Commit 5fd73ad
feat(server): allow plain HTTP on non-loopback via ARBOR_ALLOW_PLAINTEXT=1
ARBOR_ALLOW_PLAINTEXT=1 now bypasses the loopback-only check in addition
to the cert-not-found check. This lets users bind to a VPN interface
(e.g. WireGuard 10.x.x.x) with plain HTTP when the tunnel itself
provides confidentiality, without needing a self-signed certificate.
A WARNING is printed at startup; the error message for the default
(unset) case now mentions ARBOR_ALLOW_PLAINTEXT=1 as the escape hatch.
Documented in arbor.env.example under the VPN / private network section.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent f4598f6 commit 5fd73ad
3 files changed
Lines changed: 23 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
29 | 29 | | |
30 | 30 | | |
31 | 31 | | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
32 | 39 | | |
33 | 40 | | |
34 | 41 | | |
35 | 42 | | |
36 | | - | |
| 43 | + | |
| 44 | + | |
37 | 45 | | |
38 | 46 | | |
39 | 47 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
3 | 4 | | |
| 5 | + | |
4 | 6 | | |
5 | 7 | | |
6 | 8 | | |
| |||
146 | 148 | | |
147 | 149 | | |
148 | 150 | | |
| 151 | + | |
| 152 | + | |
| 153 | + | |
| 154 | + | |
| 155 | + | |
| 156 | + | |
149 | 157 | | |
150 | 158 | | |
151 | 159 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
14 | 20 | | |
15 | 21 | | |
16 | 22 | | |
| |||
0 commit comments