Document Onion Services subdomain support for HTTP(S)
Currently there are a few references about the subdomain support for Onion Service sites (i.e. Onion Services using HTTP or HTTPS).
-
Write a section about how to handle subdomains under the Advanced Settings page. -
Enhance best practices documentation by pointing that Operators shall protect their configuration against subdomain testing, which can reveal server location in case of a misconfiguration, like a $random_string.$onion_domain.onion
being not catched by an ApacheServerAlias *.$onion_domain
and being directed to a default server page which identifiable information. That should be also included in the checklist as well.
Edited by Silvio Rhatto