New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Thoughts about the scale out?
I have some services, such as elasticsearch and redis to run and they clearly won't fit into a single VM. As most providers won't support the virtual network, the service endpoints have to be exposed to the internet to serve others.
The high availability is not a concern here, I just want to harden the service endpoint to disallow malicious usage.
I could think of the following approaches:
- password if the service supports it
- iptable for IP whitelist
- vpn? Should vpn be a point-to-point network?
- tinc to create a mesh network?
I wonder has anybody has in this situation, and what is your preferred solution?
Comments
I'm a fan of tinc for this kind of thing. The only other advice I would have is to make sure that you have the services only listen on the tinc interface.
+1 for tinc