[docs] encourage using loopback bind address (#1166)

docs/installation_guide/apache-httpd.md

@@ -44,6 +44,8 @@ sudoedit /gotosocial/config.yaml
 
 Then set `letsencrypt-enabled: false`.
 
+If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
+
 If GoToSocial is already running, restart it.
 
 ```bash

docs/installation_guide/caddy.md

@@ -49,6 +49,8 @@ In your GoToSocial config turn off Lets Encrypt by setting `letsencrypt-enabled`
 
 If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
 
+If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
+
 ## Set up Caddy
 
 We will configure Caddy 2 to use GoToSocial on our main domain example.org. Since Caddy takes care of obtaining the Lets Encrypt certificate, we only need to configure it properly once.

docs/installation_guide/nginx.md

@@ -38,6 +38,8 @@ In your GoToSocial config turn off letsencrypt by setting `letsencrypt-enabled`
 
 If you we running GoToSocial on port 443, change the `port` value back to the default `8080`.
 
+If the reverse proxy will be running on the same machine, set the `bind-address` to `"localhost"` so that the GoToSocial server is only accessible via loopback. Otherwise it may be possible to bypass your proxy by connecting to GoToSocial directly, which might be undesirable.
+
 ## Set up NGINX
 
 First we will set up NGINX to serve GoToSocial as unsecured http and then use Certbot to automatically upgrade it to serve https.