[incubator-devlake-website] branch main updated (72b019bf4 -> 0c284663b)

[yu...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

yumeng pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake-website.git


    from 72b019bf4 Update webhook.md
     new bd911c01c docs: security and basic authentication
     new 0c284663b fix: adjusted some wording

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 docs/UserManuals/Authentication.md | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 docs/UserManuals/Authentication.md

[incubator-devlake-website] 02/02: fix: adjusted some wording

[yu...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

yumeng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake-website.git

commit 0c284663b9c25d2b88ead3b157aae2c83bd39e0b
Author: Yumeng Wang <yu...@merico.dev>
AuthorDate: Fri Sep 30 17:18:00 2022 +0800

    fix: adjusted some wording
---
 docs/UserManuals/Authentication.md | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/docs/UserManuals/Authentication.md b/docs/UserManuals/Authentication.md
index 0df2b0ead..7ac7a15c2 100644
--- a/docs/UserManuals/Authentication.md
+++ b/docs/UserManuals/Authentication.md
@@ -3,20 +3,22 @@ title: "Security and Authentication"
 description: How to secure your deployment and enable the Authentication
 ---
 
-The document explains how you can set up Apache DevLake in terms of security. First of all, there are 4 services included in deployment:
+The document explains how you can set up Apache DevLake securely. 
+
+First of all, there are 4 services included in the deployment:
 
 - database: `postgress` and `mysql` are supported, you may choose one of them or any other compatible DBS like cloud-based systems. You should follow the document from the database to make it secure.
-- grafana: you are likely to use it most of the time, browsing built-in dashboards, and creating your own customized metric. grafana supports [User Management](https://grafana.com/docs/grafana/latest/administration/user-management/), please follow the official document to set it up based on your need.
-- devlake: this is the core service for Data Collection and Metric Calculation, all collected/calculated data would be stored to the database, and accessed by the `grafana` service. `devlake` itself doesn't support User Management of any kind, so we don't recommend that you expose its port to the outside world.
-- config-ui: a web interface to set up `devlake` to do the work. You may set up some automated `blueprint` and let it be. `config-ui` supports `Basic Authentication`, by simply set up the Environment Variable `ADMIN_USER` and `ADMIN_PASS` for the container. There are commented lines in `config-ui.environment` section in our `docker-compose.yml` file for your convenience.
+- grafana: You are likely to use it most of the time, browsing built-in dashboards, and creating your own customized metric. grafana supports [User Management](https://grafana.com/docs/grafana/latest/administration/user-management/), please follow the official document to set it up based on your need.
+- devlake: This is the core service for Data Collection and Metric Calculation, all collected/calculated data would be stored to the database, and accessed by the `grafana` service. `devlake` itself doesn't support User Management of any kind, so we don't recommend that you expose its port to the outside world.
+- config-ui: A web interface to set up `devlake` to do the work. You may set up an automated `blueprint` to collect data. `config-ui` supports `Basic Authentication`, by simply set up the Environment Variable `ADMIN_USER` and `ADMIN_PASS` for the container. There are commented lines in `config-ui.environment` section in our `docker-compose.yml` file for your convenience.
 In General, we suggest that you reduce the Attack Surface as small as possible.
 
 
 ### Internal Deployment (Recommended)
 
-- database: remove the `ports` if you don't need to access the database directly
-- devlake: remove the `ports` section. If you want to call the API directly, do it via `config-ui/api` endpoint.
-- grafana: we have no choice but to expose the `ports` for people to browse the dashboards. However, you may want to set up the User Management, and a read-only database account for `grafana`
+- database: Remove the `ports` if you don't need to access the database directly
+- devlake: Remove the `ports` section. If you want to call the API directly, do it via `config-ui/api` endpoint.
+- grafana: We have no choice but to expose the `ports` for people to browse the dashboards. However, you may want to set up the User Management, and a read-only database account for `grafana`
 - config-ui: Normally, exposing the `ports` with `Basic Authentication` is sufficient for Internal Deployment, you may choose to remove the `ports` and use techniques like `k8s port-forwarding` or `expose-port-when-needed` to enhance the security. Keep in mind config-ui is NOT designed to be used by many people, and it shouldn't be. Do NOT grant access if NOT necessary.
 
 
@@ -24,10 +26,10 @@ In General, we suggest that you reduce the Attack Surface as small as possible.
 
 THIS IS DANGEROUS, DON'T DO IT. If you insist, here are some suggestions you may follow, please consult Security Advisor before everything:
 
-- database: same as above.
-- grafana: same as above, plus, set up the `HTTPS` for the transportation.
-- devlake: same as above.
-- config-ui: same as above, plus, use port-forward if you are using `k8s`, otherwise, set up `HTTPS` for the transportation.
+- database: Same as above.
+- grafana: Same as above. In addition, set up the `HTTPS` for the transportation.
+- devlake: Same as above.
+- config-ui: Same as above. In addition, use port-forward if you are using `k8s`, otherwise, set up `HTTPS` for the transportation.
 
 
 ## Disclaimer

[incubator-devlake-website] 01/02: docs: security and basic authentication

[yu...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

yumeng pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake-website.git

commit bd911c01c006450ce891c53c7ec29751e8d340b5
Author: Klesh Wong <zh...@merico.dev>
AuthorDate: Fri Sep 30 16:22:39 2022 +0800

    docs: security and basic authentication
---
 docs/UserManuals/Authentication.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/UserManuals/Authentication.md b/docs/UserManuals/Authentication.md
new file mode 100644
index 000000000..0df2b0ead
--- /dev/null
+++ b/docs/UserManuals/Authentication.md
@@ -0,0 +1,35 @@
+---
+title: "Security and Authentication"
+description: How to secure your deployment and enable the Authentication
+---
+
+The document explains how you can set up Apache DevLake in terms of security. First of all, there are 4 services included in deployment:
+
+- database: `postgress` and `mysql` are supported, you may choose one of them or any other compatible DBS like cloud-based systems. You should follow the document from the database to make it secure.
+- grafana: you are likely to use it most of the time, browsing built-in dashboards, and creating your own customized metric. grafana supports [User Management](https://grafana.com/docs/grafana/latest/administration/user-management/), please follow the official document to set it up based on your need.
+- devlake: this is the core service for Data Collection and Metric Calculation, all collected/calculated data would be stored to the database, and accessed by the `grafana` service. `devlake` itself doesn't support User Management of any kind, so we don't recommend that you expose its port to the outside world.
+- config-ui: a web interface to set up `devlake` to do the work. You may set up some automated `blueprint` and let it be. `config-ui` supports `Basic Authentication`, by simply set up the Environment Variable `ADMIN_USER` and `ADMIN_PASS` for the container. There are commented lines in `config-ui.environment` section in our `docker-compose.yml` file for your convenience.
+In General, we suggest that you reduce the Attack Surface as small as possible.
+
+
+### Internal Deployment (Recommended)
+
+- database: remove the `ports` if you don't need to access the database directly
+- devlake: remove the `ports` section. If you want to call the API directly, do it via `config-ui/api` endpoint.
+- grafana: we have no choice but to expose the `ports` for people to browse the dashboards. However, you may want to set up the User Management, and a read-only database account for `grafana`
+- config-ui: Normally, exposing the `ports` with `Basic Authentication` is sufficient for Internal Deployment, you may choose to remove the `ports` and use techniques like `k8s port-forwarding` or `expose-port-when-needed` to enhance the security. Keep in mind config-ui is NOT designed to be used by many people, and it shouldn't be. Do NOT grant access if NOT necessary.
+
+
+### Internet Deployment (NOT Recommended)
+
+THIS IS DANGEROUS, DON'T DO IT. If you insist, here are some suggestions you may follow, please consult Security Advisor before everything:
+
+- database: same as above.
+- grafana: same as above, plus, set up the `HTTPS` for the transportation.
+- devlake: same as above.
+- config-ui: same as above, plus, use port-forward if you are using `k8s`, otherwise, set up `HTTPS` for the transportation.
+
+
+## Disclaimer
+
+Security is complicated, all suggestions listed above are based on what we learned so far. Apache Devlake makes no guarantee of any kind, please consult your Security Advisor before applying.