Securing NSQ
564 views
Skip to first unread message
R.P.
Aug 13, 2015, 6:58:30 PM8/13/15
to nsq-users
Does anyone know if there are hardening guidelines/security best practices published for NSQ?
Thanks,
-R
Thanks,
-R
Matt Reiferson
Aug 14, 2015, 9:55:54 AM8/14/15
to R.P., nsq-users
This would be a great guide/doc to put together, if you're interested or just want to open an issue on GitHub to track it.
In the meantime, the TLS and Auth docs are the best place to start:
Steven Hartland
Sep 28, 2015, 6:59:20 AM9/28/15
to nsq-users, random...@gmail.com
Did you every make any more progress on this?
We're considering nsq for a project but it seems that the entire architecture relies on being on a trusted network as certain key components are not secured.
Items I've noticed
1. nsqd -> Auth Server - This means that you can't auth clients securely.
2. nsqlookupd - Means a remote user can discover your nsq environment without authorisation.
We're considering nsq for a project but it seems that the entire architecture relies on being on a trusted network as certain key components are not secured.
Items I've noticed
1. nsqd -> Auth Server - This means that you can't auth clients securely.
2. nsqlookupd - Means a remote user can discover your nsq environment without authorisation.
Matt Reiferson
Oct 2, 2015, 4:11:21 PM10/2/15
to Steven Hartland, nsq-users, r. padding
Hi Steven,
No, haven't yet put together a doc for this (should probably open an issue on github for this).
And yes, you're right, for communication between certain components NSQ expects a secure network. However, nsqd -> auth can be configured to use whatever https address you want.
So really it's only nsqd -> nsqlookupd, which we could conceivably address.
Reply all
Reply to author
Forward
0 new messages