Exposed Elasticsearch instance #2517
Comments
|
Hey @zecar 👋 Everything in our scaffold.yaml is exposed to the internet, including all services with REST APIs. As a host, you need to manage the firewall yourself. Regarding your concern, ElasticMQ is our SQS alternative for local development/self-hosting, and we use OpenSearch instead of Elasticsearch. You should protect OpenSearch by checking the scaffold.yaml file in our scripts and blocking all listed ports from internet access: https://github.com/CrowdDotDev/crowd.dev/blob/main/scripts/scaffold.yaml. We don't provide a firewall solution, and neither do other open-source projects. OpenSearch is based on Elasticsearch, using the same ports and clients, which might explain the detection confusion. If you run |
crowd.dev edition
Community (self hosted)
Version
No response
Link
No response
Describe the problem
We've got a warning from the Federal Office for Information Security that an instance of elasticsearch is running unprotected and is reachable via internet
I tried to search through the code and found "elasticmq". So I used iptables to block port 9324.
A few days later the server was taken down because the instance was still reachable
Can you provide some info about securing the self hosted version? Or at least some direction towards securing the elastic instance?
Describe the improvement
improved docs about self hosted version
Additional context
No response
The text was updated successfully, but these errors were encountered: