You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apisix.apache.org by JunXu Chen <ch...@apache.org> on 2021/04/10 12:58:40 UTC
[DISCUSS] Support HTTPS for Apache APISIX Dashboard
Hi, Community,
Now APISIX Dashboard does not support HTTPS access, which is not safe and
easy to be hijacked and sniffed.
We should support HTTPS access. We have two options to support HTTPS.
Option 1
Use APISIX to proxy Dashboard, and APISIX provides HTTPS support.
Generally, people will not directly expose Dashboard to the Internet, and
it is natural to use APISIX to proxy. And in this option, Dashboard does
not need to be changed.
Option 2
The Dashboard Manager API directly supports HTTPS.
The advantage of this is that it can also support HTTPS without using
APISIX or other servers to proxy Dashboard. And people can also continue to
choose option 1.
Do you think it is necessary to directly support HTTPS in the Dashboard
Manager API?
Thanks!
Re: [DISCUSS] Support HTTPS for Apache APISIX Dashboard
Posted by Zhiyuan Ju <ju...@apache.org>.
^_^
Got it, looks good to me then.
Bisakh Mondal <bi...@gmail.com>于2021年4月10日 周六下午10:43写道:
> Hi, Zhiyuan,
>
> If everything goes well, we will have our User Management including sign
> in and register through OAuth by the end of the GSoC period. I have an
> active proposal on that idea. Feel free to check it out :)
>
> Regarding the options that JunXu has provided, I think option 2 has more
> flexibility. We can let the user choose between HTTP or HTTPS(certfile and
> keyfile) through command-line flags. Thanks.
>
> On Sat, 10 Apr 2021 at 19:06, Zhiyuan Ju <ju...@apache.org> wrote:
>
> > Not sure if users will expose ManagerAPI directly. I think no, because
> this
> > OSS doesn’t have features on User Management, so why not put it back the
> > Apache APISIX? And integrate with custom user management with OAuth, etc.
> >
> > Of course this feature is good to include, but not urgent IMO.
> >
> >
> >
> > JunXu Chen <ch...@apache.org>于2021年4月10日 周六下午8:58写道:
> >
> > > Hi, Community,
> > >
> > > Now APISIX Dashboard does not support HTTPS access, which is not safe
> and
> > > easy to be hijacked and sniffed.
> > >
> > > We should support HTTPS access. We have two options to support HTTPS.
> > >
> > > Option 1
> > > Use APISIX to proxy Dashboard, and APISIX provides HTTPS support.
> > > Generally, people will not directly expose Dashboard to the Internet,
> and
> > > it is natural to use APISIX to proxy. And in this option, Dashboard
> does
> > > not need to be changed.
> > >
> > > Option 2
> > > The Dashboard Manager API directly supports HTTPS.
> > > The advantage of this is that it can also support HTTPS without using
> > > APISIX or other servers to proxy Dashboard. And people can also
> continue
> > to
> > > choose option 1.
> > >
> > > Do you think it is necessary to directly support HTTPS in the Dashboard
> > > Manager API?
> > >
> > > Thanks!
> > >
> > --
> > 来自 琚致远
> >
>
--
来自 琚致远
Re: [DISCUSS] Support HTTPS for Apache APISIX Dashboard
Posted by Bisakh Mondal <bi...@gmail.com>.
Hi, Zhiyuan,
If everything goes well, we will have our User Management including sign
in and register through OAuth by the end of the GSoC period. I have an
active proposal on that idea. Feel free to check it out :)
Regarding the options that JunXu has provided, I think option 2 has more
flexibility. We can let the user choose between HTTP or HTTPS(certfile and
keyfile) through command-line flags. Thanks.
On Sat, 10 Apr 2021 at 19:06, Zhiyuan Ju <ju...@apache.org> wrote:
> Not sure if users will expose ManagerAPI directly. I think no, because this
> OSS doesn’t have features on User Management, so why not put it back the
> Apache APISIX? And integrate with custom user management with OAuth, etc.
>
> Of course this feature is good to include, but not urgent IMO.
>
>
>
> JunXu Chen <ch...@apache.org>于2021年4月10日 周六下午8:58写道:
>
> > Hi, Community,
> >
> > Now APISIX Dashboard does not support HTTPS access, which is not safe and
> > easy to be hijacked and sniffed.
> >
> > We should support HTTPS access. We have two options to support HTTPS.
> >
> > Option 1
> > Use APISIX to proxy Dashboard, and APISIX provides HTTPS support.
> > Generally, people will not directly expose Dashboard to the Internet, and
> > it is natural to use APISIX to proxy. And in this option, Dashboard does
> > not need to be changed.
> >
> > Option 2
> > The Dashboard Manager API directly supports HTTPS.
> > The advantage of this is that it can also support HTTPS without using
> > APISIX or other servers to proxy Dashboard. And people can also continue
> to
> > choose option 1.
> >
> > Do you think it is necessary to directly support HTTPS in the Dashboard
> > Manager API?
> >
> > Thanks!
> >
> --
> 来自 琚致远
>
Re: [DISCUSS] Support HTTPS for Apache APISIX Dashboard
Posted by Zhiyuan Ju <ju...@apache.org>.
Not sure if users will expose ManagerAPI directly. I think no, because this
OSS doesn’t have features on User Management, so why not put it back the
Apache APISIX? And integrate with custom user management with OAuth, etc.
Of course this feature is good to include, but not urgent IMO.
JunXu Chen <ch...@apache.org>于2021年4月10日 周六下午8:58写道:
> Hi, Community,
>
> Now APISIX Dashboard does not support HTTPS access, which is not safe and
> easy to be hijacked and sniffed.
>
> We should support HTTPS access. We have two options to support HTTPS.
>
> Option 1
> Use APISIX to proxy Dashboard, and APISIX provides HTTPS support.
> Generally, people will not directly expose Dashboard to the Internet, and
> it is natural to use APISIX to proxy. And in this option, Dashboard does
> not need to be changed.
>
> Option 2
> The Dashboard Manager API directly supports HTTPS.
> The advantage of this is that it can also support HTTPS without using
> APISIX or other servers to proxy Dashboard. And people can also continue to
> choose option 1.
>
> Do you think it is necessary to directly support HTTPS in the Dashboard
> Manager API?
>
> Thanks!
>
--
来自 琚致远