eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Add caddy unauthorized ACME challenges problem to README

Browse source
This commit is contained in:
surfict 2024-06-24 11:54:01 +02:00
parent 6b62d0a982
commit 6718c18bd2
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
readme.md
View file

@ -824,3 +824,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano).
1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day.
1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
### Securing Your Caddy Instance from Unauthorized ACME Challenges
(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy, which handles automatic SSL certificate generation, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.