Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #73 from naturallaw777/copilot/remove-unnecessary-port-exposure

Browse Source 
Security: restrict RTL, Hub, and Mempool to LAN-only access
This commit is contained in:
Sovran_Systems
2026-04-05 09:33:52 -05:00
committed by GitHub
parent 8dc3066f06 7c047a16b7
commit c42962f6da
2 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/core/caddy.nix
View File

@@ -156,7 +156,7 @@ EOF
# RTL (LAN access) # RTL (LAN access)
cat >> /run/caddy/Caddyfile <<EOF cat >> /run/caddy/Caddyfile <<EOF
:3051 { http://127.0.0.1:3051, http://sovransystemsos.local:3051 {
reverse_proxy :3050 reverse_proxy :3050
encode gzip zstd encode gzip zstd
} }
@@ -165,7 +165,7 @@ EOF
# Mempool (LAN access) # Mempool (LAN access)
cat >> /run/caddy/Caddyfile <<EOF cat >> /run/caddy/Caddyfile <<EOF
:60847 { http://127.0.0.1:60847, http://sovransystemsos.local:60847 {
reverse_proxy :60845 reverse_proxy :60845
encode gzip zstd encode gzip zstd
} }

1
modules/core/sovran-hub.nix
View File

@@ -293,6 +293,5 @@ in
}; };
}; };
networking.firewall.allowedTCPPorts = [ 3051 8937 60847 ];
}; };
} }