From 0314e3025fdb0eeb8346e8ce74308ca641523bba Mon Sep 17 00:00:00 2001 From: Zef Hemel Date: Fri, 16 Dec 2022 13:00:06 +0100 Subject: [PATCH] Fixes #204 --- Dockerfile | 2 +- cmd/server.ts | 15 +++++++++------ website/CHANGELOG.md | 1 + website/Silver Bullet.md | 6 ++++-- 4 files changed, 15 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index b65bd2e8..f9d6c286 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,4 +23,4 @@ EXPOSE 3000 # Run the server, allowing to pass in additional argument at run time, e.g. # docker run -p 3002:3000 -v myspace:/space -it zefhemel/silverbullet --user me:letmein -ENTRYPOINT ["/tini", "--", "deno", "run", "-A", "--unstable", "/silverbullet.js", "/space"] \ No newline at end of file +ENTRYPOINT ["/tini", "--", "deno", "run", "-A", "--unstable", "/silverbullet.js", "--hostname", "0.0.0.0", "/space"] \ No newline at end of file diff --git a/cmd/server.ts b/cmd/server.ts index e9842776..0d84f184 100644 --- a/cmd/server.ts +++ b/cmd/server.ts @@ -5,17 +5,20 @@ import { AssetBundle, AssetJson } from "../plugos/asset_bundle/bundle.ts"; export function serveCommand(options: any, folder: string) { const pagesPath = path.resolve(Deno.cwd(), folder); - const hostname = options.hostname || "0.0.0.0"; + const hostname = options.hostname || "127.0.0.1"; const port = options.port || 3000; console.log( - "Going to start Silver Bullet on", + "Going to start Silver Bullet binding to", `${hostname}:${port}`, - "serving pages from", - pagesPath, - "with db file", - options.db, ); + console.log("Serving pages from", pagesPath); + + if (hostname === "127.0.0.1") { + console.log( + `_Note:_ Silver Bullet will only be available locally (via http://localhost:${port}), to allow outside connections, pass --host 0.0.0.0 as a flag.`, + ); + } const httpServer = new HttpServer({ hostname, diff --git a/website/CHANGELOG.md b/website/CHANGELOG.md index 4541b037..b44eba3a 100644 --- a/website/CHANGELOG.md +++ b/website/CHANGELOG.md @@ -5,6 +5,7 @@ release. ## Next * Vim mode is here! This mode can be enabled on a per-client basis (its state is stored in the browser). To toggle Vim mode on or off use the {[Editor: Toggle Vim Mode]} command. +* Security update: SB now binds to `127.0.0.1` by default, allowing just connections via `localhost`. To allow outside connections, pass the `--hostname 0.0.0.0` flag (and ideally combine it with a `--user username:password` flag to add basic authentication). --- diff --git a/website/Silver Bullet.md b/website/Silver Bullet.md index 1d0bc349..a45adda4 100644 --- a/website/Silver Bullet.md +++ b/website/Silver Bullet.md @@ -106,9 +106,11 @@ To run Silver Bullet, create a folder for your pages (it can be empty, or be an silverbullet ``` -By default, Silver Bullet will bind to port `3000`, to use a different port use the `--port` flag. By default Silver Bullet is unauthenticated, to password-protect it, specify a username and password with the `--user` flag (e.g. `--user pete:mypassword`). +By default, Silver Bullet will bind to port `3000`, to use a different port use the `--port` flag. -Once downloaded and booted, Silver Bullet will print out a URL to open SB in your browser (by default this will be http://localhost:3000 ). +For security reasons, by default Silver Bullet only allows connections via `localhost` (or `127.0.0.1`). To also allow connections from the network, pass a `--hostname 0.0.0.0` flag, ideally combined with `--user username:password` to add BasicAuth password protection. + +Once downloaded and booted, Silver Bullet will print out a URL to open SB in your browser. ## Upgrading Silver Bullet Silver Bullet is regularly updated. To get the latest and greatest, simply run: