Secure your deployment: By default, Toolbox uses HTTP
and runs on all hosts (--allowed-hosts) and all origins
(--allowed-origins). While convenient, this is
insecure and could expose you to unauthorized access of
your toolbox instances. Please review the example under reference/cli to
secure your instances.
Note: The server issues a warning in the logs if these are set to the wildcard *.
--allowed-hosts flag to specify a list of hosts for validation.
command: ["--config", "/config/tools.yaml", "--address", "0.0.0.0", "--allowed-hosts", "localhost:5000"]--allowed-origins flag to specify a list of origins permitted to access the server.
command: ["--config", "/config/tools.yaml", "--address", "0.0.0.0", "--allowed-origins", "https://foo.bar"]--tls-cert and --tls-key flags to secure your connection.
command: ["--config", "/config/tools.yaml", "--address", "0.0.0.0", "--tls-cert", "cert.pem", "--tls-key", "key.pem"]