From 18cf9b892c046c0c456b695a71b19da236456fcb Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Fri, 14 Mar 2025 17:55:07 -0700
Subject: [PATCH] Limit the bind for the HTTPS server on 8443 to 127.0.0.1

---
 cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2 b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
index 6cda5f1bc..f5611d6c7 100644
--- a/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
+++ b/cmdeploy/src/cmdeploy/nginx/nginx.conf.j2
@@ -46,10 +46,7 @@ http {
 
 	server {
   
-		listen 8443 ssl default_server;
-		{% if not disable_ipv6 %}
-		listen [::]:8443 ssl default_server;
-		{% endif %}
+		listen 127.0.0.1:8443 ssl default_server;
 
 		root /var/www/html;