Distributed Authentication & Authorization in Nodes (Create a login page)

[mrEckendonk]

Feature idea summary

Create a separate login page to avoid hackers sniffing around in the netdata if they are successfully in their attempts.

Expected behavior

Issue

I know I can use htpasswd in NGINX, but on my install it is not working right. Keep getting 403 errors all the time and noticed that many users have questions about a secure login

[cakrit]

Distributed authentication is in our roadmap for the cloud. I didn't see it mentioned separately in an issue, just as a paragraph here, so we can keep this open until it's delivered.

[dretax]

I guess this is still upcoming?

[cakrit]

Yes, probably in Q1 '20 from the looks of it, but we'll see if can bring it earlier. We know how important this is.

[cakrit]

The next version of the cloud is coming in ~1 month, but unfortunately we weren't able to add distributed authentication/authorization to it.
I am keeping this issue here, even though we're closing most other issues that are related to the cloud, because it is a long-standing request for the agent. We are doing our best to get this delivered as soon as possible!

[pgassmann]

This issue is about distributed authentication together with netdata cloud or registry. Is there already some other authentication methods except with reverse proxy?

We would like to show netdata in an iframe or embed some charts in another application. for that basic auth is not possible, <iframe src=https://user:pass@netdata.server > does not work. as this ist no longer supported by chrome.

It would be nice if we could use an authentification token like for streaming to access charts or some api like prometheus metrics. Or use JWT to authenticate requests.

[DonZheng]

Hi @cakrit , I am planning to monitor dozens of my nodes only through netdata cluod. I'm wondering how I can disable the each node's dashboard being accessed via note_ip:19999?
Kindly point me to the right direction, please.
Thanks in adv.

[stelfrag]

Hi @DonZheng

Checkout https://learn.netdata.cloud/docs/agent/web/server

You can disable the web server by editing netdata.conf and setting:

[web]
    mode = none

[DonZheng]

Hi @stelfrag,

Thanks heaps for your kind guidance. Will disabling web server impact the netdata cloud in any way?

I searched in the forum but could not find any discussion on it.

Thanks and Regards

[stelfrag]

Hi @stelfrag,

Thanks heaps for your kind guidance. Will disabling web server impact the netdata cloud in any way?

I searched in the forum but could not find any discussion on it.

Thanks and Regards

The cloud will work fine.

Just a note:

you will not be able to use that node as a parent to enable child nodes to stream metrics to it (since the port 19999 will be disabled). From your original question though that is not the case so everything will be ok.

[DonZheng]

@stelfrag Awesome! Thanks so much for your generous help. Much appreciated!

[Shekelme]

Still, some kind of login page for entering a custom password would be extremely useful.

[manos-saratsis]

@Shekelme it's on our plan to offer secure access through Netdata authentication. Please stay tuned.

[vitabaks]

I will wait for authorization in Netdata. Thanks!

[ilyam8]

Relevant discussion #16136. A new issue will be opened based on #16136.