let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update protocol + security notes

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-20 12:20:20 +00:00
parent 409a16060b
commit 06c17a333e
7 changed files with 28 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/gateway/remote.md
View File

@@ -114,6 +114,7 @@ Short version: **keep the Gateway loopback-only** unless youre sure you need
- **Loopback + SSH/Tailscale Serve** is the safest default (no public exposure).
- **Non-loopback binds** (`lan`/`tailnet`/`auto`) must use auth tokens/passwords.
- `gateway.remote.token` is **only** for remote CLI calls — it does **not** enable local auth.
- `gateway.remote.tlsFingerprint` pins the remote TLS cert when using `wss://`.
- **Tailscale Serve** can authenticate via identity headers when `gateway.auth.allowTailscale: true`.
Set it to `false` if you want tokens/passwords instead.
- Treat `browser.controlUrl` like an admin API: tailnet-only + token auth.