TLS-enabled communication between intake client and intake server
Question
Within intake official documentation, it mention
Authorization plugins are classes that can be used to customize access permissions to the Intake catalog server. The Intake server and client communicate over HTTP, so when security is a concern, the most important step to take is to put a TLS-enabled reverse proxy (like nginx) in front of the Intake server to encrypt all communication .
Can you advise any example on how to implement nginx in front of intake server? What kind of nginx setup is required.
1 answers
solution1
0 2020-05-22 19:19:35
It would take a small amount of work to enable HTTPS directly in the Intake server - basically allowing the setting of certificates in this line (example args like https://stackoverflow.com/a/18307308/3821154 ).
However, while this is not available, you need SSL termination at a proxy; and you might need to make your own certificates. This is a common use for proxies, and you can find many guides like:
- https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-http/
- https://docs.traefik.io/routing/routers/#tls
These can be used in docker or any other isolated network - ie, that the port opened by Intake is only accessible internally, not from the outside world, and it's the proxy's port which is exposed.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.