Nomad authentication

To secure Nomad, what is the correct way to do it? At the moment, anyone from our department can access it without no login/pasword. What is the best way to implmenet login access?

a quick way which comes to mind is … to keep the ui enabled only on a few nodes and front them with an HAProxy with http basic auth.

its a simple but “works for now” solution. a more advanced version could auth against some central system, etc., but I don’t know how that could be done very easily.

Yes, I was thinking of using Nginx. But I am shocked that its not mentioned so much. For an enterprise user, Authentication and Authorization is key!

I don’t get it… ACLs?

@keith6014 I think NGINX should also have something similar.
ACLs is the way to protect which user gets to do what within the cluster too.

@Wolfsrudel I understood the question for “protecting” the GUI access only, but yes, ACLs would be from inside the cluster. :slight_smile: slight_smile:

So maybe you understood the initial question right. :wink:

1 Like

@shantanugadgil thanks. Unfornutanly doing a proxy_pass with nginx isn’t so trivial with Nomad. If I goto /nomad I keep getting redirected to /ui. WIll open another thread for that.

i don’t know the recent situation about the redirects being handled, but there has been some requests around this … (the most typical use case is that folks want to use a common proxy for reaching consul and nomad servers using /consul and /nomad respectively)

I am not aware of the latest config settings around this (what works, what doesn’t work)