lixen/logwisp
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
logwisp/doc/security.md

1.1 KiB
Raw Permalink Blame History

Security

mTLS (Mutual TLS)

Certificate-based authentication for HTTPS.

Server Configuration

[pipelines.sources.http.tls]
enabled = true
cert_file = "/path/to/server.pem"
key_file = "/path/to/server.key"
client_auth = true
client_ca_file = "/path/to/ca.pem"
verify_client_cert = true

Client Configuration

[pipelines.sinks.http_client.tls]
enabled = true
cert_file = "/path/to/client.pem"
key_file = "/path/to/client.key"

Certificate Generation

Use the tls command:

# Generate CA
logwisp tls -ca -o ca

# Generate server certificate
logwisp tls -server -ca-cert ca.pem -ca-key ca.key -host localhost -o server

# Generate client certificate
logwisp tls -client -ca-cert ca.pem -ca-key ca.key -o client

Access Control

ogWisp provides IP-based access control for network connections.

+## IP-Based Access Control

Configure IP-based access control for sources:

 [pipelines.sources.http.net_limit]
 enabled = true
 ip_whitelist = ["192.168.1.0/24", "10.0.0.0/8"]
 ip_blacklist = ["192.168.1.100"]

Priority order:

  1. Blacklist (checked first, immediate deny)
  2. Whitelist (if configured, must match)