starred/ArchiveBox
1
0
Fork 0
mirror of https://github.com/ArchiveBox/ArchiveBox.git synced 2026-04-25 17:16:00 +03:00
Code Issues 624 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #724] Discussion: Serve in a subfolder #458

New issue
Closed
opened 2026-03-01 14:43:45 +03:00 by kerem · 9 comments
kerem commented 2026-03-01 14:43:45 +03:00
Owner
Copy link

Originally created by @danisztls on GitHub (Apr 26, 2021).
Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/724

Current paths are:

mydomain/public/...
mydomain/private/...
mydomain/static/...

I suggest optionally having it under a subfolder to make it easier to put ArchiveBox under a reverse proxy like Nginx.

mydomain/archivebox/public/...
mydomain/archivebox/private/...
mydomain/archivebox/static/...

Is it feasable?

Originally created by @danisztls on GitHub (Apr 26, 2021). Original GitHub issue: https://github.com/ArchiveBox/ArchiveBox/issues/724 Current paths are: ``` mydomain/public/... mydomain/private/... mydomain/static/... ``` I suggest optionally having it under a subfolder to make it easier to put ArchiveBox under a reverse proxy like Nginx. ``` mydomain/archivebox/public/... mydomain/archivebox/private/... mydomain/archivebox/static/... ``` Is it feasable?
kerem commented 2026-03-01 14:43:46 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Apr 27, 2021):

It's pretty difficult, but not impossible, there are a lot of /relative urls all over the codebase. A bunch are in the static html too, so it's hard to change them after-the-fact since they wouldn't be re-rendered after you reconfigure it automatically.

<!-- gh-comment-id:827974085 --> @pirate commented on GitHub (Apr 27, 2021): It's pretty difficult, but not impossible, there are a lot of `/relative` urls all over the codebase. A bunch are in the static html too, so it's hard to change them after-the-fact since they wouldn't be re-rendered after you reconfigure it automatically.
kerem commented 2026-03-01 14:43:46 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Apr 27, 2021):

Reopening because I do want to allow this to be done eventually when I have time, it just probably wont be done anytime soon.

<!-- gh-comment-id:828032588 --> @pirate commented on GitHub (Apr 27, 2021): Reopening because I do want to allow this to be done eventually when I have time, it just probably wont be done anytime soon.
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@FraMecca commented on GitHub (Aug 18, 2021):

What about this:
https://ubuntu.com/blog/django-behind-a-proxy-fixing-absolute-urls

<!-- gh-comment-id:901203051 --> @FraMecca commented on GitHub (Aug 18, 2021): What about this: https://ubuntu.com/blog/django-behind-a-proxy-fixing-absolute-urls
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@mhfowler commented on GitHub (Aug 18, 2021):

fwiw this would be helpful for the purpose of packaging archivebox as a yunohost package, something I've been working on. discussed here https://forum.yunohost.org/t/nginx-config-for-path/16887

<!-- gh-comment-id:901217195 --> @mhfowler commented on GitHub (Aug 18, 2021): fwiw this would be helpful for the purpose of packaging archivebox as a yunohost package, something I've been working on. discussed here https://forum.yunohost.org/t/nginx-config-for-path/16887
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@ss89 commented on GitHub (Mar 12, 2022):

i'd also like to see this feature

<!-- gh-comment-id:1065898871 --> @ss89 commented on GitHub (Mar 12, 2022): i'd also like to see this feature
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Mar 13, 2022):

Doing this breaks a surprising amount of things because of how relative paths are written statically to the filesystem in the index.json/html files. It's fixable with rewriting in a Django middleware but it's complicated and there are a lot of edge cases and it's still low on my personal priority list.

<!-- gh-comment-id:1066028025 --> @pirate commented on GitHub (Mar 13, 2022): Doing this breaks a surprising amount of things because of how relative paths are written statically to the filesystem in the index.json/html files. It's fixable with rewriting in a Django middleware but it's complicated and there are a lot of edge cases and it's still low on my personal priority list.
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@hellodword commented on GitHub (Feb 28, 2023):

totally agree

<!-- gh-comment-id:1448115048 --> @hellodword commented on GitHub (Feb 28, 2023): totally agree
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@pirate commented on GitHub (Feb 28, 2023):

I think I'm actually going to close this as wontfix because of the security issues. ArchiveBox really should only be hosted from a dedicated subdomain, because it's extremely risky to rehost archived JS on a domain shared with other sites. It breaks CORS / CSRF / CSP and many other web security mechanisms to have untrusted content and JS on a domain shared with other apps. It's already risky enough hosting the admin UI on the same domain as snapshot content, let alone exposing that risk to other apps.

It's the same reason why user-uploaded content is stored on xxx.googleusercontent.com instead of google.com, or raw.githubusercontent.com instead of github.com. Most big companies don't keep arbitrary untrusted web content on the same domain (even subdomain) as trusted application code. It's very hard to sanitize HTML/JS/CSS 100% perfectly, rather than take the risk they just quarantine it on a domain with no auth cookies. https://security.googleblog.com/2012/08/content-hosting-for-modern-web.html

