From 5584640a40079cf219f25d868a436429ef6ab5c0 Mon Sep 17 00:00:00 2001 From: egelhaus <156946629+egelhaus@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:44:20 +0100 Subject: [PATCH 1/3] Change Pre-Reqs File --- components/snippets/installation-pre-reqs.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/snippets/installation-pre-reqs.mdx b/components/snippets/installation-pre-reqs.mdx index 583d1d4..d577d68 100644 --- a/components/snippets/installation-pre-reqs.mdx +++ b/components/snippets/installation-pre-reqs.mdx @@ -6,11 +6,12 @@ This section will ask you to install & configure several services exaplained bel #### HTTPS is required (or localhost) -Postiz marks it's login cookies as Secure, which means you must run it either on localhost, or behind HTTPS - this is called a "secure context" in modern web browsers. +Postiz marks it's login cookies as Secure, this is called “secure context” in modern web browsers. -If you are not running either HTTPS or on localhost, then you will not be able to login, as your browser will refuse to send the login cookie. +If you want to use an secure Login Process, you need to set up an Certificate, which can be done via Reverse Proxy like Caddy or Nginx. -Postiz will not generate your HTTPS certificates for you, and it's servers cannot yet be configured to use a HTTPS certificate. This means you must use a reverse proxy to handle HTTPS. Documentation on popular reverse proxies can be found in the [reverse proxies](/reverse-proxies/) section, and if you've never used a reverse proxy with docker compose before, then [caddy](/reverse-proxies/caddy/) is recommended. +If you are not able to use an Certificate (https), then you need to add this Enviroment Variable to the .env File. +`NOT_SECURED=true` #### Network Ports From 4d6932e1928e95b41d784729893f1d02d7efd0e4 Mon Sep 17 00:00:00 2001 From: egelhaus <156946629+egelhaus@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:49:54 +0100 Subject: [PATCH 2/3] Fix Grammar Issues --- components/snippets/installation-pre-reqs.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/components/snippets/installation-pre-reqs.mdx b/components/snippets/installation-pre-reqs.mdx index d577d68..6f1081c 100644 --- a/components/snippets/installation-pre-reqs.mdx +++ b/components/snippets/installation-pre-reqs.mdx @@ -10,8 +10,9 @@ Postiz marks it's login cookies as Secure, this is called “secure context” i If you want to use an secure Login Process, you need to set up an Certificate, which can be done via Reverse Proxy like Caddy or Nginx. -If you are not able to use an Certificate (https), then you need to add this Enviroment Variable to the .env File. +If you cannot use a certificate (HTTPS), add the following environment variable to your `.env` file: `NOT_SECURED=true` +**Security Warning**: Setting `NOT_SECURED=true` disables secure cookie requirements. This should only be used in development environments or when you fully understand the security implications. Not recommended for production use. #### Network Ports From 488828049e11224d817d67769a88b3c0d2289187 Mon Sep 17 00:00:00 2001 From: egelhaus <156946629+egelhaus@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:53:04 +0100 Subject: [PATCH 3/3] Fix ENV Format --- components/snippets/installation-pre-reqs.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/components/snippets/installation-pre-reqs.mdx b/components/snippets/installation-pre-reqs.mdx index 6f1081c..f92c9fc 100644 --- a/components/snippets/installation-pre-reqs.mdx +++ b/components/snippets/installation-pre-reqs.mdx @@ -11,7 +11,9 @@ Postiz marks it's login cookies as Secure, this is called “secure context” i If you want to use an secure Login Process, you need to set up an Certificate, which can be done via Reverse Proxy like Caddy or Nginx. If you cannot use a certificate (HTTPS), add the following environment variable to your `.env` file: -`NOT_SECURED=true` +```env +NOT_SECURED=true +``` **Security Warning**: Setting `NOT_SECURED=true` disables secure cookie requirements. This should only be used in development environments or when you fully understand the security implications. Not recommended for production use. #### Network Ports