Secure your network

Recommendations in securing your network to avoid back-doors and other vulnerabilities.

When securing your network it's important to have a good understanding of the infrastructure services you are using. In this section, we will describe very common infrastructure service providers and how to secure your application within those environments.

Kubernetes

If you have deployed your application on Kubernetes, make sure that there is no direct ingress to your application or microservices, also make sure that the services linked to your application services are of type: NodePort, and set toexternalTrafficPolicy: 'local'

Unless you are confident with what you are doing, you should only have one LoadBalancer that is directed to your Ingress and which should redirect every request to the Leza Proxy

Docker compose

If you using Docker Compose to deploy your application or services, ensure you create a private network for your applications, microservices and databases then share that network with the LeZa Proxy

Example:

// LeZa Proxy
proxy:
  ...
  networks:
    - my_network
    - public

// Your applications, services and databases
app:
  ...
  networks:
    - my_network
service:
  ...
  networks:
    - my_network
database:
  ...
  networks:
    - my_network
// Your networks
networks:
  public:
    ...
    internal: false
  my_network:
    ...
    internal: true

AWS

If you have deployed your application on AWS, make sure that the security groups linked to your application services and Load Balancers are configured to block any external access with the exception of your Load-balancer and the container that runs your LeZa Proxy.

Google Cloud

We're working on it 🖌️

Azure

We're working on it 🖌️

Digital Ocean

We're working on it 🖌️

Last updated