diff --git a/doc/install.md b/doc/install.md index 9cda041e7a68a3c5fcdd63936b5a22b8cf908d93..143be0c176a652403697aebc3fec97f9bb3822a9 100644 --- a/doc/install.md +++ b/doc/install.md @@ -28,8 +28,9 @@ To test the development version you can clone the repository instead of download You can use configuration script named "configure.sh", located in the root folder, in order to use the Configuration Wizzard and more easily enter preferred values for a number of options. This script will help you in following: * Create whitelist for use with haproxy, in order to enable access to various tools from certain IP addresses. * By default, following services are accessible only from internal docker network (172.22.0.0/16): -** HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them. - + * HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them. + * ODFE - Direct access to ODFE Elasticsearch containers. Generally, you would need to access them only for debugging purposes. +* By default, all SOCTools are accessible from the whole Internet. Since we are using certificates for all tools, except for Keycloak and User Management UI, you may want to restrict access to the last two. Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template. * `cat access.ips > roles/haproxy/files/stats_whitelist.lst`