I want to set up a Riak Cluster for a Web project.
However, I want to secure this cluster so that only My Web Server(s) can access Riak Cluster. Basically, I will have one or more Web Servers and 4 Riak servers (in a cluster).
I want to use Shorewall or other firewall app to secure communications between the Web Server and the Riak Clusters so that no other servers can access the clusters but my own. Being the Riak is completely open on the server-side, this is essential before I take my servers into production.
I assume I will have to:
I can install Shorewall, but I'm not familiar with how to configure shorewall to do the above. I would appreciate some assistance.
Thanks in advance.
I’ve dabbled in Shorewall a bit, you will need to add rules in the Shorewall rules file to forward the relevant ports to the Riak servers behind the firewall. However, because it’s a cluster this is more easily said than done; as you are aware, you will need to manually lock down ports on each server on the cluster, open ports to enable web server access, and remember to do this again when servers are restarted or are added/removed from the cluster, if you add more instances of the web server, etc. There is a lot of room for human error, beyond the complexity of the configuration. I would suggest looking into something like an Ubuntu firewall management service, which can handle all the closing/opening of ports automatically with a central UI. These services typically work with the basic IPtables firewall that comes with Ubuntu, so you don’t need an additional solution like Shorewall. HTH