~tsileo/microblog.pub#154: 
When using subpath, admin link still uses domain/admin/login

Hello:

I am trying to get microblog working under docker with a proxy server serving micropub at https://t.l.d/blog2. I have the proxy server set up and all links via /blog2 and the .well-known links are redirecting properly to the back end docker server.

However I couldn't log into the instance. The admin link at the bottom of the page shown using /blog2/ didn't include the /blog2/ subpath.

I edited misc/docker-supervisord.conf between config and docker-compose up steps. However unlike in the docs, I had to :

make build

again to get it to take effect. I was able to verify that --root-path was not set before the build step by exec'ing into the container and catting /proc/[0-9]*/cmdline.

Once I rebuilt the image, I saw the change in the admin link to use the subpath.

So the docs need to be changed to require a rebuild after changing the docker-supervisord.conf.

Also I changed docker-compose to use:

  ports:
  - "127.0.0.1:8087:8000"

so that the docker port was not externally exposed and is bound only to the loopback IP. When using the:

trusted_hosts = ["*"]

you shouldn't permit any host on the local net to access the micropub instance in the docker container.

https://docs.docker.com/network/#published-ports

Sadly this isn't as good as one would want, but better than nothing as the attacker needs to figure out the internal network ip address used.

#Have a great day.

			-- rouilj

#John Rouillard

My employers don't acknowledge my existence much less my opinions.

Status
REPORTED
Submitter
John P. Rouillard
Assigned to
No-one
Submitted
10 months ago
Updated
10 months ago
Labels
No labels applied.