Update README

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-23 00:48:39 -06:00
parent 8f1853e773
commit 35806a2058
No known key found for this signature in database

View file

@ -2,12 +2,13 @@
This is a misskey proxy worker for ゆめちのくに (Yumechi-no-kuni) instance. Runs natively on both local and Cloudflare Workers environments! This is a misskey proxy worker for ゆめちのくに (Yumechi-no-kuni) instance. Runs natively on both local and Cloudflare Workers environments!
It has been deployed on my instance for since 11/14 under the AppArmor deployment profile.
Work in progress! Currently to do: Currently to do:
- [X] Content-Type sniffing - [X] Content-Type sniffing
- [X] SVG rendering - [X] SVG rendering
- [ ] Font rendering (likely will not run on Cloudflare Workers Free plan) - [ ] Font rendering (will not run on Cloudflare Workers Free plan)
- [X] Preset image resizing - [X] Preset image resizing
- [X] Opportunistic Redirection on large video files - [X] Opportunistic Redirection on large video files
- [X] RFC9110 compliant proxy loop detection with defensive programming against known vulnerable proxies - [X] RFC9110 compliant proxy loop detection with defensive programming against known vulnerable proxies
@ -105,4 +106,8 @@ All major distros should have an easy-to-follow guide on how to do this. Typical
This will create a highly restrictive environment: try it yourself with `aa-exec -p yumechi-no-kuni-proxy-worker [initial_foothold]` and see if you can break out :). And that is just the first layer of defense, try the more restrictive subprofiles: This will create a highly restrictive environment: try it yourself with `aa-exec -p yumechi-no-kuni-proxy-worker [initial_foothold]` and see if you can break out :). And that is just the first layer of defense, try the more restrictive subprofiles:
- `yumechi-no-kuni-proxy-worker//serve`: irreversibly dropped into before listening on the network begins. Restrict loading additional code and access to configuration files. - `yumechi-no-kuni-proxy-worker//serve`: irreversibly dropped into before listening on the network begins. Restrict loading additional code and access to configuration files.
- `yumechi-no-kuni-proxy-worker//serve//image`: absolutely no file, network or capability access. - `yumechi-no-kuni-proxy-worker//serve//image`: absolutely no file, network or capability access.
## Docker
If you still for some reason want to use Docker, you can use the `Dockerfile` provided.