网络安全配置：loopback + trusted-proxy 共存配置的落地步骤

• You already terminate traffic through a trusted tunnel/reverse proxy that can inject auth headers.
• You can inspect gateway config and perform controlled restart/rollback.

1. Upgrade to a build that includes PR #20099 and verify binary/service version in staging.
2. Set gateway bind to loopback and keep auth mode as trusted-proxy, then restart gateway.
3. Send requests through proxy/tunnel path only; confirm direct LAN access to gateway is blocked.
4. Run a reconnect test cycle (restart tunnel + gateway) to validate stable handshake recovery.

• If setup wizard still rewrites bind values in your version, manually review final config file after onboarding（需验证）.
• Misconfigured proxy trust rules may expose loopback-only assumptions; test from untrusted network segments.

This tip is aggregated from community/public sources and preserved with attribution.