Any & all sub domains point to admin login page

My YunoHost server

Hardware: VPS bought online
YunoHost version: 11.0.9.9
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

My yunohost main domain install is at yunohost.mysuperdomain.com
It works all fine and correct since many months now but I notice a rather worrying issue.

When I try to access any subdomains I get a few errors for self-signed certificates and then I end up at the admin login page /yunohost/admin

For an example if I try veryrandomchar.mysuperdomain.com , it does load the page to the admin page login.

Issue is that first the domain veryrandomchar.mysuperdomain.com doesn’t exist anywhere in my DNS configuration and second I don’t want to give so much access to my admin login page.

Is this a bug, a feature or specific issue with my server ?

I really think it exists in your DNS conf, but not as the full random name, as a jocker *. You can change this by defining only the required domains/sub-domains.
If you want to block this behavior (admin accessible via all subdomains), I’m 100% sure it is somewhere on the forum (no idea where).

1 Like

Thanks @Mamie, I understand your answer :pray:

This is a feature of yunohost to add by default a DNS configuration to accept a wildcard on all sub-domains systematically ?

I do believe it is a bug.

The issue is that :

  • if you recommend people to add a wildcard, you end up with the issue you’re describing
  • if you don’t, everytime the user needs to add a new subdomain (for example to install an app that does need a dedicated (sub)domain), then you’ll also need to add the corresponding A record in the DNS and this is boring as hell

There are some ways to improve both situations but they have some other caveats or require developments

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.