Hacker News new | ask | show | jobs
by odyslam 1887 days ago
Using Netdata Cloud is a great way not to spend any time with that and access the Agent's dashboard through Netdata Cloud. We use WSS and MQTT, so it's super secure and lightweight.

The data are streamed from the Agent directly to your browser via the cloud.

Relevant docs: https://learn.netdata.cloud/docs/configure/secure-nodes#disa...
1 comments
sammy2244 1887 days ago
So the only convenient way to have security is to use the cloud version? Got it.
link
dvfjsdhgfv 1887 days ago
> So the only convenient way to have security is to use the cloud version? Got it.

I wouldn't formulate it that way, it's just a bit annoying for me to see this trend of not having even tiny bit of security built in and having to do extra work just to protect the dashboard. Just one admin account and a random generated password would be fine.

link
napsterbr 1887 days ago
That's the key difference between self-hosted and SaaS. If you self-host, you are responsible for setting up the required infrastructure, taking care of updates, backups etc.

If setting up a reverse proxy behind whatever monitoring you've got is too much, then yes, by all means use the SaaS offering -- but that's 100% the user responsibility, and there's no need to be snarky about it.

link
dvfjsdhgfv 1887 days ago
> If you self-host, you are responsible for setting up the required infrastructure, taking care of updates, backups etc.

Are you speaking about Netdata or in general? Because if the former, then at least the updates part is not true: the installation script turns out nightly updates (and telemetry).

Frankly, the reason there is no basic auth is that Netdata doesn't use a third-party web server but a built-in one, so they would have to add this functionality.

link
distantsounds 1887 days ago
yes, because a 10 line nginx config with basic http auth is too difficult for a sysadmin to set up in conjunction with his systems monitoring tool

stop being obtuse

link
dvfjsdhgfv 1887 days ago
It's not that it's too difficult, but we were accustomed to having this functionality built in in similar products in the past, then things changed. When ELK first showed up there was a big wave of attacks on ELK servers because they were completely unsecured and at that time X-Pack Security was a paid add-on, they changed their mind later, some time after an open source solution appeared.
link
PixyMisa 1887 days ago
Absolutely. It has to be there, and users have to be forced to configure it at install time.

How many times do we need to repeat this mistake?

link