nginx config of standalone container allows proxying to arbitrary URLS

[scientress]

Describe the bug

The current configuration of nginx in the docker container allows proxying to any URL not just the configured backends in Z2M_API_URLS.
This could be used malicously in many ways by anyone with access to the web server of the container.
i.e to bypass a firewall and access internal ressources or to bypass ip based access control of other services.

I suggest to adding a script that generates a list of allowed proxy targets based on Z2M_API_URLS.
I can submitt a PR in the next couple days if wanted.

To Reproduce

• start docker container
• curl http://${webserver-host}:${webserver-port}/ws-proxy/www.google.com

Expected behavior

No response

Affected browsers

Firefox

Stacktrace

[Nerivec]

This is mitigated by the access requirement (or rather, the access would be the main problem in "malicious intent" scenario...).
But if you see a way to restrict this, feel free to submit a PR! (Has to be compatible with the various modes, including HA).