improve YAML syntax for defining allowed IPs

author: Hazelnoot <acomputerdog@gmail.com> 2025-05-13 22:19:24 -0400
committer: Hazelnoot <acomputerdog@gmail.com> 2025-05-13 22:19:24 -0400
commit: 5116586d79df7216b124e74715f6414ffffa7e3a (patch)
tree: 36d233908b14e7eddd1c10f12e4c15b0933418a5 /.config
parent: allow private IP ranges to specify allowed ports (diff)
download: sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.tar.gz
sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.tar.bz2
sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.zip
4 files changed, 75 insertions, 12 deletions
diff --git a/.config/ci.yml b/.config/ci.yml
index fefa45643c..4a6d21e1d5 100644
--- a/.config/ci.yml
+++ b/.config/ci.yml
@@ -321,9 +321,24 @@ attachLdSignatureForRelays: true
 # For security reasons, uploading attachments from the intranet is prohibited,
 # but exceptions can be made from the following settings. Default value is "undefined".
 # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
-#allowedPrivateNetworks: [
-#  '127.0.0.1/32'
-#]
+# Some example configurations:
+#allowedPrivateNetworks:
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1/32'
+#  # Allow connections to 127.0.0.* on any port
+#  - '127.0.0.1/24'
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on any port
+#  - network: '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on port 80
+#  - network: '127.0.0.1'
+#    ports: [80]
+#  # Allow connections to 127.0.0.1 on port 80 or 443
+#  - network: '127.0.0.1'
+#    ports:
+#      - 80
+#      - 443
 
 #customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
 
diff --git a/.config/cypress-devcontainer.yml b/.config/cypress-devcontainer.yml
index e4eb8cc805..356d583611 100644
--- a/.config/cypress-devcontainer.yml
+++ b/.config/cypress-devcontainer.yml
@@ -269,9 +269,27 @@ proxyRemoteFiles: true
 # Sign to ActivityPub GET request (default: true)
 signToActivityPubGet: true
 
-allowedPrivateNetworks: [
-  '127.0.0.1/32'
-]
+# For security reasons, uploading attachments from the intranet is prohibited,
+# but exceptions can be made from the following settings. Default value is "undefined".
+# Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
+# Some example configurations:
+allowedPrivateNetworks:
+  # Allow connections to 127.0.0.1 on any port
+  - '127.0.0.1/32'
+#  # Allow connections to 127.0.0.* on any port
+#  - '127.0.0.1/24'
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on any port
+#  - network: '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on port 80
+#  - network: '127.0.0.1'
+#    ports: [80]
+#  # Allow connections to 127.0.0.1 on port 80 or 443
+#  - network: '127.0.0.1'
+#    ports:
+#      - 80
+#      - 443
 
 # Disable automatic redirect for ActivityPub object lookup. (default: false)
 # This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation.
diff --git a/.config/docker_example.yml b/.config/docker_example.yml
index 7968a7d1f4..68679f64ed 100644
--- a/.config/docker_example.yml
+++ b/.config/docker_example.yml
@@ -378,9 +378,24 @@ attachLdSignatureForRelays: true
 # For security reasons, uploading attachments from the intranet is prohibited,
 # but exceptions can be made from the following settings. Default value is "undefined".
 # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
-#allowedPrivateNetworks: [
-#  '127.0.0.1/32'
-#]
+# Some example configurations:
+#allowedPrivateNetworks:
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1/32'
+#  # Allow connections to 127.0.0.* on any port
+#  - '127.0.0.1/24'
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on any port
+#  - network: '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on port 80
+#  - network: '127.0.0.1'
+#    ports: [80]
+#  # Allow connections to 127.0.0.1 on port 80 or 443
+#  - network: '127.0.0.1'
+#    ports:
+#      - 80
+#      - 443
 
 #customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
 
diff --git a/.config/example.yml b/.config/example.yml
index d0ed4defaa..9cb1e656c1 100644
--- a/.config/example.yml
+++ b/.config/example.yml
@@ -381,9 +381,24 @@ attachLdSignatureForRelays: true
 # For security reasons, uploading attachments from the intranet is prohibited,
 # but exceptions can be made from the following settings. Default value is "undefined".
 # Read changelog to learn more (Improvements of 12.90.0 (2021/09/04)).
-#allowedPrivateNetworks: [
-#  '127.0.0.1/32'
-#]
+# Some example configurations:
+#allowedPrivateNetworks:
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1/32'
+#  # Allow connections to 127.0.0.* on any port
+#  - '127.0.0.1/24'
+#  # Allow connections to 127.0.0.1 on any port
+#  - '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on any port
+#  - network: '127.0.0.1'
+#  # Allow connections to 127.0.0.1 on port 80
+#  - network: '127.0.0.1'
+#    ports: [80]
+#  # Allow connections to 127.0.0.1 on port 80 or 443
+#  - network: '127.0.0.1'
+#    ports:
+#      - 80
+#      - 443
 
 #customMOTD: ['Hello World', 'The sharks rule all', 'Shonks']
author	Hazelnoot <acomputerdog@gmail.com>	2025-05-13 22:19:24 -0400
committer	Hazelnoot <acomputerdog@gmail.com>	2025-05-13 22:19:24 -0400
commit	5116586d79df7216b124e74715f6414ffffa7e3a (patch)
tree	36d233908b14e7eddd1c10f12e4c15b0933418a5 /.config
parent	allow private IP ranges to specify allowed ports (diff)
download	sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.tar.gz sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.tar.bz2 sharkey-5116586d79df7216b124e74715f6414ffffa7e3a.zip