How to secure :9090 endpoints

mesosphere / marathon-lb

Marathon-lb is a service discovery & load balancing tool for DC/OS

Apache License 2.0

450 stars 300 forks source link

How to secure :9090 endpoints #445

Open krzkaczor opened 7 years ago

krzkaczor commented 7 years ago

I wonder how to secure haproxy. For example I would like to use basic auth to limit access to some :9090. It's super weird that with default config for this project anyone can access getconfig.

Of course I could override whole HAPROXY_HEAD label but this seems a little bit odd (i need to keep super long string in my config to keep all defaults). Another idea would be to block access limit access via iptables.

Am I missing something?

junneyang commented 5 years ago

paambaati commented 5 years ago

@krzkaczor Modifying the HAPROXY_HEAD template is the intended method to do this. Are there specific challenges you're facing in setting up authentication?

rfvbkm commented 4 years ago

You can just close external access to port 9090