mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-19 05:50:47 +00:00
docs(gateway): remove misleading Tailscale safety comparison
Changed 'When NOT to Use' section to avoid implying Tailscale is 'safer' than identity-aware proxies like Pomerium. Pomerium is a security-focused identity-aware proxy - it's not less safe than Tailscale, just a different approach (multi-user vs personal). Updated to focus on actual inappropriate use cases: - No authentication (TLS terminator only) - Bypass paths exist - Header handling uncertain - Single-user scenarios (where Tailscale may be simpler, not safer)
This commit is contained in:
Nick Taylor
committed by
Peter Steinberger
Peter Steinberger
parent
4aaae739b3
commit
cd77ee076f
@@ -20,10 +20,10 @@ Use `trusted-proxy` auth mode when:
|
||||
|
||||
## When NOT to Use
|
||||
|
||||
- If you can use `gateway.bind: "loopback"` with Tailscale Serve instead (simpler, safer)
|
||||
- If your proxy doesn't authenticate users (just a TLS terminator)
|
||||
- If there's any path to the Gateway that bypasses the proxy
|
||||
- If your proxy doesn't authenticate users (just a TLS terminator or load balancer)
|
||||
- If there's any path to the Gateway that bypasses the proxy (firewall holes, internal network access)
|
||||
- If you're unsure whether your proxy correctly strips/overwrites forwarded headers
|
||||
- If you only need personal single-user access (consider Tailscale Serve + loopback for simpler setup)
|
||||
|
||||
## How It Works
|
||||
|
||||
|
||||
Reference in New Issue
Block a user