Project

General

Profile

Actions

Feature #22613

open

Update install scripts/docs to enable external access to HTTP services in containers

Added by Tom Clegg about 1 month ago. Updated 25 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Deployment
Target version:
Story points:
-

Description

Wildcard DNS, wildcard TLS certificates, Nginx configuration, config entry with wildcard ExternalURL similar to Services.WebDAV.

To mitigate DNS rebinding attacks, controller routing code -- and any auto-generated/example Nginx configs -- should check that the requested URL matches the configured ExternalURL. Currently, controller routing code accepts {container-uuid}-{port}{anything}, which (assuming no protection from downstream proxies) is a DNS rebinding hazard.


Related issues 1 (1 open0 closed)

Related to Arvados Epics - Idea #17207: services running in containersIn Progress03/01/202506/30/2025Actions
Actions #1

Updated by Tom Clegg about 1 month ago

  • Related to Idea #17207: services running in containers added
Actions #2

Updated by Tom Clegg about 1 month ago

Some progress on 22613-http-proxy-docs

Actions #3

Updated by Tom Clegg 25 days ago

  • Description updated (diff)
Actions #4

Updated by Tom Clegg 25 days ago

  • Description updated (diff)
Actions

Also available in: Atom PDF