SSL Support

Question

SSL Support

damnedOperator opened this issue 5 years ago · comments

Hi, SSL Support would be nice, as a deployment of the dashboard on an api host, reachable under a HSTS Domain won't be reachable because of HTTPS enforcement...

Marcos Gamez · Answer 1 · Sat Nov 14 2020 20:47:12 GMT+0800 (China Standard Time)

I suggest putting the dashboard not on an exposed port. Instead use a reverse Proxy that enforces HTTPS like nginx and add some Auth in it.
Putting the Dashboard on an open internet port is not the way to go, because if it gets compromised your swarm gets taken over.

Raphael Piccolo · Answer 2 · Wed Oct 13 2021 15:20:22 GMT+0800 (China Standard Time)

hi, i agree on disclosing information about swarm publicly is not so smart, but does the api really allows taking control of the swarm ?

Marcos Gamez · Answer 3 · Wed Oct 13 2021 16:46:05 GMT+0800 (China Standard Time)

yes because the dashboard needs to run on a manager and needs to have acces to the docker socket on the manager. if it gets compromised the can add nodes or deploy own services on the swarm. its unlikly but possible. bedder hide it behind a password.

Mohammad-Mohsen Aseman-Manzar · Answer 4 · Sat Oct 21 2023 22:56:08 GMT+0800 (China Standard Time)

Now we have this feature:

Using the ENABLE_AUTHENTICATION environment variable, there is an option to use Basic Auth. The WebSocket server will close the connection if it does not receive a valid authentication token.
Using the ENABLE_HTTPS environment variable, there is an option to use HTTPS and WSS. We have Let’s Encrypt integration with the DNS challenge using Lego.