Protect the dashboard from public access

We’ve got a public deployment of Mender with kubernetes 3.4. We don’t want to expose the dashboard to the public, especially since 2FA is not available in the open-source deployment. Is there a way to allow public device traffic but keep the front-end private?

Hi @akin,

EDIT 2023-09-20: the following statement is incorrect due to a misunderstanding. I am keeping it around so this thread is understandable for future readers.

Starting with the 3.6 release, the open source version will also get 2FA. It is expected in the next couple of days, so I’d just wait for that. :slight_smile:

Hi Josef,

While 2FA is greatly appreciated (we’ve been looking forward to it!), optimally we’d like to have the dashboard only accessible through a private network, or at least be able to put some firewall rules in-front for our IPs that wouldn’t impact device traffic.

As far as I can tell, the api and the dashboard are pretty tightly coupled. Even a way to disable the frontend (or logins) would be nice.

Hi @TheYoctoJester,

We’ve just updated using the 3.6.2 helm chart and we can’t seem to find 2FA in the open source version. We see the patch notes mention making 2FA available in all plans. Is there some setting we need to enable on the server?

Hi @akin,

I just checked with the team and unfortunately I suffered a misunderstanding. 2FA is by now available in all plans including Basic, but not OSS. I’m really sorry if this causes any inconveniences due to my miscommunication.