Mark Bergsma has submitted this change and it was merged.
Change subject: Firewall GitBlit HTTP port 8080 from the outside world
......................................................................
Firewall GitBlit HTTP port 8080 from the outside world
Change-Id: Icd6698e6fd97a009d5814b434f16be0b18f39e38
---
M manifests/role/gitblit.pp
1 file changed, 7 insertions(+), 0 deletions(-)
Approvals:
Mark Bergsma: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index 93faf4b..40dfd50 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -10,4 +10,11 @@
ssl_cert => "git.wikimedia.org",
ssl_cert_key => "git.wikimedia.org"
}
+
+ # Firewall GitBlit, it should be accessed from localhost or Varnish
+ class { 'ferm': default_firewall => false }
+
+ ferm::rule { 'gitblit_8080':
+ rule => 'proto tcp dport 8080 { saddr (127.0.0.1 ::1 $INTERNAL)
ACCEPT; DROP; }'
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/78395
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Icd6698e6fd97a009d5814b434f16be0b18f39e38
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mark Bergsma <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
