fix(config): secure-by-default loopback bind and startup-error logging
- Default `host: 127.0.0.1` in config.example.yaml; require explicit api_tokens or `allow_lan_without_auth: true` before binding LAN. - Mirror pre-uvicorn fatal errors to startup-errors.log in the config dir so silent boot failures via wscript/pythonw are diagnosable. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
+10
-3
@@ -1,7 +1,13 @@
|
||||
# Media Server Configuration
|
||||
# Copy this file to config.yaml and customize as needed.
|
||||
# By default, authentication is DISABLED (no tokens = open access).
|
||||
# To enable auth, uncomment and configure the api_tokens section below.
|
||||
#
|
||||
# Secure-by-default: the server binds to loopback (127.0.0.1) only and refuses
|
||||
# to bind a non-loopback address with no tokens configured.
|
||||
#
|
||||
# To expose on the LAN you must do ONE of:
|
||||
# 1. Configure api_tokens below AND change host to "0.0.0.0", OR
|
||||
# 2. Set `allow_lan_without_auth: true` (LAN-open, no auth — insecure on
|
||||
# hostile networks, only acceptable on a trusted home LAN).
|
||||
|
||||
# API Tokens - Multiple tokens with friendly labels
|
||||
# This allows you to identify which client is making requests in the logs
|
||||
@@ -11,8 +17,9 @@
|
||||
# web_ui: "your-web-ui-token-here"
|
||||
|
||||
# Server settings
|
||||
host: "0.0.0.0"
|
||||
host: "127.0.0.1"
|
||||
port: 8765
|
||||
# allow_lan_without_auth: true # uncomment + change host to 0.0.0.0 for LAN-open mode
|
||||
|
||||
# Custom scripts
|
||||
scripts:
|
||||
|
||||
Reference in New Issue
Block a user