A simple, blazingly fast, selfhosted URL shortener with no unnecessary features; written in Rust. - SinTan1729/chhoto-url

A simple selfhosted URL shortener with no unnecessary features. Simplicity and speed are the main foci of this project. The docker image is ~6 MB (compressed), and it uses <5 MB of RAM under regular use.

  • glizzyguzzler@lemmy.blahaj.zoneEnglish
    5·
    4 days ago

    Looks awesome and very efficient, does it also run with read_only: true (with a db volume provided, of course!)? Many containers just need a /tmp, but not always

    • SinTan1729@programming.devOPEnglish
      3·
      4 days ago

      Thanks. I had never tested this before. Seems like it throws errors. Of course, adding and deleting links don’t work. But that’s to be expected. But also link resolution fails since it cannot update the hit count properly. If this is a legitimate use case for you, I might work on making it work.

      • glizzyguzzler@lemmy.blahaj.zoneEnglish
        4·
        3 days ago

        I try to slap anything I’d face the Internet with with the read_only to further restrict exploit possibilities, would be abs great if you could make it work! I just follow all reqs on the security cheat sheet, with read_only being one of them: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

        With how simple it is I guessed that running as a userand restricting cap_drop: all wouldn’t be a problem.

        For read_only many containers just need tmpfs: /tmp in addition to the volume for the db. I think many containers just try to contain temporary file writing to one directory to make applying read_only easier.

        So again, I’d abs use it with read_only when you get the time to tune it!!

        • SinTan1729@programming.devOPEnglish
          2·
          2 days ago

          Upon further testing, this does actually work. You may set both read_only: true, and cap_drop: all and it will work as long as you have a named volume. I had it mount a database file from the host system for my test config, which is why I was getting the errors. I don’t know how to make that work though i.e. when the db is bind mounted from the host system. Setting the mount :rw doesn’t seem to fix it.

          • glizzyguzzler@lemmy.blahaj.zoneEnglish
            2·
            2 days ago

            Odd, I’ll try to deploy this when I can and see!

            I’ve never had a problem with a volume being on the host system, except with user permissions messed up. But if you haven’t given it a user parameter it’s running as root and shouldn’t have a problem. So I’ll see sometime and get back to you!