How do I disable ingress from the internet to Jelastic nodes?

Question

By default every resource created in Jelastic gets a dns entry and is accessible from the internet. For a lot of services such as databases I don't want this behavior. It seems quite insecure that this is the default behavior. I only want to access those things from my other services in my environment or through ssh. I can't find any documentation on this.

How do I disable the default dns mapping and ingress firewall rules from the internet to my Jelastic resources while still allowing access from inside of my environment?

Could you please clarify if you use some certified type of container or custom docker? Also, it would be useful to know Jelastic platform version you use. — Virtuozzo, Apr 26 '19 at 14:04
I'm using the default nginx load balancer, mongodb, and redis. My app servers are a custom docker image. I'm on massivegrid so I assume it is the latest version of Jelastic. The issue is that by default redis and mongodb appear to be exposed to the internet with insecure/short default passwords. I don't want/need to expose them to the internet but only to my app containers inside the environment. — imagio, Apr 30 '19 at 17:02

score 0 · Answer 1 · answered May 03 '19 at 14:39

Indeed, DNS entry is created for each instance which can be potentially accessible from the Internet (application server, DB admin panel, etc.).

Currently, you can't deny access from outside for ports 80 / 443 in case if you don't have Public IP for the particular node. This ability will be available in future release. As for other ports, different from 80 and 443 they are not available from the Internet by default (only via Endpoints).

Nevertheless, you can deny access to DBs DNS entries with help of variables (in your case - ADMIN_MONGO=enabled/disabled and REDIS_COMMANDER=enabled/disabled). Note, such approach requires node restart via User Dashboard.

Additional adjustment of ports accessibility between your nodes inside the cluster can be performed with help of UI Firewall.

What are the corresponding environment variables for a postgresql node? — Laurent Michel, May 16 '19 at 16:15
@LaurentMichel, currently, we are implementing variable ADMINPANEL_ENABLED for postgresql. Approximately, this variable will be available at next week. — Virtuozzo, May 17 '19 at 14:31

score 0 · Answer 2 · answered Jul 22 '20 at 20:03

0

We are glad to inform you that in the Jelastic PaaS 5.9 we have implemented a feature that covers your case. Restrict Node Access via Shared Load Balancer

Please, contact your hoster to find out about the upgrade plan to the latest version.

answered Jul 22 '20 at 20:03

Virtuozzo

1,993
1
10
13

How do I disable ingress from the internet to Jelastic nodes?

2 Answers2

Linked