Decouple Django CSRF, ALLOWED_HOST settings for more complex setups

- Set KHOJ_ALLOWED_DOMAIN to the domain that Khoj is accessible on from the host machine. This can be the internal i.p or domain of the host machine. It can be used by your load balancer/reverse_proxy to access Khoj. For example, if the load balancer service is in the khoj docker network, KHOJ_DOMAIN will be `server' (i.e service name). - Set KHOJ_DOMAIN to your externally accessible DOMAIN or I.P to avoid CSRF trusted origin or unset cookie issue when trying to access the khoj admin panel. Resolves #1114
2026-03-02 13:18:18 +00:00 · 2025-01-28 16:10:21 +07:00
parent bb0828b887
commit 5a3c7b145a
3 changed files with 16 additions and 4 deletions
--- a/documentation/docs/get-started/setup.mdx
+++ b/documentation/docs/get-started/setup.mdx
@@ -283,9 +283,14 @@ Go to http://localhost:42110/server/admin and login with the admin credentials y
 Ensure you are using **localhost, not 127.0.0.1**, to access the admin panel to avoid the CSRF error.
 :::

+:::info[CSRF Trusted Origin or Unset Cookie Error]
+If using a load balancer/reverse_proxy in front of your Khoj server: Set the environment variable KHOJ_ALLOWED_DOMAIN=your-internal-ip-or-domain to avoid this error.
+If unset, it defaults to KHOJ_DOMAIN.
+:::
+
 :::info[DISALLOWED HOST or Bad Request (400) Error]
 You may hit this if you try access Khoj exposed on a custom domain (e.g. 192.168.12.3 or example.com) or over HTTP.
-Set the environment variables KHOJ_DOMAIN=your-domain and KHOJ_NO_HTTPS=True if required to avoid this error.
+Set the environment variables KHOJ_DOMAIN=your-external-ip-or-domain and KHOJ_NO_HTTPS=True if required to avoid this error.
 :::

 :::tip[Note]