This repository has been archived by the owner on Aug 11, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 64
Docker Networking and Security
Sri Maurya Kummamuru edited this page Jan 20, 2021
·
7 revisions
| ❗ | Warning: This page is going to be retired and this documentation will be maintained at - https://github.com/OpenConceptLab/ocl-docs/blob/main/docs/source/oclapi/admin/dockernetworkingandsecurity.md |
|---|
This page shows what's done to block all inbound traffic except for http, https, ssh and icmp traffic. In other words, how access to mongo, solr etc is blocked from outside.
The major issue here is that docker overrides iptables rules and we need to do a workaround for that. What's below is just a workaround
- First we need to install
iptables-persistenton our servers
apt-get install iptables-persistent- Restart docker
service docker restart- Block access to container ports from outside world. The commands below make sure that they are inserted on top of the DOCKER chain
iptables -I DOCKER 1 -p tcp ! -s 172.18.0.0/16 --dport 6379 -j DROP
iptables -I DOCKER 1 -p tcp ! -s 172.18.0.0/16 --dport 8983 -j DROP
iptables -I DOCKER 1 -p tcp ! -s 172.18.0.0/16 --dport 8000 -j DROP
iptables -I DOCKER 1 -p tcp ! -s 172.18.0.0/16 --dport 5555 -j DROP
iptables -I DOCKER 1 -p tcp ! -s 172.18.0.0/16 --dport 27017 -j DROP- Finally save iptables
iptables-saveOverview
Resources
Import / Export
- CSV Import
- Bulk Import
- Org/Source Import
- Export API
- Subscriptions
- Subscription Client Testing Process
- OpenMRS to OCL Mapping
Troubleshooting & Operations
- Data integrity checks
- Maintaining OCLAPI's Docker containers
- Maintaining MongoDB and Solr
- How to check logs
- NewRelic monitoring setup
- Configuration changes to make tests and import job run faster
- Accessing Solr UI Remotely
- Data Backup and Restore
- SSL Configuration
- Flower
- Switching to Maintenance Mode on Production Server
- Docker networking and Security
Other