gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

Updated Security Overview (markdown)

Chris Lu 2019-03-21 10:06:15 -07:00
parent e33780e859
commit 2ce4225c0f
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Security-Overview.md

@ -6,6 +6,20 @@ We will address the volume servers first. The following items are not covered, y
1. master server http REST services
1. filer server http REST services
In summary, here are what can be achieved.
Server | Service | Note
---|---|---
master | gRPC | secured by mutual TLS
volume | gRPC | secured by mutual TLS
filer | gRPC | secured by mutual TLS
master | http REST write | "weed master -httpReadOnly", disable http operations, only gRPC operations are allowed.
master | http REST read | unprotected, exposing the UI, and stats
filer | http REST write | "weed master -port.public", add port for read only
filer | http REST read | unprotected
volume | http REST write | set `jwt.signing.key` in `security.toml` in master and volume servers to check token for write operations
volume | http REST read | unprotected
# Generate `security.toml` file
See [[Security Configuration]]