Skip to main content

Access rights, Network environment and Firewall rules

  • Connection to the Internet via HTTPS or at least to public docker registry https://hub.docker.com/ (firewall opened at hosts *.docker.io and *.docker.com via HTTPS protocol) is possible

  • Server must be able to connect to USU public docker registry devops.usu.group (firewall opened at hosts *.devops.usu.group via HTTPS protocol)

  • Server must be able to connect database server

  • Connection to USU products:

    • Portal server has to be able to connect to these systems via HTTPS, the corresponding port has to be opened. The connection to outside systems is done from docker containers and therefore the firewall for docker containers needs to be opened.

    • If there are self signed SSL certificates used at these systems, the public self signed certificate need to be imported into Java keystore and mounted to Java based docker containers into folder /opt/java/openjdk/lib/security/cacerts.

  • Firewall between docker containers on internal docker network needs to be opened. Containers need to be able to communicate with each other via various ports (HTTP, HTTPS, 8500…)

  • If there is reverse proxy in front of USU Portal (e.g. NGINX, Apache HTTP Server), it is needed to allow large requests in reverse proxy (e.g. for NGINX the parameter is named client_max_body_size).

In this section: