swarm-dashboard icon indicating copy to clipboard operation
swarm-dashboard copied to clipboard

Published 20 hours ago verified publisher icon mohsenasm

SSL Support

Open damnedOperator opened this issue 5 years ago • 3 comments

Hi, SSL Support would be nice, as a deployment of the dashboard on an api host, reachable under a HSTS Domain won't be reachable because of HTTPS enforcement...

damnedOperator avatar Oct 09 '19 13:10 damnedOperator

I suggest putting the dashboard not on an exposed port. Instead use a reverse Proxy that enforces HTTPS like nginx and add some Auth in it. Putting the Dashboard on an open internet port is not the way to go, because if it gets compromised your swarm gets taken over.

PiecePaperCode avatar Nov 14 '20 12:11 PiecePaperCode

hi, i agree on disclosing information about swarm publicly is not so smart, but does the api really allows taking control of the swarm ?

rafipiccolo avatar Oct 13 '21 07:10 rafipiccolo

yes because the dashboard needs to run on a manager and needs to have acces to the docker socket on the manager. if it gets compromised the can add nodes or deploy own services on the swarm. its unlikly but possible. bedder hide it behind a password.

PiecePaperCode avatar Oct 13 '21 08:10 PiecePaperCode

Now we have this feature:

  • Using the ENABLE_AUTHENTICATION environment variable, there is an option to use Basic Auth. The WebSocket server will close the connection if it does not receive a valid authentication token.

  • Using the ENABLE_HTTPS environment variable, there is an option to use HTTPS and WSS. We have Let’s Encrypt integration with the DNS challenge using Lego.

mohsenasm avatar Oct 21 '23 14:10 mohsenasm