...
which are in the group_vars/vault file.
Security Group | Description | Ports | Details | Admin |
|---|---|---|---|---|
| worldwide ssh access | Aspace prod and staging, port 22 |
Allows SSH access by developers to the ArchivesSpace server. | ||
| Public web access | Aspace prod and staging, ports 80 and 443 |
Allows public web access to the production and staging ArchivesSpace servers. | |||
| short term production firewall rules | Aspace prod, port 8983 | Used |
to allow developers and export code to access the ASpace API. | ||
| short term staging firewall rules | Aspace staging, port 8983 |
Used for short-term access to the SOLR configuration on ArchivesSpace production from developers' IP addresses.
...
Security Group
Description
Ports
Details
Admin
CHF-Access-Web
CHF internal web access
80, 443
Allows a list of employees to connect to 80 and 443. This is not being applied to any machines; both staging and production ASpace already allow access to those two ports via Public-Access-Web.
internal-networking-production
Access between production machines
8080, 8983, 6379, 5432, 19999
All Samvera machines needed to be members of this group to communicate with each other.
Port 8080 is Fedora, 8983 is Solr, 6379 is Redis, 5432 is Postgres, 19999 is netdata for monitoring.
internal-networking-staging
Access between staging machines
8080, 8983, 6379, 5432, 19999
All Samvera machines needed to be members of this group to communicate with each other.
Port 8080 is Fedora, 8983 is Solr, 6379 is Redis, 5432 is Postgres, 19999 is netdata for monitoring.
See Temp-Production. |
In addition there is a default security group that appears unused, but cannot be deleted.
When a machine has multiple security groups, as long as any one of the groups allows access the connection will work through the firewall. Anything not covered will be rejected however.
...