monoadmin/the-other-dude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: WinBox tunnel bind address, port range, and proxy support

Browse Source 
- Bind tunnel listeners to 0.0.0.0 instead of 127.0.0.1 so tunnels
  are reachable through reverse proxies and container networks
- Reduce port range to 49000-49004 (5 concurrent tunnels)
- Derive WinBox URI host from request Host header instead of
  hardcoding 127.0.0.1, enabling use behind reverse proxies
- Add README security warning about default encryption keys

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Staack
2026-03-12 19:03:53 -05:00
parent acf1790bed
commit c2eea6847f
6 changed files with 28 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker-compose.override.yml
View File

@@ -82,7 +82,7 @@ services:
POLL_INTERVAL_SECONDS: 60
WIREGUARD_GATEWAY: wireguard
TUNNEL_PORT_MIN: 49000
TUNNEL_PORT_MAX: 49100
TUNNEL_PORT_MAX: 49004
TUNNEL_IDLE_TIMEOUT: 300
SSH_RELAY_PORT: 8080
SSH_IDLE_TIMEOUT: 900
@@ -90,7 +90,7 @@ services:
SSH_MAX_PER_USER: 10
SSH_MAX_PER_DEVICE: 20
ports:
- "127.0.0.1:49000-49100:49000-49100"
- "49000-49004:49000-49004"
ulimits:
nofile:
soft: 8192