blumeops

History

Erich Blume d2da346ac0 Harden Forgejo for public access: domain, proxy trust, registration lockdown - Set forgejo_domain to forge.eblu.me (public URL in clone URLs) - Set forgejo_ssh_domain to forge.ops.eblu.me (SSH stays tailnet-only) - Add REVERSE_PROXY_LIMIT=2, REVERSE_PROXY_TRUSTED_PROXIES=* for correct client IP logging through Fly.io + Tailscale proxy chain - Enable ALLOW_ONLY_EXTERNAL_REGISTRATION to block local signups Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 07:50:25 -08:00
..
main.yml	Harden Forgejo for public access: domain, proxy trust, registration lockdown	2026-03-03 07:50:25 -08:00

Erich Blume d2da346ac0 Harden Forgejo for public access: domain, proxy trust, registration lockdown

- Set forgejo_domain to forge.eblu.me (public URL in clone URLs)
- Set forgejo_ssh_domain to forge.ops.eblu.me (SSH stays tailnet-only)
- Add REVERSE_PROXY_LIMIT=2, REVERSE_PROXY_TRUSTED_PROXIES=* for
  correct client IP logging through Fly.io + Tailscale proxy chain
- Enable ALLOW_ONLY_EXTERNAL_REGISTRATION to block local signups

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-03 07:50:25 -08:00

main.yml

Harden Forgejo for public access: domain, proxy trust, registration lockdown

2026-03-03 07:50:25 -08:00