[Ach] Recommendation for PuppetDB / JDK
tim at bastelfreak.de
Tue Jan 20 21:26:59 CET 2015
On 20.01.2015 20:34, Akendo wrote:
> You should not have this services (puppet master/ puppetdb ) expose
> directly. use a webservice like nginx/apache to proxy this.
Ah stupid me, I've got an nginx running for the puppet master, but never
thought about the puppetdb. Of course the nginx can work as a proxy for
that too. thanks!
> There you
> can harden the SSL/TLS option.
> best regards
> On 11/21/2014 02:47 PM, Aaron Zauner wrote:
>> Hi Tim
>> Tim wrote:
>>> Hey guys,
>>> first of all, thanks for your greate guide!
>>> I'm running PuppetDB which is a software running in a JVM. It supports
>>> SSL crypted connections
>>> and uses the JDK crypto provider
>>> ). Can anybody of you recommend secure settings for PuppetDB/JDK in general?
>> Is there anything that the recommendations in our paper do not reflect
>> w.r.t. PuppetDB? I use it myself, it's pretty much just setting the
>> proper JVM ciphersettings. If you use Java7-8 there should not be much
>> of an issue.
>> Ach mailing list
>> Ach at lists.cert.at
> Ach mailing list
> Ach at lists.cert.at
More information about the Ach