-
Notifications
You must be signed in to change notification settings - Fork 3
Security:Recommendations
Gabriel Vîjială edited this page Sep 27, 2024
·
2 revisions
- set up encrypted storage
- firewall off all incoming connections except for destination ports HTTP (80), HTTPS (443), SSH (default 22).
- firewall off the Nomad network interface from all external connections.
Port forwarding is achieved through the cluster container using the forward_ports configuration value. On some distributions this does not work, set this value to blank:
# DISABLE PORT FORWARDING CONFIG (empty value)
forward_ports =
... and manually configure iptables/ufw:
export ZZZ=....
+ iptables -t nat -A PREROUTING -d $ZZZ -p tcp --dport 80 -j DNAT --to-destination 10.66.60.1:80
+ iptables -t nat -A PREROUTING -d $ZZZ -p udp --dport 80 -j DNAT --to-destination 10.66.60.1:80
+ iptables -t nat -A PREROUTING -d $ZZZ -p tcp --dport 443 -j DNAT --to-destination 10.66.60.1:443
+ iptables -t nat -A PREROUTING -d $ZZZ -p udp --dport 443 -j DNAT --to-destination 10.66.60.1:443
...
- Enable HTTPS and ensure the certificates are valid
Follow the Maintenance page on keeping the system up to date and run the latest security patches. Please so subscribe to https://github.com/liquidinvestigations/node and https://github.com/liquidinvestigations/cluster releases to be notified when there's one.
Please report all security-related bugs at rcij@riseup.net (pgp: 0x8234F8D4A624D9F4).
Report incomplete documentation by opening a new Issue in this repository.