Is the Glowroot Collector protocol secure?

655 views
Skip to first unread message

David Mulligan

unread,
Oct 19, 2017, 10:55:07 AM10/19/17
to Glowroot
Hi Trask,

I am a new Glowroot user and I would like to start by saying thank you for this great tool.  I am amazed by how simple and useful it is. 

I anticipate the need to run the Glowroot collector outside of our DMZ.  I also anticipate getting this question from our IT team.  According to the documentation grpc communicates over HTTP/2 so is the grpc protocol itself secure?   There can potentially be sensitive information in the request parameters and possibly other data I haven't thought of.

Thanks again,
David

Trask Stalnaker

unread,
Oct 19, 2017, 1:17:28 PM10/19/17
to Glowroot
Hi David,

Thanks for the kind words.

Currently the gRPC communication is not secure.  You will want to follow https://github.com/glowroot/glowroot/issues/205, I've been working on this locally and it should be available in the next month or so.

Trask

Trask Stalnaker

unread,
Nov 21, 2017, 11:25:06 PM11/21/17
to Glowroot
gRPC over HTTPS is now supported in version 0.9.27. For configuration instructions, see https://github.com/glowroot/glowroot/wiki/Central-Collector-Installation#agent-communication-over-https (and if using a Central Collector Cluster also see https://github.com/glowroot/glowroot/wiki/Central-Collector-Cluster#option-2-client-side-load-balancing-if-using-grpc-over-https).

Thanks,
Traks
Reply all
Reply to author
Forward
0 new messages