Docs: adding a few mentions about the exposure risk of enabling the api

Signed-off-by: Damien DUPORTAL <damien.duportal@gmail.com>
traefik · Aug 20, 2018 · 113250c · 113250c
1 parent a7bb768
commit 113250c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 1 deletion.
diff --git a/docs/configuration/api.md b/docs/configuration/api.md
@@ -4,6 +4,9 @@
 
 ```toml
 # API definition
+# Warning: Enabling API will expose Træfik's configuration and secret.
+# It is not recommended in production,
+# unless secured by authentication and authorizations
 [api]
   # Name of the related entry point
   #
@@ -12,7 +15,7 @@
   #
   entryPoint = "traefik"
 
-  # Enabled Dashboard
+  # Enable Dashboard
   #
   # Optional
   # Default: true
@@ -38,6 +41,14 @@ For more customization, see [entry points](/configuration/entrypoints/) document
 
 ![Web UI Health](/img/traefik-health.png)
 
+## Security
+
+Enabling the API will expose all configuration elements,
+including secret.
+
+It is not recommended in production,
+unless secured by authentication and authorizations.
+
 ## API
 
 | Path                                                            | Method           | Description                               |

diff --git a/docs/index.md b/docs/index.md
@@ -86,6 +86,10 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
 ```
 
+!!! warning
+    Enabling the Web UI with the `--api` flag might exposes configuration elements. You can read more about this on the [API/Dashboard's Security section](/configuration/api#security).
+
+
 **That's it. Now you can launch Træfik!**
 
 Start your `reverse-proxy` with the following command: