You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .docker/README.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -94,7 +94,7 @@ Configure the application via `docker-compose.yml`:
94
94
|`CHARON_ENV`|`production`| Set to `development` for verbose logging (`CPM_ENV` supported for backward compatibility). |
95
95
|`CHARON_HTTP_PORT`|`8080`| Port for the Web UI (`CPM_HTTP_PORT` supported for backward compatibility). |
96
96
|`CHARON_DB_PATH`|`/app/data/charon.db`| Path to the SQLite database (`CPM_DB_PATH` supported for backward compatibility). |
97
-
|`CHARON_CADDY_ADMIN_API`|`http://localhost:2019`| Internal URL for Caddy API (`CPM_CADDY_ADMIN_API` supported for backward compatibility). |
97
+
|`CHARON_CADDY_ADMIN_API`|`http://localhost:2019`| Internal URL for Caddy API (`CPM_CADDY_ADMIN_API` supported for backward compatibility). Must resolve to an internal allowlisted host on port `2019`. |
98
98
|`CHARON_CADDY_CONFIG_ROOT`|`/config`| Path to Caddy autosave configuration directory. |
99
99
|`CHARON_CADDY_LOG_DIR`|`/var/log/caddy`| Directory for Caddy access logs. |
100
100
|`CHARON_CROWDSEC_LOG_DIR`|`/var/log/crowdsec`| Directory for CrowdSec logs. |
@@ -218,6 +218,8 @@ environment:
218
218
- CPM_CADDY_ADMIN_API=http://your-caddy-host:2019
219
219
```
220
220
221
+
If using a non-localhost internal hostname, add it to `CHARON_SSRF_INTERNAL_HOST_ALLOWLIST`.
222
+
221
223
**Warning**: Charon will replace Caddy's entire configuration. Backup first!
0 commit comments