From 2a6bf841a806beb1a23ddffb6aea1207140965ff Mon Sep 17 00:00:00 2001 From: Christopher Kolstad Date: Wed, 23 Oct 2024 11:49:30 +0200 Subject: [PATCH] docs: add notes about disabling internal-backstage endpoints (#574) --- docs/deploying.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/deploying.md b/docs/deploying.md index cc822a3c..83455bf0 100644 --- a/docs/deploying.md +++ b/docs/deploying.md @@ -119,3 +119,22 @@ $ echo $? If you're hosting Edge with a self-signed certificate using the tls cli arguments, you should use the `--ca-certificate-file ` flag (or the CA_CERTIFICATE_FILE environment variable) to allow the health checker to trust the self signed certificate. + + +## Security considerations + +Edge by default exposes quite a few debug endpoints to help you understand what is going on. + +These endpoints can be sensitive, so you should protect them from public access. We recommend using a reverse proxy to protect these endpoints. +When using a reverse proxy, all endpoints under `/internal-backstage` should be protected from public access. +If you're exposing Edge to the public internet without a reverse proxy, each endpoint under `/internal-backstage` can be disabled at startup by setting +the following flags: + +| CLI Flag | Environment variable | Description | URL | +| --- | --- | --- | --- | +| --disable-metrics-batch-endpoint | DISABLE_METRICS_BATCH_ENDPOINT | Disables the metrics batch endpoint | /internal-backstage/metricsbatch | +| --disable-metrics-endpoint | DISABLE_METRICS_ENDPOINT | Disables the metrics endpoint | /internal-backstage/metrics | +| --disable-tokens-endpoint | DISABLE_TOKENS_ENDPOINT | Disables the tokens endpoint | /internal-backstage/tokens | +| --disable-features-endpoint | DISABLE_FEATURES_ENDPOINT | Disables the features endpoint | /internal-backstage/features | + +In addition /internal-backstage has the `/ready` and `/health` endpoints, but since these only return a 200 OK and a status, they are safe to expose.