Add TLS in TiDB Dashboard documentation (#3706)

* Add TLS in TiDB Dashboard documentation * improve language * Apply suggestions from code review Co-authored-by: TomShawn <41534398+TomShawn@users.noreply.github.com> Co-authored-by: ti-srebot <66930949+ti-srebot@users.noreply.github.com>
pingcap · Aug 24, 2020 · 6cb9ea3 · 6cb9ea3
1 parent caac855
commit 6cb9ea3
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/dashboard/dashboard-ops-reverse-proxy.md b/dashboard/dashboard-ops-reverse-proxy.md
@@ -305,3 +305,7 @@ sudo nginx -s reload
 ```
 
 </details>
+
+## What's next
+
+To learn how to enhance the security of TiDB Dashboard, such as configuring a firewall, see [Secure TiDB Dashboard](/dashboard/dashboard-ops-security.md).
diff --git a/dashboard/dashboard-ops-security.md b/dashboard/dashboard-ops-security.md
@@ -78,6 +78,12 @@ As mentioned in [Use a firewall to block untrusted access](#use-a-firewall-to-bl
 
 It is recommended that you see [Use TiDB Dashboard behind a Reverse Proxy](/dashboard/dashboard-ops-reverse-proxy.md) to learn a safe and recommended reverse proxy configuration.
 
+## Enable TLS for reverse proxy
+
+To further enhance the security of the transport layer, you can enable TLS for reverse proxy, and even introduce mTLS to authenticate user certificates.
+
+See [Configuring HTTPS servers](http://nginx.org/en/docs/http/configuring_https_servers.html) and [HAProxy SSL Termination](https://www.haproxy.com/blog/haproxy-ssl-termination/) for more details.
+
 ## Other recommended safety measures
 
 - [Enable TLS Authentication and Encrypt the Stored Data](/enable-tls-between-components.md)