Re: Riak cluster protected by firewall
Looks right, jmx not imx ;), and yes provided the erlang kernel options are given to limit dist comm range to 6000-7999 you can check this from the node (to make sure) with: > [ application:get_env(kernel, X) || X <- > [inet_dist_listen_min,inet_dist_listen_max] ]. [{ok,6000},{ok,7999}] On Sun, Sep 18, 2016 at 2:42 AM, Alex De la rosawrote: > So mainly the ports are: > > epmd listener: TCP:4369 > handoff_port listener: TCP:8099 > http: TCP:8098 > protocol buffers: TCP: 8087 > solr: TCP:8093 > solr imx: TCP:8985 > erlang range: TCP:6000~7999 (if configured in riak's configuration) > > Is that alright? am I missing any? or is there any of them that is not > needed to add in the firewall? > > Thanks, > Alex > > On Sun, Sep 18, 2016 at 5:57 AM, John Daily wrote: >> >> You should find most of what you need here: >> http://docs.basho.com/riak/kv/2.1.4/using/security/ >> >> Sent from my iPhone >> >> On Sep 17, 2016, at 1:26 PM, Alex De la rosa >> wrote: >> >> Hi all, >> >> I have a cluster of 5 nodes connected to each other and now I want to use >> UFW to deny any external incoming traffic into them but i will allow each >> node to access between themselves. Which ports should i open >> (pb_port,http_port,solr,...)? I connect via pbc but i may need more ports >> open i guess. >> >> A configurations like this (assuming is node_1): >> >> ufw default deny incoming >> ufw default allow outgoing >> ufw allow 22 --> SSH (private keys) >> ufw allow from to any port 443 --> HTTPS (API that talks >> with Riak locally via Python client) >> >> ufw allow from to any port >> ufw allow from to any port >> ufw allow from to any port >> ufw allow from to any port >> >> Thanks! >> Alex >> >> ___ >> riak-users mailing list >> riak-users@lists.basho.com >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > > > ___ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Re: Riak cluster protected by firewall
So mainly the ports are: epmd listener: TCP:4369 handoff_port listener: TCP:8099 http: TCP:8098 protocol buffers: TCP: 8087 solr: TCP:8093 solr imx: TCP:8985 erlang range: TCP:6000~7999 (if configured in riak's configuration) Is that alright? am I missing any? or is there any of them that is not needed to add in the firewall? Thanks, Alex On Sun, Sep 18, 2016 at 5:57 AM, John Dailywrote: > You should find most of what you need here: http://docs.basho.com/ > riak/kv/2.1.4/using/security/ > > Sent from my iPhone > > On Sep 17, 2016, at 1:26 PM, Alex De la rosa > wrote: > > Hi all, > > I have a cluster of 5 nodes connected to each other and now I want to use > UFW to deny any external incoming traffic into them but i will allow each > node to access between themselves. Which ports should i open > (pb_port,http_port,solr,...)? I connect via pbc but i may need more ports > open i guess. > > A configurations like this (assuming is node_1): > > ufw default deny incoming > ufw default allow outgoing > ufw allow 22 --> SSH (private keys) > ufw allow from to any port 443 --> HTTPS (API that talks > with Riak locally via Python client) > > ufw allow from to any port > ufw allow from to any port > ufw allow from to any port > ufw allow from to any port > > Thanks! > Alex > > ___ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > > ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Re: Riak cluster protected by firewall
You should find most of what you need here: http://docs.basho.com/riak/kv/2.1.4/using/security/ Sent from my iPhone On Sep 17, 2016, at 1:26 PM, Alex De la rosawrote: Hi all, I have a cluster of 5 nodes connected to each other and now I want to use UFW to deny any external incoming traffic into them but i will allow each node to access between themselves. Which ports should i open (pb_port,http_port,solr,...)? I connect via pbc but i may need more ports open i guess. A configurations like this (assuming is node_1): ufw default deny incoming ufw default allow outgoing ufw allow 22 --> SSH (private keys) ufw allow from to any port 443 --> HTTPS (API that talks with Riak locally via Python client) ufw allow from to any port ufw allow from to any port ufw allow from to any port ufw allow from to any port Thanks! Alex ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Riak cluster protected by firewall
Hi all, I have a cluster of 5 nodes connected to each other and now I want to use UFW to deny any external incoming traffic into them but i will allow each node to access between themselves. Which ports should i open (pb_port,http_port,solr,...)? I connect via pbc but i may need more ports open i guess. A configurations like this (assuming is node_1): ufw default deny incoming ufw default allow outgoing ufw allow 22 --> SSH (private keys) ufw allow from to any port 443 --> HTTPS (API that talks with Riak locally via Python client) ufw allow from to any port ufw allow from to any port ufw allow from to any port ufw allow from to any port Thanks! Alex ___ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com