bigchaindb

Mirroristas/bigchaindb

Fork 0

mirror of https://github.com/bigchaindb/bigchaindb.git synced 2024-10-13 13:34:05 +00:00

Commit Graph

Author	SHA1	Message	Date
Ahmed Muawia Khan	0125368d8e	Problem: K8s deployment with Access Token Authorization expects Access Token for GET calls and others (#2134 ) * Fix for access token authorization for GET calls - Naming inconsistency for cluster-fqdn causing issues - Change cluster-frontend-port to node-frontend-port * Change hardcoded 9984 to configurable	2018-03-15 16:20:15 +01:00
Shahbaz Nazir	d69c75ee93	fixes for k8s deployment automation Signed-off-by: Shahbaz Nazir <shahbaz@bigchaindb.com>	2018-02-27 02:40:59 +01:00
Shahbaz Nazir	0ddfc62e3b	Problem: No authorization mode without threescale (#2088 ) Problem The current production deployment template uses 3scale to ensure that POST requests to the network (from anyone) only get through if they come from a client with an account (app_id and app_key). A private network wants to launch so that all HTTP requests (POST and GET) sent to the nodes in the network get be dropped unless they come from a small set of known (and unchanging) clients/sources. They don't need 3scale. They will want a modified version of the production deployment template. Solution Generate a special HTTP header and share it with all the known clients/sources. Have a single NGINX in each node which checks for that HTTP header value. If it's present, let the request pass through to the network. (HTTP headers are encrypted if HTTPS is used.) Are there other simpler or better options?	2018-02-23 16:00:36 +01:00

Author

SHA1

Message

Date

Ahmed Muawia Khan

0125368d8e

Problem: K8s deployment with Access Token Authorization expects Access Token for GET calls and others (#2134 )

* Fix for access token authorization for GET calls

- Naming inconsistency for cluster-fqdn causing issues
- Change cluster-frontend-port to node-frontend-port

* Change hardcoded 9984 to configurable

2018-03-15 16:20:15 +01:00

Shahbaz Nazir

d69c75ee93

fixes for k8s deployment automation

Signed-off-by: Shahbaz Nazir <shahbaz@bigchaindb.com>

2018-02-27 02:40:59 +01:00

Shahbaz Nazir

0ddfc62e3b

Problem: No authorization mode without threescale (#2088 )

Problem
The current production deployment template uses 3scale to ensure that POST requests to the network (from anyone) only get through if they come from a client with an account (app_id and app_key).

A private network wants to launch so that all HTTP requests (POST and GET) sent to the nodes in the network get be dropped unless they come from a small set of known (and unchanging) clients/sources. They don't need 3scale. They will want a modified version of the production deployment template.

Solution
Generate a special HTTP header and share it with all the known clients/sources.
Have a single NGINX in each node which checks for that HTTP header value. If it's present, let the request pass through to the network. (HTTP headers are encrypted if HTTPS is used.)
Are there other simpler or better options?

2018-02-23 16:00:36 +01:00

3 Commits