mirror of https://github.com/status-im/consul.git
website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
This commit is contained in:
parent
844a5fe8c0
commit
c66628a06f
|
@ -482,6 +482,26 @@ default.
|
||||||
If using [`acl_token`](/docs/agent/options.html#acl_token), then it's likely the anonymous
|
If using [`acl_token`](/docs/agent/options.html#acl_token), then it's likely the anonymous
|
||||||
token will have a more restrictive policy than shown in the examples here.
|
token will have a more restrictive policy than shown in the examples here.
|
||||||
|
|
||||||
|
#### Create Tokens for UI Use (Optional)
|
||||||
|
|
||||||
|
If you utilize the Consul UI with a restrictive ACL policy, as above, the UI will
|
||||||
|
not function fully using the anonymous ACL token. It is recommended
|
||||||
|
that a UI-specific ACL token is used, which can be set in the UI during the
|
||||||
|
web browser session to authenticate the interface.
|
||||||
|
|
||||||
|
```text
|
||||||
|
$ curl \
|
||||||
|
--request PUT \
|
||||||
|
--header "X-Consul-Token: b1gs33cr3t" \
|
||||||
|
--data \
|
||||||
|
'{
|
||||||
|
"Name": "UI Token",
|
||||||
|
"Type": "client",
|
||||||
|
"Rules": "key \"\" { policy = \"write\" } node \"\" { policy = \"read\" } service \"\" { policy = \"read\" }"
|
||||||
|
}' http://127.0.0.1:8500/v1/acl/create
|
||||||
|
{"ID":"d0a9f330-2f9d-0a8c-d2af-1e9ceda354e6"}
|
||||||
|
```
|
||||||
|
|
||||||
#### Next Steps
|
#### Next Steps
|
||||||
|
|
||||||
The examples above configure a basic ACL environment with the ability to see all nodes
|
The examples above configure a basic ACL environment with the ability to see all nodes
|
||||||
|
|
Loading…
Reference in New Issue