Update README
Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
parent
8f1853e773
commit
35806a2058
1 changed files with 8 additions and 3 deletions
11
README.md
11
README.md
|
@ -2,12 +2,13 @@
|
||||||
|
|
||||||
This is a misskey proxy worker for ゆめちのくに (Yumechi-no-kuni) instance. Runs natively on both local and Cloudflare Workers environments!
|
This is a misskey proxy worker for ゆめちのくに (Yumechi-no-kuni) instance. Runs natively on both local and Cloudflare Workers environments!
|
||||||
|
|
||||||
|
It has been deployed on my instance for since 11/14 under the AppArmor deployment profile.
|
||||||
|
|
||||||
Work in progress! Currently to do:
|
Currently to do:
|
||||||
|
|
||||||
- [X] Content-Type sniffing
|
- [X] Content-Type sniffing
|
||||||
- [X] SVG rendering
|
- [X] SVG rendering
|
||||||
- [ ] Font rendering (likely will not run on Cloudflare Workers Free plan)
|
- [ ] Font rendering (will not run on Cloudflare Workers Free plan)
|
||||||
- [X] Preset image resizing
|
- [X] Preset image resizing
|
||||||
- [X] Opportunistic Redirection on large video files
|
- [X] Opportunistic Redirection on large video files
|
||||||
- [X] RFC9110 compliant proxy loop detection with defensive programming against known vulnerable proxies
|
- [X] RFC9110 compliant proxy loop detection with defensive programming against known vulnerable proxies
|
||||||
|
@ -105,4 +106,8 @@ All major distros should have an easy-to-follow guide on how to do this. Typical
|
||||||
This will create a highly restrictive environment: try it yourself with `aa-exec -p yumechi-no-kuni-proxy-worker [initial_foothold]` and see if you can break out :). And that is just the first layer of defense, try the more restrictive subprofiles:
|
This will create a highly restrictive environment: try it yourself with `aa-exec -p yumechi-no-kuni-proxy-worker [initial_foothold]` and see if you can break out :). And that is just the first layer of defense, try the more restrictive subprofiles:
|
||||||
|
|
||||||
- `yumechi-no-kuni-proxy-worker//serve`: irreversibly dropped into before listening on the network begins. Restrict loading additional code and access to configuration files.
|
- `yumechi-no-kuni-proxy-worker//serve`: irreversibly dropped into before listening on the network begins. Restrict loading additional code and access to configuration files.
|
||||||
- `yumechi-no-kuni-proxy-worker//serve//image`: absolutely no file, network or capability access.
|
- `yumechi-no-kuni-proxy-worker//serve//image`: absolutely no file, network or capability access.
|
||||||
|
|
||||||
|
## Docker
|
||||||
|
|
||||||
|
If you still for some reason want to use Docker, you can use the `Dockerfile` provided.
|
Loading…
Reference in a new issue