Task #7378
Updated by Nico Schottelius almost 5 years ago
h2. draft 1: "https only"
* Block everything incoming besides https
* Reasoning:
** containers by default insecure
** if https open -> it is likely intended
* container types (brainstorming)
** databases
** message broker
** workers (probably not even reachable)
** a lot of http only stuff
h2. draft 2: tls/ssl in a container
* get a name
* get a cert
* TBD
h2. draft 3: "NAT66 + firewall"
* Use the same approach as in IPv4 world
* We use a site local IPv6 addresses
* Do a NAT66 to the one IPv6 address of the host
* People can behave/have similar mechanisms as before