jonasbardino
commented
1 month ago We have the firewall and fail2ban plays in our local ansible deployment of docker-migrid on the first such production and test sites. Please ask for the details if you want to help integrate or just use them somewhere else.
In native migrid deployments we rely on certain firewall rules for port forwarding, protecting against service overload and limiting e.g. password cracking attempts. In the docker-migrid setup one needs to handle most such configuration on the host running the containers. Yet, there are some log files and configuration files generated in the actual build/deployment in play. We need to at least document which components are in play and how a minimal such firewall and fail2ban setup can help fortify the site against abuse.
Added to milestone 1 because that is our own migration target, but in practice it really fits any production deployment.