Oore CI

Appearance

oore external-access

Configure browser-facing External Access settings from the operator CLI.

Enable trusted-proxy mode

bash
oore external-access enable-trusted-proxy \
  --public-url https://oore.example.com \
  --proxy-cidr 100.107.126.166/32

This command applies the settings normally changed by separate API calls:

  • External Access public URL
  • allowed browser origins
  • trusted proxy identity header and CIDRs
  • instance preferences: runtime_mode=remote, remote_auth_mode=trusted_proxy, key_storage_mode=file

Flags

FlagEnv varRequiredDescription
--daemon-url <url>OORE_DAEMON_URLNoBackend daemon URL. Defaults to CLI config or http://127.0.0.1:8787.
--token <token>OORE_SESSION_TOKENNoOwner/admin session token. Defaults to stored CLI config.
--public-url <url>YesHTTPS URL users open in the browser.
--allowed-origin <url>NoAllowed browser origin. Repeatable. Defaults to --public-url.
--proxy-cidr <cidr>YesSource CIDR for the reverse proxy as seen by oored. Repeatable.
--user-email-header <header>NoHeader containing the authenticated email. Defaults to x-warpgate-username.
--shared-secret <secret>NoOptional proxy shared secret.
--jsonNoPrint raw API responses as JSON.

Warpgate example

bash
oore login --token "$TOKEN"

oore external-access enable-trusted-proxy \
  --public-url https://oore.zerodha.io \
  --proxy-cidr 100.107.126.166/32 \
  --user-email-header x-warpgate-username

After changing auth mode, existing sessions may be revoked. Sign in again through the Warpgate-protected URL.

Self-hosted mobile CI, built for Flutter.

Copyright © 2026 devaryakjha