Comments (9)
The TLS authentication for etcd
is usually bidirectional, but cosocket is not supported now, but fortunately, there is currently a PR in progress.
we need to fix this first: openresty/lua-nginx-module#997
from apisix.
The TLS authentication is important for auth between end to end, not just for etcd.
from apisix.
based on this PR: openresty/lua-nginx-module#1599, we can do more things about auth between end to end.
from apisix.
Hi, I believe that we don't need to support the TLS or the priority of this requirement is not high or even a pseudo-demand. TLS/HTTPS solved the risk of data being hijacked at WAN. APISIX usually access etcd via LAN, and messages in the LAN usually do not need to be considered for hijacking.
If we need to access etcd via the WAN, encryption methods such as TLS are necessary.
from apisix.
Is there any progress on this issue? TLS communication and mTLS auth ist very important for etcd.
accessing the etcd via lan is no excuse. In enterprise or shared enviroments you have dozens of applications running in the same network. if one of those apps got hijacked, it can easy access your data.
for development purpose it is ok to run a insecure setup, in production end to end encryption and authentication is a basic requirement, no matter where etcd is running!
from apisix.
Is there any progress on this issue?
the official openresty
still not support the mTLS now. we have to wait
from apisix.
from apisix.
OpenResty already support mTLS.
We still need to wait more time.
from apisix.
Solved by #2584 . Server side TLS verification is enough to use by now.
from apisix.
Related Issues (20)
- help request: 请问配置了clickhouse插件,为什么在控制面板看不到呀? HOT 5
- docs: The route plugin and consumer plugin are run repeatedly. Is this the correct result? HOT 6
- bug: allow_origins_by_metadata does not work without allow_origins HOT 4
- help request: Pubsub with Kafka ready for production ? HOT 2
- bug: Running APISIX in AWS with AWS CDK hangs on deployment HOT 1
- prometheus.lua:920: log_error(): Error while setting 'batch_process_entries{} 'no memory' while logging request HOT 2
- feat: developer portal
- bug: Apaceh apisix taking more than 2 seconds for some of the requests HOT 2
- help request: APISIX 3.8 and Consul Integration HOT 12
- bug: Cannot serialise table: excessively sparse array force: true HOT 3
- feat: proxy-rewrite plugin's execution phase should change from rewrite to access HOT 4
- bug: 插件 jwt-auth 的 function get_real_payload 存在 key 和 exp 被恶意修改的可能 HOT 15
- help request: log_rotate is not working HOT 2
- feat: enhance the cas-auth plugin to support JSON format responses HOT 2
- feat: uri_without_ticket function from cas-auth plugin need to generate uri based on container enviroment HOT 3
- help request: The number of udp socket is not released HOT 2
- help request: how to send mTLS requests in apisix from Lua plugin HOT 5
- bug: nginx-1.25.3 is Vulnerable, waiting for a new release of openresty HOT 2
- feat: Support to set the upstream host dynamically HOT 10
- proposal: allow proxy_next_upstream directive HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apisix.