diff options
| author |  Andrea <ajf@ajf.me> | 2022-12-07 21:50:37 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-12-07 21:50:37 +0100 |
| commit | 923d333823766db8bcbc746c81251cb043f7eb75 (patch) | |
| tree | 8c9990acd78c47f9df0e9e3b34930795c44b8a0b /docs/installation_guide | |
| parent | [feature] overhaul the oidc system (#961) (diff) | |
| download | gotosocial-923d333823766db8bcbc746c81251cb043f7eb75.tar.xz | |
[docs] encourage using loopback bind address (#1166)
Diffstat (limited to 'docs/installation_guide')
| -rw-r--r-- | docs/installation_guide/apache-httpd.md | 2 | ||||
| -rw-r--r-- | docs/installation_guide/caddy.md | 2 | ||||
| -rw-r--r-- | docs/installation_guide/nginx.md | 2 |
3 files changed, 6 insertions, 0 deletions
diff --git a/docs/installation_guide/apache-httpd.md b/docs/installation_guide/apache-httpd.md index c6e30b850..acada7c6f 100644 --- a/docs/installation_guide/apache-httpd.md +++ b/docs/installation_guide/apache-httpd.md @@ -44,6 +44,8 @@ sudoedit /gotosocial/config.yaml Then set `letsencrypt-enabled: false`. +If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable. + If GoToSocial is already running, restart it. ```bash diff --git a/docs/installation_guide/caddy.md b/docs/installation_guide/caddy.md index 89fb55605..935b811fd 100644 --- a/docs/installation_guide/caddy.md +++ b/docs/installation_guide/caddy.md @@ -49,6 +49,8 @@ In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled` If you we running GoToSocial on port 443, change the `port` value back to the default `8080`. +If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable. + ## Set up Caddy We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once. diff --git a/docs/installation_guide/nginx.md b/docs/installation_guide/nginx.md index 7525d6634..6b689faf5 100644 --- a/docs/installation_guide/nginx.md +++ b/docs/installation_guide/nginx.md @@ -38,6 +38,8 @@ In your GoToSocial config turn off letsencrypt by setting `letsencrypt-enabled` If you we running GoToSocial on port 443, change the `port` value back to the default `8080`. +If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable. + ## Set up NGINX First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https. |