You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR introduces the ability to run the Toolbox server over HTTPS.
While the server still defaults to HTTP for local development, users can
now enable TLS encryption via command-line flags. This is essential for
secure communication when the Toolbox is exposed over a network or used
in production-like environments.
**New Flags:**
* `--tls`: Boolean flag to enable HTTPS.
* `--tls-cert`: String flag specifying the path to the PEM-encoded
certificate file.
* `--tls-key`: String flag specifying the path to the PEM-encoded
private key file.
**Use Case: How the Server Obtains .pem Files**
In a typical deployment, the server does not generate these files
itself; it expects them to be provided by the environment.
1. Local Development: Users can use tools like mkcert to generate a
locally-trusted cert.pem and key.pem.
2. Production (Manual): Users obtain certificates from a Certificate
Authority (CA) like Let's Encrypt via Certbot. Certbot handles the
domain validation and saves the .pem files to a specific directory
(e.g., /etc/letsencrypt/live/).
3. Execution: The user starts the Toolbox and points it to those
specific paths:
```
./toolbox --tls --tls-cert=cert.pem --tls-key=key.pem
```
4. Loading: The server uses tls.LoadX509KeyPair to read these files from
the disk and injects them into the listener before the HTTP server
starts processing requests.
🛠️ Related #3113
Copy file name to clipboardExpand all lines: docs/en/documentation/deploy-to/_index.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,5 +15,11 @@ Choose your preferred deployment platform below to get started:
15
15
***[Kubernetes](./kubernetes/)**: Deploy the Toolbox as a microservice using GKE.
16
16
17
17
{{< notice tip >}}
18
-
**Production Security:** When moving to production, never hardcode passwords or API keys directly into your `tools.yaml`. Always use environment variable substitution and inject those values securely through your deployment platform's secret manager.
18
+
**Production Security:** When moving to production, never hardcode passwords or
19
+
API keys directly into your `tools.yaml`. Always use environment variable
20
+
substitution and inject those values securely through your deployment platform's
21
+
secret manager.
22
+
23
+
To enable HTTPS, you must provide a valid pair of `--tls-cert` and `--tls-key`
24
+
files; specifying only one will cause the server to fail at startup.
||`--logging-format`| Specify logging format to use. Allowed: 'standard' or 'JSON'. |`standard`|
18
-
||`--mcp-prm-file`| Path to a manual Protected Resource Metadata (PRM) JSON file. If provided, overrides auto-generation for MCP Server-Wide Authentication. ||
19
-
|`-p`|`--port`| Port the server will listen on. |`5000`|
20
-
||`--prebuilt`| Use one or more prebuilt tool configuration by source type. See [Prebuilt Tools Reference](../documentation/configuration/prebuilt-configs/_index.md) for allowed values. ||
21
-
||`--stdio`| Listens via MCP STDIO instead of acting as a remote HTTP server. ||
22
-
||`--telemetry-gcp`| Enable exporting directly to Google Cloud Monitoring. ||
23
-
||`--telemetry-otlp`| Enable exporting using OpenTelemetry Protocol (OTLP) to the specified endpoint (e.g. 'http://127.0.0.1:4318')||
24
-
||`--telemetry-service-name`| Sets the value of the service.name resource attribute for telemetry data. |`toolbox`|
25
-
||`--config`| File path specifying the tool configuration. Cannot be used with --configs or --config-folder. ||
26
-
||`--configs`| Multiple file paths specifying tool configurations. Files will be merged. Cannot be used with --config or --config-folder. ||
27
-
||`--config-folder`| Directory path containing YAML tool configuration files. All .yaml and .yml files in the directory will be loaded and merged. Cannot be used with --config or --configs. ||
28
-
||`--ui`| Launches the Toolbox UI web server. ||
29
-
||`--allowed-origins`| Specifies a list of origins permitted to access this server for CORs access. |`*`|
30
-
||`--allowed-hosts`| Specifies a list of hosts permitted to access this server to prevent DNS rebinding attacks. |`*`|
31
-
||`--user-agent-metadata`| Appends additional metadata to the User-Agent. ||
32
-
