Skip to content
Snippets Groups Projects
Commit b4d453d2 authored by Kiril KJiroski's avatar Kiril KJiroski
Browse files

Update install.md

parent 1d6b1d12
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 2 deletions
doc/install.md
+ 3
2
View file @ b4d453d2
...@@ -28,8 +28,9 @@ To test the development version you can clone the repository instead of download ...@@ -28,8 +28,9 @@ To test the development version you can clone the repository instead of download
You can use configuration script named "configure.sh", located in the root folder, in order to use the Configuration Wizzard and more easily enter preferred values for a number of options. This script will help you in following: You can use configuration script named "configure.sh", located in the root folder, in order to use the Configuration Wizzard and more easily enter preferred values for a number of options. This script will help you in following:
* Create whitelist for use with haproxy, in order to enable access to various tools from certain IP addresses. * Create whitelist for use with haproxy, in order to enable access to various tools from certain IP addresses.
* By default, following services are accessible only from internal docker network (172.22.0.0/16): * By default, following services are accessible only from internal docker network (172.22.0.0/16):
** HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them. * HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them.
* ODFE - Direct access to ODFE Elasticsearch containers. Generally, you would need to access them only for debugging purposes.
* By default, all SOCTools are accessible from the whole Internet. Since we are using certificates for all tools, except for Keycloak and User Management UI, you may want to restrict access to the last two.
Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template. Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template.
* `cat access.ips > roles/haproxy/files/stats_whitelist.lst` * `cat access.ips > roles/haproxy/files/stats_whitelist.lst`
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment