openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: default TRUST_PROXY to 1 for Docker+reverse-proxy setups (#46)

Browse Source 
With the previous default of 'loopback', Express ignored X-Forwarded-Proto
headers from Caddy/nginx when running in Docker (bridge IP, not loopback).
This caused req.secure=false, which made express-session silently drop the
session cookie on login - resulting in a 401 on every subsequent request.

Changing the default to 1 (trust one proxy hop) fixes this for all standard
Docker+reverse-proxy deployments without requiring manual configuration.
This commit is contained in:
Ulas
2026-04-14 09:04:06 +02:00
parent fa1b0d0603
commit 3f387b616e
5 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+4 -1
View File
@@ -13,7 +13,10 @@ services:
environment:
- NODE_ENV=production
- DB_PATH=/data/oikos.db
# Set to false when not using HTTPS/reverse proxy (direct HTTP access)
# Reverse proxy setup (Caddy, nginx, Traefik):
# - Remove SESSION_SECURE=false (default is true)
# - TRUST_PROXY is automatically set to 1 (trust one proxy hop)
# Direct HTTP access (no reverse proxy):
- SESSION_SECURE=false
healthcheck:
test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/health', r => process.exit(r.statusCode === 200 ? 0 : 1))"]