Consul: Securing Consul Web UI

Created on 28 Jan 2020 · 5Comments · Source: hashicorp/consul

My main concern is to know what's the proper way to secure the consul ui.
I've read the documentation and it's not mentioned anywhere.

themui

Source

yakhyadabo

Most helpful comment

Hi @yakhyadabo

Thanks for the answer there @ashleyprimo !

Related to that, from looking at that thread you linked to, did you want to add a password to the Consul UI?

If so, we currently recommend running the UI behind a proxy with some sort of authentication on the proxy (so using nginx or similar). We have spoken amongst the team about potentially adding some sort of OAuth or similar to the UI itself (also see https://github.com/hashicorp/consul/issues/4367), but there is nothing super definite on that as yet. I'll update you here when I know more.

Thanks,

johncowen on 29 Jan 2020

👍2

All 5 comments

You can enable mTLS on the web interface of Consul; see https://www.consul.io/docs/internals/security.html

ashleyprimo on 28 Jan 2020

👎1

Hi @yakhyadabo

Thanks for the answer there @ashleyprimo !

Related to that, from looking at that thread you linked to, did you want to add a password to the Consul UI?

Thanks,

johncowen on 29 Jan 2020

👍2

Ok @johncowen,

In the meanwhile I will be relying on ACLs to secure the UI.

Regards,

yakhyadabo on 30 Jan 2020

Hey @yakhyadabo

If your UI installation will be available publicly please be aware that there is some information that cannot be restricted by ACLs, i.e. the names of your datacenters, the Consul version you are running.

If you are exposing the Consul API/UI publicly and you do not want that information exposed, we'd recommend putting an authentication proxy in front of it.

johncowen on 30 Jan 2020

The cluster is not publicly exposed.

yakhyadabo on 12 Feb 2020

Was this page helpful?

0 / 5 - 0 ratings