Secure your network
Recommendations in securing your network to avoid back-doors and other vulnerabilities.
When securing your network it's important to have a good understanding of the infrastructure services you are using. In this section, we will describe very common infrastructure service providers and how to secure your application within those environments.
If you have deployed your application on Kubernetes, make sure that there is no direct ingress to your application or microservices, also make sure that the services linked to your application services are of
type: NodePort, and set toexternalTrafficPolicy: 'local' Unless you are confident with what you are doing, you should only have one LoadBalancer that is directed to your Ingress and which should redirect every request to the Leza Proxy
If you using Docker Compose to deploy your application or services, ensure you create a private network for your applications, microservices and databases then share that network with the LeZa Proxy
Example:
// LeZa Proxy
proxy:
...
networks:
- my_network
- public
// Your applications, services and databases
app:
...
networks:
- my_network
service:
...
networks:
- my_network
database:
...
networks:
- my_network
// Your networks
networks:
public:
...
internal: false
my_network:
...
internal: true
If you have deployed your application on AWS, make sure that the security groups linked to your application services and Load Balancers are configured to block any external access with the exception of your Load-balancer and the container that runs your LeZa Proxy.
We're working on it
🖌
We're working on it
🖌
We're working on it
🖌
Last modified 1yr ago