Feature #22613
Updated by Tom Clegg 26 days ago
Wildcard DNS, wildcard TLS certificates, Nginx configuration, config entry with wildcard ExternalURL similar to Services.WebDAV.
To mitigate DNS rebinding attacks, controller routing code -- and any auto-generated/example Nginx configs -- should check that the requested URL matches the configured ExternalURL. Currently, controller routing code accepts {container-uuid}-{port}{anything}, which (assuming no protection from downstream proxies) is a DNS rebinding hazard.