Ask Your Question
0

Is it safe to expose openstack horizon on the internet ?

asked 2016-10-11 02:20:45 -0500

bahaika gravatar image

If it isn't safe, why ? If it is safe, is there anything to do to secure the setup (like a fail2ban) ?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
1

answered 2016-10-11 13:51:36 -0500

Alexander Birkner gravatar image

I would recommend you to hide your complete OpenStack management network in a separate VLAN. And then setup a HaProxy as firewall and just forward the needed ports (with a ip whitelist if possible). Or just use a VPN server to access these services.

Horizon does not have protections against brute-force attacks or something like that. The same counts also for the Keystone API.

edit flag offensive delete link more

Comments

Agree. I wouldn't recommend leaving Horizon open to the Internet. Limiting ports & using an IP whitelist is a good idea as a min precaution. VPN is best. There are various free VPN solutions out there. SoftEther is a nice little VPN with lots of functionality. Untangle is a good free FW w/ VPN

Rick Kundiger gravatar imageRick Kundiger ( 2016-10-11 16:41:50 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-10-11 02:20:45 -0500

Seen: 129 times

Last updated: Oct 11 '16

Related questions

I have a problem to login in newly installed dashboard

Disabling security groups in Horizon

How can I Pin a Particular Virtual Machine to Particular CPU Core

dashboard uncontactable

Which ports do I need to open to allow NoVNC console access in Horizon?

Customizing Dashboard

Horizon slow --> causes ?

"TypeError: list() got an unexpected keyword argument 'is_public'" when accessing flavor list in horizon

When logged in to openstack-dashboard got error "Unable to get service,usage info"

where is the "settings.py" file for horizon located?