Description of problem:
We need to restrict some services or daemons ports form the outside access to tendrl-server. Few services in web-admin-server are internal use only so for some security concern we don't want to open that for outside access.
Version-Release number of selected component (if applicable):
After enabling SSL for web-admin also we can access some services using http protocol from outside.
Those services are not necessary to access for outside users, this can be restricted for outside use.
Steps to Reproduce:
After enabling SSL all web-admin related services are accessible with http protocol.
Few services should not accessible for outside user for some security concern, after enabling SSL all request for the web-admin server should be encrypted. no need to open ports for the services which are only for internal use.
Looks like we already closed port 3000 for outside access, we need to restrict 10080 also
PR is under review: https://github.com/Tendrl/tendrl-ansible/pull/136
Do you mean that this BZ is about not opening port tcp 10080 on WA server no matter if ssl is enabled or not?
Yes, that is correct
Providing QA ack, assuming that the purpose of this BZ is described in comment 4, as validated by comment 5.
@Martin, We need
Port 10080 has been closed for outside access.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.