gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

Updated Security Overview (markdown)

Chris Lu 2019-03-21 10:06:15 -07:00
parent e33780e859
commit 2ce4225c0f
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
Security-Overview.md

@ -6,6 +6,20 @@ We will address the volume servers first. The following items are not covered, y
1. master server http REST services 1. master server http REST services
1. filer server http REST services 1. filer server http REST services
In summary, here are what can be achieved.
Server | Service | Note
---|---|---
master | gRPC | secured by mutual TLS
volume | gRPC | secured by mutual TLS
filer | gRPC | secured by mutual TLS
master | http REST write | "weed master -httpReadOnly", disable http operations, only gRPC operations are allowed.
master | http REST read | unprotected, exposing the UI, and stats
filer | http REST write | "weed master -port.public", add port for read only
filer | http REST read | unprotected
volume | http REST write | set `jwt.signing.key` in `security.toml` in master and volume servers to check token for write operations
volume | http REST read | unprotected
# Generate `security.toml` file # Generate `security.toml` file
See [[Security Configuration]] See [[Security Configuration]]