Merge pull request #4911 from owncloud/proxy-readme

add proxy README
owncloud · Oct 28, 2022 · bc06dfb · bc06dfb
2 parents f116f78 + 3d5a6c3
commit bc06dfb
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/services/proxy/README.md b/services/proxy/README.md
@@ -0,0 +1,18 @@
+# Proxy Service
+
+The proxy service is an API-Gateway for the ownCloud Infinite Scale microservices. Every HTTP request goes through this service. Authentication, logging and other preprocessing of requests also happens here. Mechanisms like request rate limitting or intrusion prevention are **not** included in the proxy service and must be setup in front like with an external reverse proxy.
+
+The proxy service is the only service communicating to the outside and needs therefore usual protections against DDOS, Slow Loris or other attack vectors. All other services are not exposed to the outside, but also need protective measures when it comes to distributed setups like when using container orchestration over various physical servers.
+
+## Authentication
+
+The following request authentication schemes are implemented:
+
+-   Basic Auth (Only use in development, **never in production** setups!)
+-   OpenID Connect
+-   Signed URL
+-   Public Share Token
+
+## Recommendations for Production Deployments
+
+In a production deployment, you want to have basic authentication (`PROXY_ENABLE_BASIC_AUTH`) disabled which is the default state. You also want to setup a firewall to only allow requests to the proxy service or the reverse proxy if you have one. Requests to the other services should be blocked by the firewall.