mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

docs: RRDCached-Security clearify security (#8302)

Browse Source 
Clarify that additional security is only needed if you use a network socket instead of a unix socket. This might reduce confusion since the default directions on https://docs.librenms.org/#Extensions/RRDCached/ only setup unix sockets so no further steps are needed.

Source information found at: https://oss.oetiker.ch/rrdtool/doc/rrdcached.en.html#SECURITY_CONSIDERATIONS
This commit is contained in:
theherodied
2018-02-27 10:42:16 -05:00
committed by Neil Lathwood
parent 70714fe811
commit 6370b2931c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Extensions/RRDCached-Security.md
View File

@@ -1,5 +1,5 @@
### Securing with nginx
According to the [man page](https://linux.die.net/man/1/rrdcached), under "SECURITY CONSIDERATIONS", rrdcached has no authentication or security except for running under a unix socket. To secure your rrdcached installation, you can proxy it using nginx to allow only specific IPs to connect.
According to the [man page](https://linux.die.net/man/1/rrdcached), under "SECURITY CONSIDERATIONS", rrdcached has no authentication or security except for running under a unix socket. If you choose to use a network socket instead of a unix socket, you will need to secure your rrdcached installation. To do so you can proxy rrdcached using nginx to allow only specific IPs to connect.
using the same setup above, using nginx version 1.9.0 or later, you can follow this setup to proxy the default rrdcached port to the local unix socket.