||`--poll-interval`| Specifies the polling frequency (seconds) for configuration file updates. |`0`|
||`--logging-format`| Specify logging format to use. Allowed: 'standard' or 'JSON'. |`standard`|
18
+
||`--mcp-prm-file`| Path to a manual Protected Resource Metadata (PRM) JSON file. If provided, overrides auto-generation for MCP Server-Wide Authentication. ||
19
+
|`-p`|`--port`| Port the server will listen on. |`5000`|
20
+
||`--tls-cert`| Path to the PEM-encoded TLS certificate file. ||
21
+
||`--tls-key`| Path to the PEM-encoded TLS private key file. ||
22
+
||`--prebuilt`| Use one or more prebuilt tool configuration by source type. See [Prebuilt Tools Reference](../documentation/configuration/prebuilt-configs/_index.md) for allowed values. ||
23
+
||`--stdio`| Listens via MCP STDIO instead of acting as a remote HTTP server. ||
24
+
||`--telemetry-gcp`| Enable exporting directly to Google Cloud Monitoring. ||
25
+
||`--telemetry-otlp`| Enable exporting using OpenTelemetry Protocol (OTLP) to the specified endpoint (e.g. 'http://127.0.0.1:4318')||
26
+
||`--telemetry-service-name`| Sets the value of the service.name resource attribute for telemetry data. |`toolbox`|
27
+
||`--config`| File path specifying the tool configuration. Cannot be used with --configs or --config-folder. ||
28
+
||`--configs`| Multiple file paths specifying tool configurations. Files will be merged. Cannot be used with --config or --config-folder. ||
29
+
||`--config-folder`| Directory path containing YAML tool configuration files. All .yaml and .yml files in the directory will be loaded and merged. Cannot be used with --config or --configs. ||
30
+
||`--ui`| Launches the Toolbox UI web server. ||
31
+
||`--allowed-origins`| Specifies a list of origins permitted to access this server for CORs access. |`*`|
32
+
||`--allowed-hosts`| Specifies a list of hosts permitted to access this server to prevent DNS rebinding attacks. |`*`|
33
+
||`--user-agent-metadata`| Appends additional metadata to the User-Agent. ||
34
+
||`--poll-interval`| Specifies the polling frequency (seconds) for configuration file updates. |`0`|
35
+
|`-v`|`--version`| version for toolbox ||
34
36
35
37
## Sub Commands
36
38
@@ -82,6 +84,55 @@ For more detailed instructions, see [Generate Agent Skills](../documentation/con
82
84
83
85
## Examples
84
86
87
+
### Hardening Toolbox
88
+
89
+
Toolbox is designed for flexibility, but security should not be ignored—even in
90
+
local development. When exposing the server to a network or running it alongside
91
+
a web browser, use these configurations to protect your data and system.
92
+
93
+
#### Host Validation & DNS Rebinding Protection
94
+
The `--allowed-hosts` flag controls which Host headers the server accepts.
95
+
Restricting this is the primary defense against DNS Rebinding attacks.
96
+
97
+
* Flag: `--allowed-hosts`
98
+
* Local Development: Set to localhost or 127.0.0.1.
99
+
* Production: Set to your specific FQDN (e.g., toolbox.example.com).
100
+
* Example:
101
+
```
102
+
./toolbox --allowed-hosts="localhost,127.0.0.1"
103
+
```
104
+
105
+
106
+
{{< notice tip >}}
107
+
**The "Local" Fallacy:** Using `--allowed-hosts="*"` is unsafe even on localhost. A
108
+
malicious website can trick your browser into making requests to `127.0.0.1`,
109
+
effectively bypassing the browser's security to control your local Toolbox.
110
+
{{< /notice >}}
111
+
112
+
#### Cross-Origin Resource Sharing (CORS)
113
+
The `--allowed-origins` flag dictates which web applications (frontends) are
114
+
permitted to communicate with your Toolbox API.
115
+
116
+
* Flag: `--allowed-origins`
117
+
* Recommendation: Avoid `*` in any environment containing sensitive data. Explicitly list your trusted frontend URLs.
By default, traffic is unencrypted (HTTP). In production or shared networks, you must enable TLS to prevent Man-in-the-Middle (MitM) attacks and packet sniffing.
125
+
126
+
* Flag: `--tls-cert` and `--tls-key` (Both cert and key files are required for
127
+
TLS activation)
128
+
* Protocol: Toolbox enforces TLS 1.2 as a minimum version to ensure modern encryption standards.
129
+
* Use Case: Use Certbot for public domains or mkcert for locally-trusted development certificates.
0 commit comments