Project

General

Profile

Actions
Copy link

Feature #22613

open

Update install scripts/docs to enable external access to HTTP services in containers

Added by Tom Clegg 20 days ago. Updated 7 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Deployment
Target version:
Future
Story points:
-

Description

Wildcard DNS, wildcard TLS certificates, Nginx configuration, config entry with wildcard ExternalURL similar to Services.WebDAV.

To mitigate DNS rebinding attacks, controller routing code -- and any auto-generated/example Nginx configs -- should check that the requested URL matches the configured ExternalURL. Currently, controller routing code accepts {container-uuid}-{port}{anything}, which (assuming no protection from downstream proxies) is a DNS rebinding hazard.

Related issues 1 (1 open0 closed)

Related to Arvados Epics - Idea #17207: services running in containersIn Progress03/01/202506/30/2025Actions
Actions
Copy link
 #1

Updated by Tom Clegg 20 days ago

  • Related to Idea #17207: services running in containers added
Actions
Copy link
 #2

Updated by Tom Clegg 20 days ago

Some progress on 22613-http-proxy-docs

Actions
Copy link
 #3

Updated by Tom Clegg 7 days ago

  • Description updated (diff)
Actions
Copy link
 #4

Updated by Tom Clegg 7 days ago

  • Description updated (diff)
Actions
Copy link

Also available in: Atom PDF