openclaw/oikos
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: default TRUST_PROXY to 1 for Docker+reverse-proxy setups (#46)

Browse Source 
With the previous default of 'loopback', Express ignored X-Forwarded-Proto
headers from Caddy/nginx when running in Docker (bridge IP, not loopback).
This caused req.secure=false, which made express-session silently drop the
session cookie on login - resulting in a 401 on every subsequent request.

Changing the default to 1 (trust one proxy hop) fixes this for all standard
Docker+reverse-proxy deployments without requiring manual configuration.
This commit is contained in:
Ulas
2026-04-14 09:04:06 +02:00
parent fa1b0d0603
commit 3f387b616e
5 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/docker-compose.portainer.yml
+4 -1
View File
@@ -31,8 +31,11 @@ services:
- DB_PATH=/data/oikos.db
- SESSION_SECRET=${SESSION_SECRET:?Set SESSION_SECRET in .env}
- DB_ENCRYPTION_KEY=${DB_ENCRYPTION_KEY:?Set DB_ENCRYPTION_KEY in .env}
# Set to true when behind a reverse proxy with HTTPS
# Set to true when behind a reverse proxy with HTTPS (Caddy, nginx, Traefik)
- SESSION_SECURE=${SESSION_SECURE:-false}
# Trust proxy hops (default: 1 for Docker+reverse-proxy setups)
# Set to 'loopback' if running without a reverse proxy
- TRUST_PROXY=${TRUST_PROXY:-1}
# Weather (optional)
- OPENWEATHER_API_KEY=${OPENWEATHER_API_KEY:-}
- OPENWEATHER_CITY=${OPENWEATHER_CITY:-Berlin}