Actions
Task #7378
closedDocument / explore on how to sensibly run docker with a /64
Status:
Closed
Priority:
Normal
Assignee:
-
Start date:
11/29/2019
Due date:
% Done:
0%
Estimated time:
PM Check date:
Description
draft 1: "https only"¶
- Block everything incoming besides https
- Reasoning:
- containers by default insecure
- if https open -> it is likely intended
- container types (brainstorming)
- databases
- message broker
- workers (probably not even reachable)
- a lot of http only stuff
draft 2: tls/ssl in a container¶
- get a name
- get a cert
- TBD
draft 3: "NAT66 + firewall"¶
- Use the same approach as in IPv4 world
- We use a site local IPv6 addresses
- Do a NAT66 to the one IPv6 address of the host
- People can behave/have similar mechanisms as before
Actions