Thoughts about the scale out?
I have some services, such as elasticsearch and redis to run and they clearly won't fit into a single VM. As most providers won't support the virtual network, the service endpoints have to be exposed to the internet to serve others.
The high availability is not a concern here, I just want to harden the service endpoint to disallow malicious usage.
I could think of the following approaches:
- password if the service supports it
- iptable for IP whitelist
- vpn? Should vpn be a point-to-point network?
- tinc to create a mesh network?
I wonder has anybody has in this situation, and what is your preferred solution?