mirror of
1
Fork 0

[docs] encourage using loopback bind address (#1166)

This commit is contained in:
Andrea 2022-12-07 21:50:37 +01:00 committed by GitHub
parent 199b685f43
commit 923d333823
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 6 deletions

View File

@ -64,9 +64,11 @@ protocol: "https"
# String. Address to bind the GoToSocial server to. # String. Address to bind the GoToSocial server to.
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. # This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
# Default value will bind to all interfaces. # The default value will bind to all interfaces, which makes the server
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or # accessible by other machines. For most setups there is no need to change this.
# you have specific networking requirements. # If you are using GoToSocial in a reverse proxy setup with the proxy running on
# the same machine, you will want to set this to "localhost" or an equivalent,
# so that the proxy can't be bypassed.
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
# Default: "0.0.0.0" # Default: "0.0.0.0"
bind-address: "0.0.0.0" bind-address: "0.0.0.0"

View File

@ -44,6 +44,8 @@ sudoedit /gotosocial/config.yaml
Then set `letsencrypt-enabled: false`. Then set `letsencrypt-enabled: false`.
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
If GoToSocial is already running, restart it. If GoToSocial is already running, restart it.
```bash ```bash

View File

@ -49,6 +49,8 @@ In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled`
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`. If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
## Set up Caddy ## Set up Caddy
We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once. We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once.

View File

@ -38,6 +38,8 @@ In your GoToSocial config turn off letsencrypt by setting `letsencrypt-enabled`
If you we running GoToSocial on port 443, change the `port` value back to the default `8080`. If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
## Set up NGINX ## Set up NGINX
First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https. First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https.

View File

@ -76,9 +76,11 @@ protocol: "https"
# String. Address to bind the GoToSocial server to. # String. Address to bind the GoToSocial server to.
# This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname. # This can be an IPv4 address or an IPv6 address (surrounded in square brackets), or a hostname.
# Default value will bind to all interfaces. # The default value will bind to all interfaces, which makes the server
# You probably won't need to change this unless you're setting GoToSocial up in some fancy way or # accessible by other machines. For most setups there is no need to change this.
# you have specific networking requirements. # If you are using GoToSocial in a reverse proxy setup with the proxy running on
# the same machine, you will want to set this to "localhost" or an equivalent,
# so that the proxy can't be bypassed.
# Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"]
# Default: "0.0.0.0" # Default: "0.0.0.0"
bind-address: "0.0.0.0" bind-address: "0.0.0.0"