如何禁用从互联网到Jelastic节点的入口? [英] How do I disable ingress from the internet to Jelastic nodes?

问题描述

默认情况下，在Jelastic中创建的每个资源都会获得一个dns条目，并且可以从Internet进行访问.对于许多服务(例如数据库)，我不希望出现这种情况.这是默认行为，这似乎很不安全.我只想从我的环境中的其他服务或通过ssh访问这些东西.我找不到与此有关的任何文档.

By default every resource created in Jelastic gets a dns entry and is accessible from the internet. For a lot of services such as databases I don't want this behavior. It seems quite insecure that this is the default behavior. I only want to access those things from my other services in my environment or through ssh. I can't find any documentation on this.

如何禁用默认的dns映射和从Internet到我的Jelastic资源的入口防火墙规则，同时仍然允许从我的环境内部进行访问?

How do I disable the default dns mapping and ingress firewall rules from the internet to my Jelastic resources while still allowing access from inside of my environment?

推荐答案

实际上， DNS条目为每个实例创建，可以从Internet(应用程序服务器，数据库管理面板等)进行潜在访问.

Indeed, DNS entry is created for each instance which can be potentially accessible from the Internet (application server, DB admin panel, etc.).

当前，如果您没有端点).

Currently, you can't deny access from outside for ports 80 / 443 in case if you don't have Public IP for the particular node. This ability will be available in future release. As for other ports, different from 80 and 443 they are not available from the Internet by default (only via Endpoints).

不过，您可以在变量(位于您的情况-ADMIN_MONGO = 已启用/禁用和REDIS_COMMANDER = 已启用/禁用).请注意，这种方法需要通过用户仪表板重新启动.

Nevertheless, you can deny access to DBs DNS entries with help of variables (in your case - ADMIN_MONGO=enabled/disabled and REDIS_COMMANDER=enabled/disabled). Note, such approach requires node restart via User Dashboard.

可以在 UI防火墙的帮助下对群集内节点之间的端口可访问性进行其他调整. .

这篇关于如何禁用从互联网到Jelastic节点的入口?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！