Security
此内容尚不支持你的语言。
Chproxy
removes all the query params from input requests (except the user’s params and listed here)
before proxying them to ClickHouse
nodes. This prevents from unsafe overriding
of various ClickHouse
settings.
Be careful when configuring limits, allowed networks, passwords etc.
By default chproxy
tries detecting the most obvious configuration errors such as allowed_networks: ["0.0.0.0/0"]
or sending passwords via unencrypted HTTP.
Special option hack_me_please: true
may be used for disabling all the security-related checks during config validation (if you are feeling lucky :) ).
For sensitive configuration options, such as user passwords, chproxy supports loading configuration from environment variables. In order to load a configuration variable from a environment variable, a placeholder needs to be put in it’s place
in the configuration file. Placeholder are of the form ${ENV_VAR_NAME}
. As an example, to load a user password from the environment variable MY_PASSWORD
you can use a placeholder as in the following snippet:
This will be replaced by the actual environment variable once the configuration is (re)loaded from disk. If the environment variable isn’t found the placeholder will remain and won’t be replaced.