问题
By default every resource created in Jelastic gets a dns entry and is accessible from the internet. For a lot of services such as databases I don't want this behavior. It seems quite insecure that this is the default behavior. I only want to access those things from my other services in my environment or through ssh. I can't find any documentation on this.
How do I disable the default dns mapping and ingress firewall rules from the internet to my Jelastic resources while still allowing access from inside of my environment?
回答1:
Indeed, DNS entry is created for each instance which can be potentially accessible from the Internet (application server, DB admin panel, etc.).
Currently, you can't deny access from outside for ports 80 / 443 in case if you don't have Public IP for the particular node. This ability will be available in future release. As for other ports, different from 80 and 443 they are not available from the Internet by default (only via Endpoints).
Nevertheless, you can deny access to DBs DNS entries with help of variables (in your case - ADMIN_MONGO=enabled/disabled and REDIS_COMMANDER=enabled/disabled). Note, such approach requires node restart via User Dashboard.
Additional adjustment of ports accessibility between your nodes inside the cluster can be performed with help of UI Firewall.
来源:https://stackoverflow.com/questions/55857428/how-do-i-disable-ingress-from-the-internet-to-jelastic-nodes