Riak cluster protected by firewall

DeadZen deadzen at deadzen.com
Sun Sep 18 04:00:16 EDT 2016


Looks right, jmx not imx ;),
and yes provided the erlang kernel options are given to limit dist
comm range to 6000-7999

you can check this from the node (to make sure) with:
> [ application:get_env(kernel, X) || X <- [inet_dist_listen_min,inet_dist_listen_max] ].
[{ok,6000},{ok,7999}]

On Sun, Sep 18, 2016 at 2:42 AM, Alex De la rosa
<alex.rosa.box at gmail.com> wrote:
> So mainly the ports are:
>
> epmd listener: TCP:4369
> handoff_port listener: TCP:8099
> http: TCP:8098
> protocol buffers: TCP: 8087
> solr: TCP:8093
> solr imx: TCP:8985
> erlang range: TCP:6000~7999 (if configured in riak's configuration)
>
> Is that alright? am I missing any? or is there any of them that is not
> needed to add in the firewall?
>
> Thanks,
> Alex
>
> On Sun, Sep 18, 2016 at 5:57 AM, John Daily <jdaily at basho.com> wrote:
>>
>> You should find most of what you need here:
>> http://docs.basho.com/riak/kv/2.1.4/using/security/
>>
>> Sent from my iPhone
>>
>> On Sep 17, 2016, at 1:26 PM, Alex De la rosa <alex.rosa.box at gmail.com>
>> wrote:
>>
>> Hi all,
>>
>> I have a cluster of 5 nodes connected to each other and now I want to use
>> UFW to deny any  external incoming traffic into them but i will allow each
>> node to access between themselves. Which ports should i open
>> (pb_port,http_port,solr,...)? I connect via pbc but i may need more ports
>> open i guess.
>>
>> A configurations like this (assuming is node_1):
>>
>> ufw default deny incoming
>> ufw default allow outgoing
>> ufw allow 22 --> SSH (private keys)
>> ufw allow from <load_balancer> to any port 443 --> HTTPS (API that talks
>> with Riak locally via Python client)
>>
>> ufw allow from <node_2> to any port <port_numbers>
>> ufw allow from <node_3> to any port <port_numbers>
>> ufw allow from <node_4> to any port <port_numbers>
>> ufw allow from <node_5> to any port <port_numbers>
>>
>> Thanks!
>> Alex
>>
>> _______________________________________________
>> riak-users mailing list
>> riak-users at lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>




More information about the riak-users mailing list