Carefull with trusted_networks

just noticed I can login from anywhere without any password by using the trusted_networks as a auth_provider - since im using a reverse proxy and had 192.168.0.0/24 whitelisted …ups

Yeah need to make sure you pass through the real IP in your proxy.

You need to have use_x_forwarded_for and trusted_proxies set in http component

Technically if they know your IP range they may spoof their IP to get through even with that set I believe