[docs] encourage using loopback bind address (#1166)
This commit is contained in:
parent
199b685f43
commit
923d333823
|
@ -64,9 +64,11 @@ protocol: "https"
|
||||||
|
|
||||||
# String. Address to bind the GoToSocial server to.
|
# String. Address to bind the GoToSocial server to.
|
||||||
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
|
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
|
||||||
# Default value will bind to all interfaces.
|
# The default value will bind to all interfaces, which makes the server
|
||||||
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or
|
# accessible by other machines. For most setups there is no need to change this.
|
||||||
# you have specific networking requirements.
|
# If you are using GoToSocial in a reverse proxy setup with the proxy running on
|
||||||
|
# the same machine, you will want to set this to "localhost" or an equivalent,
|
||||||
|
# so that the proxy can't be bypassed.
|
||||||
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
|
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
|
||||||
# Default: "0.0.0.0"
|
# Default: "0.0.0.0"
|
||||||
bind-address: "0.0.0.0"
|
bind-address: "0.0.0.0"
|
||||||
|
|
|
@ -44,6 +44,8 @@ sudoedit /gotosocial/config.yaml
|
||||||
|
|
||||||
Then set `letsencrypt-enabled: false`.
|
Then set `letsencrypt-enabled: false`.
|
||||||
|
|
||||||
|
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
|
||||||
|
|
||||||
If GoToSocial is already running, restart it.
|
If GoToSocial is already running, restart it.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
|
@ -49,6 +49,8 @@ In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled`
|
||||||
|
|
||||||
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
|
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
|
||||||
|
|
||||||
|
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
|
||||||
|
|
||||||
## Set up Caddy
|
## Set up Caddy
|
||||||
|
|
||||||
We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once.
|
We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once.
|
||||||
|
|
|
@ -38,6 +38,8 @@ In your GoToSocial config turn off letsencrypt by setting `letsencrypt-enabled`
|
||||||
|
|
||||||
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
|
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
|
||||||
|
|
||||||
|
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
|
||||||
|
|
||||||
## Set up NGINX
|
## Set up NGINX
|
||||||
|
|
||||||
First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https.
|
First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https.
|
||||||
|
|
|
@ -76,9 +76,11 @@ protocol: "https"
|
||||||
|
|
||||||
# String. Address to bind the GoToSocial server to.
|
# String. Address to bind the GoToSocial server to.
|
||||||
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
|
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
|
||||||
# Default value will bind to all interfaces.
|
# The default value will bind to all interfaces, which makes the server
|
||||||
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or
|
# accessible by other machines. For most setups there is no need to change this.
|
||||||
# you have specific networking requirements.
|
# If you are using GoToSocial in a reverse proxy setup with the proxy running on
|
||||||
|
# the same machine, you will want to set this to "localhost" or an equivalent,
|
||||||
|
# so that the proxy can't be bypassed.
|
||||||
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
|
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
|
||||||
# Default: "0.0.0.0"
|
# Default: "0.0.0.0"
|
||||||
bind-address: "0.0.0.0"
|
bind-address: "0.0.0.0"
|
||||||
|
|
Loading…
Reference in New Issue