server).

Gigadoc2 avatar Mar 31 '20 17:03 Gigadoc2

Here is what prosody devs told me: HTTP clients usually require a valid certificate being presented by HTTP servers so yes, having upload be a dedicated component also requires you to have a certificate set up for that subdomain.

"do I also need a dedicated dns for upload.myserver.com ? -> Since prosody only points at a separate http server, only http considerations apply. "

meaz avatar Apr 01 '20 08:04 meaz

Hmm, the content of https://prosody.im/doc/components lead me to think that every component in use needs to have DNS records and a valid certificate in prosody itself. But maybe an upload component does not "need to be accessed from remote servers over s2s"?

Gigadoc2 avatar Apr 01 '20 17:04 Gigadoc2