search

Islandora-Collaboration-Group / ISLE

Islandora Enterprise (ISLE) is a community project that addresses two of the most significant pain-points in Islandora: installation and maintenance.
https://Islandora-Collaboration-Group.github.io/ISLE/
GNU General Public License v3.0
32 stars 34 forks source link

Docker and iptables section #230

Open g7morris opened 6 years ago

g7morris commented 6 years ago

Hello all,

I'd like to request a section to be added for Docker and iptables

We should refer to this when setting up a new host or migrating a server.

https://docs.docker.com/network/iptables/

When setting up a firewall on the ISLE host server, there are several areas that we should highlight specifically how to make admins aware of when creating iptables rules, how Docker interacts with firewalls and how to limit access. That link above covers most if not all but I recently had an issue where Docker was manipulating firewall rules and allowing a container access to the world. This was previously not found to be a challenge.

Lastly, this is an ongoing source of debate with the Docker community as this Github bug / issue report is still as of yet unresolved. https://github.com/moby/moby/issues/22054

Thanks, Gavin

bookishgirl commented 6 years ago

This issue is going to apply regardless of which server environment you choose right? So would you add this section to 01_Installation_Host_server?

wpwentzell commented 5 years ago

This is a serious pain point for me, specifically, as I am struggling to understand how docker is overriding my firewall rules (ufw, Ubuntu 18.04). A documentation section on firewalls for production use is critical here.