From 923d333823766db8bcbc746c81251cb043f7eb75 Mon Sep 17 00:00:00 2001
From: Andrea <ajf@ajf.me>
Date: Wed, 7 Dec 2022 21:50:37 +0100
Subject: [docs] encourage using loopback bind address (#1166)

---
 docs/installation_guide/caddy.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'docs/installation_guide/caddy.md')

diff --git a/docs/installation_guide/caddy.md b/docs/installation_guide/caddy.md
index 89fb55605..935b811fd 100644
--- a/docs/installation_guide/caddy.md
+++ b/docs/installation_guide/caddy.md
@@ -49,6 +49,8 @@ In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled`
 
 If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
 
+If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
+
 ## Set up Caddy
 
 We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once.
-- 
cgit v1.2.3