Merge 'v1.6.6' into v1.7

2018-08-21 11:43:34 +02:00 · 2018-08-21 11:43:34 +02:00 · bd3b787fd5
commit bd3b787fd5
parent e46de74328 27e4a8a227
13 changed files with 220 additions and 26 deletions
--- a/docs/configuration/api.md
+++ b/docs/configuration/api.md
@ -4,6 +4,9 @@

 ```toml
 # API definition
+# Warning: Enabling API will expose Træfik's configuration.
+# It is not recommended in production,
+# unless secured by authentication and authorizations
 [api]
  # Name of the related entry point
  #
@ -12,7 +15,7 @@
  #
  entryPoint = "traefik"

-  # Enabled Dashboard
+  # Enable Dashboard
  #
  # Optional
  # Default: true
@ -38,6 +41,22 @@ For more customization, see [entry points](/configuration/entrypoints/) document

 ![Web UI Health](/img/traefik-health.png)

+## Security
+
+Enabling the API will expose all configuration elements,
+including sensitive data.
+
+It is not recommended in production,
+unless secured by authentication and authorizations.
+
+A good sane default (but not exhaustive) set of recommendations
+would be to apply the following protection mechanism:
+
+* _At application level:_ enabling HTTP [Basic Authentication](#authentication)
+* _At transport level:_ NOT exposing publicly the API's port,
+keeping it restricted over internal networks
+(restricted networks as in https://en.wikipedia.org/wiki/Principle_of_least_privilege).
+
 ## API

 | Path                                                            | Method           | Description                               |