docker quick review / questions
Closed this issue · 3 comments
randomorder commented
- On the server there are references to Let's Encrypt but it looks like HTTPS is not enabled. It should be enabled and documented
- NGINX is exposed on port 8081 instead of 80 (and 443) is there a specific reason?
- MapStore container port is mapped on the the host, why? Shouldn't is be reacheable through Nginx
- RabbitMQ ports are mapped on the host too. Why?
- Firewall is not enabled
- GeoStore (MapStore) is using the embedded H2 database instead of PostgreSQL (this is OK for now)
- Looks like PostgreSQL data directory is "volatile" (not mounted from the host or from a docker volume) is this expected?
petrus7 commented
- According to Lets encrypt i didnt set it up, i wasnt even aware it is there
Do you want me to use it and generate ssl cert for the server domain (i suppose we need domain for the server, ip is not enough) - nginx will be switched for 80
- all traffic will be send trough nginx, no more direct calls to frontend
- i didnt firewall config, do you want me do to that?
- switch H2 db to postgresl, ill need some guidlines how to do that
- make postgresql volume persistent, ill do that
tdipisa commented
- According to Lets encrypt i didnt set it up, i wasnt even aware it is there
Do you want me to use it and generate ssl cert for the server domain (i suppose we need domain for the server, ip is not enough)
we don't need it now
- nginx will be switched for 80
please proceed with this
- all traffic will be send trough nginx, no more direct calls to frontend
please proceed with this
- i didnt firewall config, do you want me do to that?
please proceed with this
- switch H2 db to postgresl, ill need some guidlines how to do that
we don't need it now
- make postgresql volume persistent, ill do that
we don't need it now
@petrus7 please provide an estimate
petrus7 commented
Firewall not done yet
here is example config which i want to test:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow ftp
sudo ufw route allow proto tcp from any to any port 80