Is it safe to expose openstack horizon on the internet ?
If it isn't safe, why ? If it is safe, is there anything to do to secure the setup (like a fail2ban) ?
First time here? Check out the FAQ!
If it isn't safe, why ? If it is safe, is there anything to do to secure the setup (like a fail2ban) ?
I would recommend you to hide your complete OpenStack management network in a separate VLAN. And then setup a HaProxy as firewall and just forward the needed ports (with a ip whitelist if possible). Or just use a VPN server to access these services.
Horizon does not have protections against brute-force attacks or something like that. The same counts also for the Keystone API.
Agree. I wouldn't recommend leaving Horizon open to the Internet. Limiting ports & using an IP whitelist is a good idea as a min precaution. VPN is best. There are various free VPN solutions out there. SoftEther is a nice little VPN with lots of functionality. Untangle is a good free FW w/ VPN
Asked: 2016-10-11 02:20:45 -0500
Seen: 252 times
Last updated: Oct 11 '16