Comments (8)
Hello again,
Is there aynone interested i this as well.
If you think I can help, please, tell me how I can contribute to get this solved.
Thanks in advance
from birdwatcher.
If you require additional security, I recommend binding birdwatcher to localhost and let a reverse proxy like nginx or haproxy do the TLS termination.
from birdwatcher.
I can see scenarios though where integrating this would make sense.
from birdwatcher.
Hello Annika,
Thank you for your feedback and sorry for the delay I took to reply to it.
We should be able to discuss on the workaround you suggested internally on Monday and will provide you with feedback then.
It is not related but I wanted to congrat you regarding your nice presentation yesterday during the Ripe83 meeting.
So, I should update it on Monday.
from birdwatcher.
Hello Annika,
After having discussed internally, we think it is overkilled to use nginx to address this in our infrastructure.
I then checked a bit if I could find pieces of code to assemble, but even if I am not a bad monkey, without any go knowledge, it would take me too much time.
I let this link which might help others wanting the same feature: https://gist.github.com/denji/12b3a568f092ab951456
If someone decides to address this issue, I would be pleased to participate looking for information if needed.
from birdwatcher.
if I read this correctly adding something like
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
w.Write([]byte("This is an example server.\n"))
})
cfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
}
srv := &http.Server{
Addr: ":443",
Handler: mux,
TLSConfig: cfg,
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
}
log.Fatal(srv.ListenAndServeTLS("tls.crt", "tls.key"))
when initializing the http server
from birdwatcher.
should be possible...
from birdwatcher.
Dear Annika,
Thank you for this reply.
We may be able to add this portion of code but we would then have to compile it each time new TLS version or safer Ciphers are proposed.
We might consider it as a workaround but not as a solution.
According to me, we should be able to apply the wanted settings in a configuration file.
Thanks for taking care of it.
from birdwatcher.
Related Issues (20)
- Regex for interface names HOT 3
- Support for inet-vpn unicast NLRIs (MPLS L3VPN)
- "protocols" endpoint doesn't show routes count for IPv6 protocol on BIRDv2 HOT 3
- Use socket connection to bird instead of calling birdc HOT 4
- Unable to install; error with go-redis HOT 7
- Support for Bird2 ipv4 and ipv6 in a single daemon HOT 9
- allow_from doenst allow cidr HOT 1
- Birdwatcher returns empty array of routes HOT 9
- The problem that Capabilities cannot output. HOT 1
- Install error: cannot find package "go.opentelemetry.io/otel/label"
- panic: interface conversion: interface {} is nil, not string HOT 10
- parsing bird version fails with bird2 HOT 1
- RPM packaging - GitHub Action and RPM issues
- Deprecation of 'go get' for installing executables HOT 1
- IPv6 interface {} is nil, not string HOT 5
- Unable to build docker container: failed to solve: ehlers/bird2
- Version 2.2.5
- How to query v4 and v6 networks HOT 3
- Bird Unreachable errors after route server migration HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from birdwatcher.