From 708ec66d9b8d96770901a03ecc6be4c3b62eaffd Mon Sep 17 00:00:00 2001 From: Caleb Maclennan Date: Thu, 6 May 2021 18:28:04 +0300 Subject: [PATCH 1/4] Don't indent TOML keys deeper than their sections --- config-demo.toml | 22 +++++++++++----------- config.toml.sample | 34 +++++++++++++++++----------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/config-demo.toml b/config-demo.toml index 7aff549..f61a22a 100644 --- a/config-demo.toml +++ b/config-demo.toml @@ -1,15 +1,15 @@ [app] - # Interface and port where the app will run its webserver. - address = "0.0.0.0:9000" +# Interface and port where the app will run its webserver. +address = "0.0.0.0:9000" # Database. [db] - host = "demo-db" - port = 5432 - user = "listmonk" - password = "listmonk" - database = "listmonk" - ssl_mode = "disable" - max_open = 25 - max_idle = 25 - max_lifetime = "300s" +host = "demo-db" +port = 5432 +user = "listmonk" +password = "listmonk" +database = "listmonk" +ssl_mode = "disable" +max_open = 25 +max_idle = 25 +max_lifetime = "300s" diff --git a/config.toml.sample b/config.toml.sample index 7b09b77..21c2d00 100644 --- a/config.toml.sample +++ b/config.toml.sample @@ -1,22 +1,22 @@ [app] - # Interface and port where the app will run its webserver. - address = "0.0.0.0:9000" +# Interface and port where the app will run its webserver. +address = "0.0.0.0:9000" - # BasicAuth authentication for the admin dashboard. This will eventually - # be replaced with a better multi-user, role-based authentication system. - # IMPORTANT: Leave both values empty to disable authentication on admin - # only where an external authentication is already setup. - admin_username = "listmonk" - admin_password = "listmonk" +# BasicAuth authentication for the admin dashboard. This will eventually +# be replaced with a better multi-user, role-based authentication system. +# IMPORTANT: Leave both values empty to disable authentication on admin +# only where an external authentication is already setup. +admin_username = "listmonk" +admin_password = "listmonk" # Database. [db] - host = "db" - port = 5432 - user = "listmonk" - password = "listmonk" - database = "listmonk" - ssl_mode = "disable" - max_open = 25 - max_idle = 25 - max_lifetime = "300s" +host = "db" +port = 5432 +user = "listmonk" +password = "listmonk" +database = "listmonk" +ssl_mode = "disable" +max_open = 25 +max_idle = 25 +max_lifetime = "300s" From 6c40e05d2db12bd268d1312abe0c4eaaba4506ec Mon Sep 17 00:00:00 2001 From: Caleb Maclennan Date: Fri, 7 May 2021 12:33:22 +0300 Subject: [PATCH 2/4] =?UTF-8?q?Use=20=E2=80=98localhost=E2=80=99=20as=20de?= =?UTF-8?q?fault=20name=20for=20database=20server?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using localhost instead of some random string is much more likely to actually work out of the box. Also it's a lot easier for a sysamdmin to 'scan' for things that need changing. --- config.toml.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.toml.sample b/config.toml.sample index 21c2d00..d1022a3 100644 --- a/config.toml.sample +++ b/config.toml.sample @@ -11,7 +11,7 @@ admin_password = "listmonk" # Database. [db] -host = "db" +host = "localhost" port = 5432 user = "listmonk" password = "listmonk" From 26a023813e0ef2d3a366712e37ffcd348ece3955 Mon Sep 17 00:00:00 2001 From: Caleb Maclennan Date: Fri, 7 May 2021 12:35:22 +0300 Subject: [PATCH 3/4] =?UTF-8?q?Bind=20to=20=E2=80=98localhost=E2=80=99=20i?= =?UTF-8?q?nstead=20of=20=E2=80=980.0.0.0=E2=80=99=20by=20default?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a small safety precaution to make sure the out of the box configuration is not world routeable. Bringing this up on a public interface with a connected database could be a security concern. Any sysadmin worth their salt is going to test offline or by binding to localhost only first anyway, but this gets them started on the right foot and makes sure people don't make mistakes. Also with the high likelihood that a proxy is going to be used for HTTPS termination anyway, the decision to move to a public IP should be more deliberate. --- config.toml.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.toml.sample b/config.toml.sample index d1022a3..0180a11 100644 --- a/config.toml.sample +++ b/config.toml.sample @@ -1,6 +1,6 @@ [app] # Interface and port where the app will run its webserver. -address = "0.0.0.0:9000" +address = "localhost:9000" # BasicAuth authentication for the admin dashboard. This will eventually # be replaced with a better multi-user, role-based authentication system. From 09c56da8c67d9beed00fde41620243ecd2b345b6 Mon Sep 17 00:00:00 2001 From: Caleb Maclennan Date: Fri, 7 May 2021 14:44:16 +0300 Subject: [PATCH 4/4] Document tidbits about listening addresses for non-sysadmin types --- config.toml.sample | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/config.toml.sample b/config.toml.sample index 0180a11..4b178e2 100644 --- a/config.toml.sample +++ b/config.toml.sample @@ -1,5 +1,8 @@ [app] -# Interface and port where the app will run its webserver. +# Interface and port where the app will run its webserver. The default value +# of localhost will only listen to connections from the current machine. To +# listen on all interfaces use '0.0.0.0'. To listen on the default web address +# port, use port 80 (this will require running with elevated permissions). address = "localhost:9000" # BasicAuth authentication for the admin dashboard. This will eventually