Project

General

Profile

Actions

Task #7378

closed

Document / explore on how to sensibly run docker with a /64

Added by Nico Schottelius over 4 years ago. Updated 3 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
11/29/2019
Due date:
% Done:

0%

Estimated time:
PM Check date:

Description

draft 1: "https only"

  • Block everything incoming besides https
  • Reasoning:
    • containers by default insecure
    • if https open -> it is likely intended
  • container types (brainstorming)
    • databases
    • message broker
    • workers (probably not even reachable)
    • a lot of http only stuff

draft 2: tls/ssl in a container

  • get a name
  • get a cert
  • TBD

draft 3: "NAT66 + firewall"

  • Use the same approach as in IPv4 world
  • We use a site local IPv6 addresses
  • Do a NAT66 to the one IPv6 address of the host
  • People can behave/have similar mechanisms as before
Actions

Also available in: Atom PDF