olivier/stupid-simple-network-inventory
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ajout de BIND_ADDRESS pour le déploiement derrière un reverse-proxy distant

Browse Source 
Permet de restreindre l'écoute à l'interface réseau exposée au reverse-proxy,
sans toucher aux interfaces non concernées (ex. loopback, interfaces LAN).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Olivier
2026-05-17 09:35:30 +02:00
parent 448160ef0a
commit af2a01b169
3 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
+12
View File
@@ -34,6 +34,18 @@ INITIAL_ADMIN_PASSWORD=
# ALLOWED_ORIGINS= (empty — disables CORS headers)
ALLOWED_ORIGINS=*
# ── Bind address ─────────────────────────────────────────────────────────────
# IP address the application listens on (port 8080).
# Default: 0.0.0.0 (all interfaces).
# Set to the IP of the interface facing the reverse proxy when the reverse proxy
# runs on a separate machine — avoids exposing the app on unintended interfaces.
#
# Examples:
# BIND_ADDRESS=0.0.0.0 (default — all interfaces)
# BIND_ADDRESS=192.168.1.10 (LAN interface only)
# BIND_ADDRESS=127.0.0.1 (loopback — reverse proxy on the same host)
BIND_ADDRESS=0.0.0.0
# ── Container user IDs ───────────────────────────────────────────────────────
# UID and GID used to run the backend process inside the container.
# Must match the host user owning ./db_data/ to allow read/write on the
README.md
+1
View File
@@ -70,6 +70,7 @@ All configuration is via environment variables. See `.env.example` for the full
| `SECRET_KEY` | auto-generated | JWT signing key. Set explicitly in production. |
| `INITIAL_ADMIN_PASSWORD` | _(empty)_ | Bootstrap admin password. If unset, `admin/admin` is used with forced change. |
| `ALLOWED_ORIGINS` | `*` | CORS allowed origins (comma-separated). Set to your domain in production. |
| `BIND_ADDRESS` | `0.0.0.0` | IP address to listen on. Set to the interface facing the reverse proxy. |
| `DOCKER_UID` / `DOCKER_GID` | `1000` | UID/GID for the backend process. Must match the host user owning `./db_data/`. |
### Using .env with Docker Compose
docker-compose.yml
+1 -1
View File
@@ -43,7 +43,7 @@ services:
frontend:
build: ./frontend
ports:
- "8080:8080"
- "${BIND_ADDRESS:-0.0.0.0}:8080:8080"
cap_drop:
- ALL
security_opt: