Clarify private deployment hardening docs
Document safer defaults and deployment guidance for network-accessible Odysseus installs. The guidance emphasizes keeping auth enabled, disabling localhost bypass outside development, using secure cookies for HTTPS/reverse-proxy deployments, and exposing only the authenticated Odysseus entrypoint through a trusted proxy or private access layer. Also clarify that bundled services, databases, vector stores, notification services, and raw model/provider APIs should remain internal-only. This is documentation and config-example only. It does not change runtime behavior.
This commit is contained in:
Alexandre Teixeira
committed by
GitHub
GitHub
parent
eda99360d1
commit
e129378014
@@ -59,6 +59,10 @@ SEARXNG_INSTANCE=http://localhost:8080
|
||||
# Keep false for Docker, LAN, reverse proxy, and any shared deployment.
|
||||
# LOCALHOST_BYPASS=false
|
||||
|
||||
# Mark session cookies Secure. Set true when Odysseus is served through HTTPS
|
||||
# by a trusted reverse proxy or private access gateway.
|
||||
# SECURE_COOKIES=true
|
||||
|
||||
# Optional: pre-seed the first admin password during setup.
|
||||
# Do not commit a real password.
|
||||
# ODYSSEUS_ADMIN_PASSWORD=change_me_before_first_boot
|
||||
|
||||
Reference in New Issue
Block a user