Closed smortexa closed 7 months ago
No, this is a very bad idea.
The admin endpoint should never be publicly accessible. Otherwise, an attacker could change your server's config and make it do whatever they want.
Many servers don't have firewalls blocking all ports by default, so listening to all interfaces here would be a huge security vulnerability (essentially a guarantee that your server will be compromised).
What you should do if you need to access the admin API is to change your Caddyfile yourself (copy it and modify it). Or alternatively you can use an SSH tunnel to access it (which can mimic the client being on the same machine).
If the admin endpoint is opened up publicly, you should at least configure mTLS authentication to protect it.
So, I think I probably should communicate with Caddy admin APIs (such as /metrics
) through Laravel.
Or use the metrics
directive to expose it on any site in Caddy: https://caddyserver.com/docs/caddyfile/directives/metrics
Currently, Caddy admin APIs are not accessible from outside of container. This PR allows accessing Caddy admin APIs inside a container by listening on all interfaces.