From f970091c6a58d06a42594e2c4a0baa5a86617652 Mon Sep 17 00:00:00 2001
From: tusooa <tusooa@kazv.moe>
Date: Fri, 26 May 2023 17:17:13 -0400
Subject: Add instructions to serve media on another domain

---
 docs/configuration/hardening.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'docs/configuration')

diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
index d3bfc4e4a..4f40873e6 100644
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@@ -62,6 +62,20 @@ An additional “Expect-CT” header will be sent with the configured `ct_max_ag
 
 If you click on a link, your browser’s request to the other site will include from where it is coming from. The “Referrer policy” header tells the browser how and if it should send this information. (see [Referrer policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy))
 
+### Uploaded media and media proxy
+
+It is STRONGLY RECOMMENDED to serve both the locally-uploaded media and the media proxy from another domain than the domain that Pleroma runs on, if applicable.
+
+```elixir
+config :pleroma, :media_proxy,
+  base_url: "https://some.other.domain"
+
+config :pleroma, Pleroma.Upload,
+  base_url: "https://some.other.domain"
+```
+
+See `installation/pleroma-mediaproxy.nginx` for examples on how to configure your media proxy.
+
 ## systemd
 
 A systemd unit example is provided at `installation/pleroma.service`.
-- 
cgit v1.2.3