⚙️ Winget-Repo Server Settings Overview
This document describes the configuration options available in the Winget-Repo Server Settings panel.
🔧 Server Settings Table
| Name | Description |
|---|---|
| Server Name (Max. 12) | Sets the name of your Winget server (max 12 characters). Appears in the UI. |
| Winget-Client Versions | Lists the compatible Winget client versions separated by commas. |
| Client Authentication | Enables client-side authentication for secure access. |
| DNS Server | IP address of the DNS server used for client resolution and authentication. |
| Domain Suffix | The DNS suffix applied to clients during authentication. (e.g. fritz.box) |
| Enable Terms of Service | If enabled, the Winget client will require the user to accept the Terms of Service before interacting with the repo. |
| Enable Package Store (Internet required) | Enables online package store integration (requires internet access). |
| IP Restriction | Restricts access to specific IPv4/IPv6 addresses, ranges, or subnets. |
| Winget pre-indexed Source | If enabled, the WinGet REST source and client authentication will no longer function. Instead, you can add the winget repository in the same way as the official Microsoft WinGet repository. |
| Use Reverse Proxy (X-Headers) | Reads the client's real IP address and domain from the X-Forwarded-For and X-Forwarded-Host headers, which a reverse proxy (e.g. Nginx or Traefik) sets instead of the application receiving them directly. |
| Use DNS validation with client authentication | Allows the client authentication to check your client against the DNS for extra security |
🛡️ IP Restriction
The IP restriction system validates incoming requests based on the client's IP address. You can define a whitelist using various formats.
Supported Formats
The system is flexible and supports the following notations:
- Default (No Restriction): * Value:
DEFAULT- Allows all IP addresses.
- Single IP Addresses: * Example:
192.168.1.1or2001:db8::1 - IP Ranges (Hyphenated): * Example:
192.168.1.1 - 192.168.1.100- Note: Start and end IP must be of the same version (IPv4 or IPv6).
- CIDR Notation (Subnets): * Example:
10.0.0.0/24or2001:db8::/32
Configuration Rules
- Separators: Use a comma (
,) or a semicolon (;) to separate multiple entries. - Case Sensitivity: The
DEFAULTkeyword is case-insensitive. - Validation: Any client IP not matching the defined rules will be denied access automatically.
💡 Technical Notes
- Client Authentication: We strongly recommend enabling this alongside IP restrictions for a multi-layered security approach.
- Ensure the DNS Server and Domain Suffix match your internal network setup.