[Ach] Recommendation for PuppetDB / JDK

Tim tim at bastelfreak.de
Tue Jan 20 21:26:59 CET 2015



On 20.01.2015 20:34, Akendo wrote:
> You should not have this services (puppet master/ puppetdb ) expose
> directly. use a webservice like nginx/apache to proxy this.

Ah stupid me, I've got an nginx running for the puppet master, but never
thought about the puppetdb. Of course the nginx can work as a proxy for
that too. thanks!

> There you
> can harden the SSL/TLS option.
> 
> best regards
> Akendo
> 
> On 11/21/2014 02:47 PM, Aaron Zauner wrote:
>> Hi Tim
>>
>> Tim wrote:
>>> Hey guys,
>>>
>>> first of all, thanks for your greate guide!
>>>
>>> I'm running PuppetDB which is a software running in a JVM. It supports
>>> SSL crypted connections
>>> (https://docs.puppetlabs.com/puppetdb/latest/configure.html#cipher-suites)
>>> and uses the JDK crypto provider
>>> (https://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
>>> ). Can anybody of you recommend secure settings for PuppetDB/JDK in general?
>>
>> Is there anything that the recommendations in our paper do not reflect
>> w.r.t. PuppetDB? I use it myself, it's pretty much just setting the
>> proper JVM ciphersettings. If you use Java7-8 there should not be much
>> of an issue.
>>
>> Aaron
>>
>>
>>
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>>
> 
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
> 



More information about the Ach mailing list