Closed hikari-no-yume closed 1 year ago
Similarly, with a docker + nginx reverse proxy setup, having this in docker-compose helps:
ports:
- "127.0.0.1:8080:8080"
I'm happy to make a pull request myself to address this, I just wanted to check first whether this was intended somehow or if there's some reason people might object.
Sounds good! Thanks for pointing this out :)
@hikari-no-yume FYI I did the docker part of this as part of https://github.com/superseriousbusiness/gotosocial/pull/1127
Made a pull request now: https://github.com/superseriousbusiness/gotosocial/pull/1166
The PR got merged. Thank you :)
Hi. I just set up a GoToSocial server in a reverse-proxy configuration. I noticed there isn't a mention in the config example of the difference between binding to
0.0.0.0
/[::]
and127.0.0.1
/[::1]
/localhost
:https://github.com/superseriousbusiness/gotosocial/blob/4a9538593c6110b5972d802aebf1c4990edafe38/example/config.yaml#L77-L84
Likewise I didn't see it mentioned in the reverse proxy guide for nginx.
So far as I know, if you use
0.0.0.0
(IPv4) or[::]
(IPv6), your server will usually become directly accessible from the public internet. That's the ideal in a normal configuration, but if you're using a reverse proxy running on the same host, then this is a liability, because now someone can access the server without going via the proxy.I am thinking that it would be good to suggest using
localhost
,127.0.0.1
(IPv4) or[::1]
(IPv6) instead, which makes the server only accessible via loopback, in order to avoid this issue. I'm using127.0.0.1
on my server and it seems to work.I'm happy to make a pull request myself to address this, I just wanted to check first whether this was intended somehow or if there's some reason people might object.
P.S. I really like this project! It's exactly the lightweight, easy-to-run server I was hoping for.