Actions
Feature #22613
openUpdate install scripts/docs to enable external access to HTTP services in containers
Story points:
-
Description
Wildcard DNS, wildcard TLS certificates, Nginx configuration, config entry with wildcard ExternalURL similar to Services.WebDAV.
To mitigate DNS rebinding attacks, controller routing code -- and any auto-generated/example Nginx configs -- should check that the requested URL matches the configured ExternalURL. Currently, controller routing code accepts {container-uuid}-{port}{anything}, which (assuming no protection from downstream proxies) is a DNS rebinding hazard.
Updated by Tom Clegg about 1 month ago
- Related to Idea #17207: services running in containers added
Actions