Hi! I wonder if we can run nomad on https protocol. In the documentation I found nothing about. The idea would be to pass the host’s certificate and key to protect the page, just like it works with Boundary and Vault. Does it have any support for this?
Besides, I was left with a doubt. I’m running Nomad with the intention of inserting clients in the lead server. But I noticed that even the clients when registered on the server and running correctly, present a nomad http page, as well as the leading server. Is that really the idea? Have access to http page on all clients? Is there any way to disable this?
Hi @CamilaBetim,
I think this github issue has an explanation and link to the documentation that will show you how to do this.
Let us know if that isn’t what you need.
Thanks!
@DerekStrickland and the Nomad Team
@CamilaBetim 
There is information for setting up mTLS on Nomad in the Enable TLS Encryption for Nomad HashiCorp Learn Tutorial. There is also information on using NGINX as a mTLS-uplifting proxy for the Web UI in the Configure NGINX Reverse Proxy for Nomad’s Web UI tutorial that some folks find useful after they convert their cluster to using mTLS.
All Nomad nodes run the UI as a single page web application in the context of the /ui/ listener. Because it is entirely run in the browser, there is no performance penalty associated with it being there (rather than a stateful application that has some processing burden whether or not anyone is consuming it). Since the UI doesn’t have its own HTTP listener, it can not be turned off by default.
If you are willing to build from source, you can prevent the Nomad UI from being compiled in to the binary by not passing ui in the GO_TAGS environment variable when building.
Hopefully this additional context is useful!
Regards,
Charlie.