jackycute
commented
1 year ago Hi @RuiSiang, thanks for your idea and PR is welcomed.
Open RuiSiang opened 1 year ago
jackycute
commented
1 year ago Hi @RuiSiang, thanks for your idea and PR is welcomed.
It makes sense that public facing urls and private urls are different. In my case, say the Minio endpoint is set up at localhost:9000, and we add a reverse proxy to proxy it at https://s3.example.com while putting it behind Cloudflare. If we use the public facing url to upload the link, placing the uploaded images back over through cloudflare from the backend simple does not make sense, and I've run into weird unsolvable issues with Cloudflare. Moreover, this is bad for security since we cannot limit the write function to specific IPs (all comes from Cloudflare in this case). Codimd's upload does not work like conventional apps that interact with s3 (i.e. outline's) since it uploads it via API and then the backend uploads it to the s3 instance, which makes the flow weird and the backend prone to rate-limiting or bot-filtered.
Proposing additional environmental variables as follows
Currently the workaround for this is to override /etc/hosts to resolve the url to the real IP. The issues with this is that the port has to be the same or reverse proxied locally.