Firewall Recommendations

For all potentially publicly exposed points of your CloudBlue Commerce installation, we recommend that you set up firewall rules to restrict traffic. Below is a table with recommendations.

ImportantCloudBlue Commerce is not compatible with CloudFlare.

Component Allow traffic from
The PostgreSQL database server All Kubernetes nodes
UI and Branding (for internal access, HTTP, port 8080) Your company's network only
UI and Branding (for brand domains, HTTPS, port 443)

The Internet

Note: Depending on your requirements, you can use more restrictive rules.

The external ingress controller (for the APS REST API) CloudBlue Connect, externally installed APS application connectors, and other third-party tools.
The internal ingress controller (for the monitoring and alerting solution UIs)
  • If those UIs are placed internally, this firewall rule is optional.

  • If those UIs are placed externally, you must allow access only from your company's network.

Note: To learn more on how to restrict access to the monitoring and alerting solution UIs, see the Monitoring and Alerting Guide.

Note: If your installation is integrated with third-party systems that are not covered here, you may need to set up additional firewall rules.

CloudBlue, an Ingram Micro business, uses cookies to improve the usability of our site. By continuing to use this site and/or logging in you are accepting the use of these cookies. For more information, visit our Privacy Policy.