Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review production security settings #337

Open
mitchellchou opened this issue Jul 27, 2022 · 3 comments
Open

Review production security settings #337

mitchellchou opened this issue Jul 27, 2022 · 3 comments
Labels
[zube]: Inbox

Comments

@mitchellchou
Copy link

No description provided.

@rickmak
Copy link
Member

rickmak commented Jul 27, 2022

I think we just open port 22, 80, 443 and 6443.

6443 Is the most complex and attack prone as it host the complex software which keep evolving.

Port 22/80/443 should be safe with regular updates, as they are bind to a mature software.

@mitchellchou
Copy link
Author

blocked as we are using pandawork for production right now

@rickmak
Copy link
Member

rickmak commented Aug 9, 2022

Since the DB is public facing and not in VPS, we will have postgres port 5432 open only to the IP of the app server and the /etc/postgresql/14/main/pg_hba.conf as specific as possible for only user and database going to connect via network. SSL will need to be enable or using cheap VPN via software like autossh.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
[zube]: Inbox
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rickmak @mitchellchou