-
McConahy, Renee Margaret authoredThis creates a service that listens on (by default) port 80 and maps LOCKSS's many Web interfaces, each listening on a different port, to paths under a single base. For example: http://lockss.test/crawler -> http://lockss.test:24631 This is not ready for production. The remaining tasks are as follows: - Turn the front-end into a proper Docker image and service. (It should include a health check.) - Merge the lockss-config-frontend into the main lockss role. - Remove from the firewall rules access to the other administrative ports that are now accessed through this. - Document the front-end paths. Or, better yet, write a landing page that lists them all.McConahy, Renee Margaret authoredThis creates a service that listens on (by default) port 80 and maps LOCKSS's many Web interfaces, each listening on a different port, to paths under a single base. For example: http://lockss.test/crawler -> http://lockss.test:24631 This is not ready for production. The remaining tasks are as follows: - Turn the front-end into a proper Docker image and service. (It should include a health check.) - Merge the lockss-config-frontend into the main lockss role. - Remove from the firewall rules access to the other administrative ports that are now accessed through this. - Document the front-end paths. Or, better yet, write a landing page that lists them all.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
11-in-lockss-frontend.ferm.j2 167 B
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
domain (ip ip6) table filter chain INPUT
saddr $MGMT_NET proto tcp dport {{ lockss_frontend_port }} ACCEPT;