what's the current best practice to lock down self-hosted instance for public access? #407

laur89 · 2025-09-30T00:40:28Z

laur89
Sep 30, 2025

What the title says. Want to be able to explicitly invite/whitelist people, but not allow anyone with the domain name to use the site.

Answered by krokosik

Oct 1, 2025

It depends on the providers you want to use. If you use email, you should set DISABLE_EMAIL_SIGNUP env var once all the users you want are signed up.

In case of OAuth providers, this should be handled inside of the providers as OAuth is specifically for delegating auth to an external provider.

View full answer

krokosik · 2025-10-01T19:02:33Z

krokosik
Oct 1, 2025
Maintainer

It depends on the providers you want to use. If you use email, you should set DISABLE_EMAIL_SIGNUP env var once all the users you want are signed up.

In case of OAuth providers, this should be handled inside of the providers as OAuth is specifically for delegating auth to an external provider.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

what's the current best practice to lock down self-hosted instance for public access? #407

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Uh oh!

what's the current best practice to lock down self-hosted instance for public access? #407

Uh oh!

laur89 Sep 30, 2025

Replies: 1 comment

Uh oh!

krokosik Oct 1, 2025 Maintainer

laur89
Sep 30, 2025

krokosik
Oct 1, 2025
Maintainer