From 5dfe0b755ab9ac5119f3e86b395e9de9d64ff96d Mon Sep 17 00:00:00 2001 From: "Simon L." Date: Mon, 24 Jun 2024 13:50:16 +0200 Subject: [PATCH] fix another typo Signed-off-by: Simon L. --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 58311da2..68ee09bf 100644 --- a/readme.md +++ b/readme.md @@ -826,4 +826,4 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`). ### Securing the AIO interface from unauthorized ACME challenges -(By design)[https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384], Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure. +[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.