Limit access to `/acme/auto` path

nginx / njs-acme

Nginx NJS module runtime to work with ACME providers like Let's Encrypt for automated no-reload TLS certificate issue/renewal.

Apache License 2.0

70 stars 11 forks source link

Limit access to `/acme/auto` path #31

Closed ivanitskiy closed 1 year ago

ivanitskiy commented 1 year ago

At the moment example config doesn't have any mentioning that users should limit access to /acme/auto to some IPs OR CIDRS (or use other means). With the current setup, everybody on the internet could trigger a renewal. We should just mention something like this somewhere in the README if possible.

Originally posted by @tippexs in https://github.com/nginxinc/njs-acme/issues/12#issuecomment-1670047302

tippexs commented 1 year ago

Thanks for the creation! More than happy to add an example to my fork and share a PR. Lmk.

ivanitskiy commented 1 year ago

seems like can be closed as done: https://github.com/nginx/njs-acme/pull/33

tippexs commented 1 year ago

Thanks @ivanitskiy

Will use the module in of my Proxies now and let you know how that goes. Have a good weekend.