Skip to content
Permalink
Browse files

add note on security since it has come up several times on gitter (op…

  • Loading branch information...
jorgheymans authored and abesto committed Apr 22, 2018
1 parent 15ed0e8 commit 30477e46812e89ff8e58e1522df2d79b9ba4b55a
Showing with 5 additions and 0 deletions.
  1. +5 −0 zipkin-ui/README.md
@@ -155,3 +155,8 @@ And then it's observable in the UI:
```bash
$ open http://localhost/proxy/foo/bar/zipkin/?serviceName=zipkin-server&startTs=1378193040000&endTs=1505463856013
```
### How do I configure security (authentication, authorization)?

Zipkin UI can be secured by running it behind an authenticating proxy like [Apache HTTPD](https://httpd.apache.org/docs/current/howto/auth.html), [Nginx](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html) or similar. Make sure to also consult the [notes](#apache-http-as-a-zipkin-reverse-proxy) on running apache http as a reverse proxy for the UI, as it can be a bit tricky.

Note that by default, a Zipkin server runs both the UI ('/zipkin') and the span collector ('/api') endpoint. Your configuration to secure the UI should only target the UI endpoint in order to not prevent clients from ingesting span data.

0 comments on commit 30477e4

Please sign in to comment.
You can’t perform that action at this time.