To secure Nomad, what is the correct way to do it? At the moment, anyone from our department can access it without no login/pasword. What is the best way to implmenet login access?
a quick way which comes to mind is … to keep the
ui enabled only on a few nodes and front them with an HAProxy with http basic auth.
its a simple but “works for now” solution. a more advanced version could auth against some central system, etc., but I don’t know how that could be done very easily.
Yes, I was thinking of using Nginx. But I am shocked that its not mentioned so much. For an enterprise user, Authentication and Authorization is key!
I don’t get it… ACLs?
@keith6014 I think NGINX should also have something similar.
ACLs is the way to protect which user gets to do what within the cluster too.
@Wolfsrudel I understood the question for “protecting” the GUI access only, but yes, ACLs would be from inside the cluster. slight_smile:
So maybe you understood the initial question right.
@shantanugadgil thanks. Unfornutanly doing a proxy_pass with nginx isn’t so trivial with Nomad. If I goto /nomad I keep getting redirected to /ui. WIll open another thread for that.
i don’t know the recent situation about the redirects being handled, but there has been some requests around this … (the most typical use case is that folks want to use a common proxy for reaching consul and nomad servers using
I am not aware of the latest config settings around this (what works, what doesn’t work)