From 9a24dd11ad5ea2c8970126a64e38d986299fa460 Mon Sep 17 00:00:00 2001 From: Fizzlepoof Date: Fri, 22 May 2026 02:40:03 +0000 Subject: [PATCH] Fix Gluetun web UI auth and LAN binding --- search/.env.example | 8 +++++++- search/docker-compose.yaml | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/search/.env.example b/search/.env.example index 0561453..2ea55e5 100644 --- a/search/.env.example +++ b/search/.env.example @@ -9,9 +9,15 @@ SEARXNG_BASE_URL=http://10.5.1.6:8888/ FIRECRAWL_PORT=3302 FIRECRAWL_INTERNAL_PORT=3002 -# Keep the Gluetun control UI localhost-only by default. Reverse proxy later if desired. +# Gluetun control UI LAN bind. Keep it on the PD LAN IP, not 0.0.0.0. +GLUETUN_WEBUI_BIND_ADDRESS=10.5.1.6 GLUETUN_WEBUI_PORT=8390 +# Gluetun HTTP control API auth for the web UI. +# Generate a real key for the live .env and keep only placeholders in git. +GLUETUN_CONTROL_API_KEY=replace-me-with-a-22-char-base58-key +HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE={"auth":"apikey","apikey":"replace-me-with-a-22-char-base58-key"} + # Firecrawl runtime tuning USE_DB_AUTHENTICATION=false NUM_WORKERS_PER_QUEUE=4 diff --git a/search/docker-compose.yaml b/search/docker-compose.yaml index 9c305ff..896bf43 100644 --- a/search/docker-compose.yaml +++ b/search/docker-compose.yaml @@ -37,6 +37,7 @@ services: - VPN_TYPE=wireguard - WIREGUARD_CONF_SECRETFILE=/run/secrets/wg0.conf - HTTP_CONTROL_SERVER_ADDRESS=:8000 + - HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE=${HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE} - HTTP_CONTROL_SERVER_LOG=on - FIREWALL_OUTBOUND_SUBNETS=${FIREWALL_OUTBOUND_SUBNETS:-10.5.0.0/16,172.16.0.0/12,192.168.0.0/16} - UPDATER_PERIOD=24h @@ -52,9 +53,10 @@ services: depends_on: - search-gluetun ports: - - "127.0.0.1:${GLUETUN_WEBUI_PORT:-8390}:3000" + - "${GLUETUN_WEBUI_BIND_ADDRESS:-10.5.1.6}:${GLUETUN_WEBUI_PORT:-8390}:3000" environment: - GLUETUN_CONTROL_URL=http://search-gluetun:8000 + - GLUETUN_API_KEY=${GLUETUN_CONTROL_API_KEY} - PORT=3000 networks: - search_internal