For more info see here: https://github.com/ArchiveBox/ArchiveBox/issues/239

<!-- gh-comment-id:1448573113 --> @pirate commented on GitHub (Feb 28, 2023): I think I'm actually going to close this as `wontfix` because of the security issues. ArchiveBox really should only be hosted from a dedicated subdomain, because it's extremely risky to rehost archived JS on a domain shared with other sites. It breaks CORS / CSRF / CSP and many other web security mechanisms to have untrusted content and JS on a domain shared with other apps. It's already risky enough hosting the admin UI on the same domain as snapshot content, let alone exposing that risk to other apps. It's the same reason why user-uploaded content is stored on `xxx.googleusercontent.com` instead of `google.com`, or `raw.githubusercontent.com` instead of `github.com`. Most big companies don't keep arbitrary untrusted web content on the same domain (even subdomain) as trusted application code. It's very hard to sanitize HTML/JS/CSS 100% perfectly, rather than take the risk they just quarantine it on a domain with no auth cookies. https://security.googleblog.com/2012/08/content-hosting-for-modern-web.html For more info see here: https://github.com/ArchiveBox/ArchiveBox/issues/239
kerem commented 2026-03-01 14:43:47 +03:00
Author
Owner
Copy link

@sasasqt commented on GitHub (Aug 22, 2023):

well, if you insist, here is the nginx code that redirect yourdomain/archivebox/ to 127.0.0.1:8000

http {
    map "$http_referer$request_method" $archivebox_post {
        default 0;
        "~.*/archivebox/.*POST" 1;
    }
    map "$http_referer$request_method" $archivebox_get {
        default 0;
        "~.*/archivebox/.*GET" 1;
    }
    server {
        location / {
            root   html;
            index  index.html index.htm;
            if ($archivebox_post) {
                return 307 /archivebox/$request_uri;
            }
            if ($archivebox_get) {
                return 301 /archivebox/$request_uri;
            }
        }
        location /archivebox {
            return 302 /archivebox/;
        }
        location /archivebox/ {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_redirect / /archivebox/;
            proxy_pass http://127.0.0.1:8000/;
        }
    }
}
<!-- gh-comment-id:1688647925 --> @sasasqt commented on GitHub (Aug 22, 2023): well, if you insist, here is the nginx code that redirect yourdomain/archivebox/ to 127.0.0.1:8000 ``` http { map "$http_referer$request_method" $archivebox_post { default 0; "~.*/archivebox/.*POST" 1; } map "$http_referer$request_method" $archivebox_get { default 0; "~.*/archivebox/.*GET" 1; } server { location / { root html; index index.html index.htm; if ($archivebox_post) { return 307 /archivebox/$request_uri; } if ($archivebox_get) { return 301 /archivebox/$request_uri; } } location /archivebox { return 302 /archivebox/; } location /archivebox/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect / /archivebox/; proxy_pass http://127.0.0.1:8000/; } } } ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
main
abx-dl-refactor
claude/issue-1688-20251229-2233
claude/s3-support-migration-JZQcf
claude/review-snapshot-archive-RJOkr
claude/review-code-quality-macdO
claude/reduce-chrome-duplication-JgWVr
fix/chrome-args-comma-parsing
claude/issue-668-20251229-2145
claude/issue-1664-20251229-2236
v086
claude/improve-test-suite-xm6Bh
claude/typescript-archivebox-rewrite-011CUmPyEmECnkXwyHRT9RPF
claude/archivebox-schema-orm-comparison-011CUn26GurEpLiBUq4zjVLJ
stable
logfire
plugins-browsertrix
v072
link-removal2
v0.8.6rc1
v0.7.3
v0.8.6rc0
v0.8.5rc53
v0.8.5rc51
v0.8.5rc50
v0.8.5rc49
v0.8.5rc48
v0.8.5rc47
v0.8.5rc46
v0.8.5rc45
v0.8.5rc44
v0.8.5rc43
v0.8.5rc42
v0.8.5rc41
v0.8.5rc40
v0.8.5rc39
v0.8.5rc38
v0.8.5rc37
v0.8.5rc36
v0.8.5rc35
v0.8.5rc34
v0.8.5rc33
v0.8.5rc32
v0.8.5rc31
v0.8.5rc30
v0.8.5rc29
v0.8.5rc28
v0.8.5rc27
v0.8.5rc26
v0.8.5rc25
v0.8.5rc24
v0.8.5rc23
v0.8.5rc22
v0.8.5rc13
v0.8.5rc12
v0.8.5rc11
v0.8.5rc10
v0.8.5rc9
v0.8.5rc8
v0.8.5rc6
v0.8.5rc5
v0.8.5rc4
v0.8.5rc3
v0.8.5rc2
v0.8.5-rc
v0.8.4-rc
v0.8.3-rc
v0.8.2-rc
v0.8.0-rc
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.0
v0.5.6
v0.5.4
v0.5.3
v0.4.24
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.9
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.0
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
expected: maybe someday

   
expected: next release

   
expected: release after next

   
expected: unlikely unless contributed

   
good first ticket

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
scope: all users

   
scope: windows users

   
size: easy

   
size: hard

   
size: medium

   
size: medium

   
status: backlog

   
status: blocked

   
status: done

   
status: idea-phase

   
status: needs followup

   
status: wip

   
status: wontfix

   
touches: API/CLI/Spec

   
touches: configuration

   
touches: data/schema/architecture

   
touches: dependencies/packaging

   
touches: docs

   
touches: js

   
touches: views/replayers/html/css

   
why: correctness

   
why: functionality

   
why: performance

   
why: security
No labels
expected: maybe someday
expected: next release
expected: release after next
expected: unlikely unless contributed
good first ticket
help wanted
pull-request
scope: all users
scope: windows users
size: easy
size: hard
size: medium
size: medium
status: backlog
status: blocked
status: done
status: idea-phase
status: needs followup
status: wip
status: wontfix
touches: API/CLI/Spec
touches: configuration
touches: data/schema/architecture
touches: dependencies/packaging
touches: docs
touches: js
touches: views/replayers/html/css
why: correctness
why: functionality
why: performance
why: security
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ArchiveBox#458
No description provided.