From 1ad8c0970df0859947b3d5a4b938a27f9f00723b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20K=C3=B6ssler?= Date: Tue, 28 Apr 2026 08:57:37 +0200 Subject: [PATCH] docs: Add ALLOWED_INTERNAL_IPS env var --- content/docs/configuration/env-variables.mdx | 21 ++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/content/docs/configuration/env-variables.mdx b/content/docs/configuration/env-variables.mdx index eb2b060..057d623 100644 --- a/content/docs/configuration/env-variables.mdx +++ b/content/docs/configuration/env-variables.mdx @@ -17,16 +17,17 @@ These environment variables can be used in both the agent and the hub. ## Hub -| Variable | Default Value | Recommended to change | Description | -| -------------------- | ------------- | --------------------- | ------------------------------------------------------------------------------------------------------- | -| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance | -| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` | -| `HOST` | `0.0.0.0 ` | no | Host address | -| `PORT` | `8080 ` | no | Container port | -| `DISABLE_LOCAL_AUTH` | `false ` | no | Disable password authentication. Useful when using SSO with OIDC | -| `TRUSTED_PROXIES` | `- ` | no | Recommended if using a reverse proxy. Comma seperated list of network origins | -| `DISABLE_UI` | `false ` | no | Disable serving the frontend. Useful when using the hub only for API access. | -| `DEMO` | `false ` | no | This mode disables all functions except the login and additionally seeds some demo data in the database | +| Variable | Default Value | Recommended to change | Description | +| ---------------------- | ------------- | --------------------- | ------------------------------------------------------------------------------------------------------------ | +| `APP_URL` | `-` | yes (required) | The URL of the OrcaCD instance | +| `APP_SECRET` | `-` | yes (required) | Secret used for authentication and encryption. Generate one with `openssl rand -base64 42` | +| `HOST` | `0.0.0.0` | no | Host address | +| `PORT` | `8080` | no | Container port | +| `DISABLE_LOCAL_AUTH` | `false` | no | Disable password authentication. Useful when using SSO with OIDC | +| `TRUSTED_PROXIES` | `-` | no | Recommended if using a reverse proxy. Comma seperated list of network origins | +| `DISABLE_UI` | `false` | no | Disable serving the frontend. Useful when using the hub only for API access. | +| `ALLOWED_INTERNAL_IPS` | `-` | no | Private IPs that should be ignored by the SSRF protection. Comma seperated list of CIDR ranges or single IPs | +| `DEMO` | `false` | no | This mode disables all functions except the login and additionally seeds some demo data in the database | ## Agent