added basic caddy rate limits
This commit is contained in:
@@ -9,6 +9,6 @@
|
||||
| 5 | High | `scripts/restore.sh:68` | `psql -U nextcloud` hardcodes DB username instead of reading from env | DONE |
|
||||
| 6 | High | `scripts/deploy.sh:13` | `source .env` in a root-privileged script can execute arbitrary commands. Consider safer parsing or variable validation | DONE |
|
||||
| 7 | Medium | `monitoring/docker-compose.yml` | Docker socket + `/proc` + `/sys` + `/` mounted into Alloy container. Consider using a Docker socket proxy to limit API access | DONE |
|
||||
| 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | TODO |
|
||||
| 8 | Medium | `caddy/Caddyfile` | No rate limiting configured at the reverse proxy layer | DONE |
|
||||
| 9 | Low | `gitea/docker-compose.yml` | `gitea/gitea:latest-rootless` unpinned — pin to specific version like Nextcloud does | TODO |
|
||||
| 10 | Low | `monitoring/docker-compose.yml` | `grafana/alloy:latest` unpinned — pin to specific version | TODO |
|
||||
|
||||
Reference in New Issue
Block a user