archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
df1522088452e5e9edac6ec92fcd00dc7df809c6
phabricator/src/docs/user/configuration/configuring_file_domain.diviner
epriestley df15220884 Adjust CloudFront configuration instructions to allow POST 
Summary: Ref T8293. We may submit POST requests to the alternate file domain, and CloudFront should be configured to route them.

Test Plan: See T8293.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T8293

Differential Revision: https://secure.phabricator.com/D12973
2015-05-21 16:10:53 -07:00

113 lines
4.5 KiB
Plaintext
Raw Blame History

@title Configuring a File Domain
@group config
Setup guide for an alternate file domain or CDN.
Overview
========
Serving files that users upload from the same domain that Phabricator runs on
is a security risk.
In general, doing this creates a risk that users who have permission to upload
files may be able to upload specially crafted files (like Flash or Java
applets) which can execute with domain permissions in some contexts (usually
because of security issues with Flash and Java, but both products have a rich
history of security issues). The attacker can then trick another user into
executing the file and gain access to their session.
The best way to mitigate this threat is to serve files from a separate domain.
For example, if Phabricator is hosted at `https://phabricator.example.com/`,
you can serve files from `https://files.exampleusercontent.com/`.
The alternate file domain should be a completely different domain from your
primary domain, not just a different subdomain. For example, Google uses
`googleusercontent.com`, //not// `usercontent.google.com`.
You can also configure the alternate file domain to serve through a CDN, which
will improve performance.
Approaches
=========
Broadly, you can either choose a CDN service and configure that (which will
also defuse the security risks) or you can configure a second domain with the
same settings as your first domain. A CDN service may be easier to set up and
can improve performance.
| Method | Setup Difficulty | Cost | Notes |
|---|---|---|---|
| AWS CloudFront | Very Easy | Cheap | Recommended |
| CloudFlare | Easy | Free/Cheap | Recommended |
| Self Hosted | Moderate | Free | No CDN unless you're an ops wizard. |
Approach: AWS CloudFront
========
CloudFront is a CDN service that's part of Amazon Web Services. It makes
particular sense to use if you're hosting your install in AWS.
To configure it, set up a new CloudFront distribution which is pointed at
your Phabricator install as an origin (make sure you point it at the primary
domain name of your install, not just a load balancer or instance). You do not
need to set up a new domain name, which makes setup a bit more straightforward.
Most settings can be left at their default values, but you should change
the **Allowed HTTP Methods** setting from `GET, HEAD` to
`GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE`.
Once configured, accessing the distribution's domain name should return a
Phabricator error page indicating that Phabricator does not recognize the
domain. If you see this page, it means you've configured things correctly.
Continue to "Configuring Phabricator", below.
Approach: CloudFlare
========
[[ https://cloudflare.net | CloudFlare ]] is a general-purpose CDN service.
To set up CloudFlare, you'll need to register a second domain and go through
their enrollment process to host the alternate domain on their servers. Use a
CNAME record to forward a subdomain to your Phabricator install.
CloudFlare will automatically generate SSL certificates for hosted domains,
which can significantly reduce the cost and complexity of setup.
Once configured, accessing the CNAME-forwarded subdomain should return a
Phabricator error page indicating that Phabricator does not recognize the
domain. If you see this page, it means you've configured things correctly.
Continue to "Configuring Phabricator", below.
Approach: Self Hosted
========
To do this, just set up a second domain exactly like your primary domain is
set up. When setup is complete, visiting the domain should return a Phabricator
error page indicating that Phabricator does not recognize the domain. This
means that you've configured things correctly.
Note that if you use SSL (which you should), you'll also need to get a
certificate for this alternate domain and configure that, too.
You can also configure a self-hosted domain to route through a caching server
to provide some of the performance benefits of a CDN, but this is advanced and
outside the scope of this documentation.
Continue to "Configuring Phabricator", below.
Configuring Phabricator
========
After you've set up a CDN or an alternate domain, configure Phabricator to
recognize the domain. Run this command, providing the domain you have
configured in place of the `<domain>` token. You should include the protocol,
so an example domain might be `https://cdn.phabcdn.net/`.
phabricator/ $ ./bin/config set security.alternate-file-domain <domain>
Phabricator should now serve CSS, JS, images, profile pictures, and user
content through the file domain. You can verify this with "View Source" or
by downloading a file and checking the URL.
Reference in New Issue View Git Blame Copy Permalink