Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feature request] Add support for specifying trusted certificates #38

Open
rossmcdonald opened this issue Jul 20, 2016 · 6 comments
Open

Comments

@rossmcdonald
Copy link
Contributor

It can be difficult to configure Relay to communicate with an InfluxDB server that is using a self-signed SSL certificate that is not trusted by the host system. It would be great if there was a configuration option for specifying a set of trusted certificates to use for communication.

@nathanielc
Copy link
Contributor

Why does this need to be specific to influxdb-relay? Can't a trusted certificate be added to the system as a whole?

@joelegasse
Copy link
Contributor

joelegasse commented Jul 20, 2016

@nathanielc Sometimes you want service-specific certificates that aren't trusted globally on the machine. Adding a new CA to the host machine would add an extra attack surface: If the CA used to sign the cert for the backends is compromised, it will only compromise the relay traffic, rather than potentially trusting that CA for any secure connection or authentication on the machine.

@nathanielc
Copy link
Contributor

@joelegasse Makes sense, thanks.

@joelegasse
Copy link
Contributor

@rossmcdonald Would adding this as a per-backend option ca-cert be sufficient?

@rossmcdonald
Copy link
Contributor Author

@joelegasse Absolutely, I think that makes perfect sense.

@luvpreetsingh
Copy link

Will this influx-relay would be helpful if I have only 1 influxdb server ?

It doesn't seem so that it works ,

luvpreet@DHARI-Inspiron-3542:/etc$ curl -i -XPOST 'http://localhost:9096/write?db=tester' --data-binary 'glass,host=server01,region=us-west value=0.64 1434055562000000000'

HTTP/1.1 503 Service Unavailable
Content-Length: 35
Content-Type: application/json
Date: Mon, 17 Apr 2017 12:48:33 GMT

{"error":"unable to write points"}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants