For all potentially publicly exposed points of your CloudBlue Commerce installation, we recommend that you set up firewall rules to restrict traffic. Below is a table with recommendations.
Important: CloudBlue Commerce is not compatible with CloudFlare.
| Component | Allow traffic from |
|---|---|
| The PostgreSQL database server | All Kubernetes nodes |
| UI and Branding (for internal access, HTTP, port 8080) | Your company's network only |
| UI and Branding (for brand domains, HTTPS, port 443) |
The Internet Note: Depending on your requirements, you can use more restrictive rules. |
| The external ingress controller (for the APS REST API) | CloudBlue Connect, externally installed APS application connectors, and other third-party tools. |
| The internal ingress controller (for the monitoring and alerting solution UIs) |
Note: To learn more on how to restrict access to the monitoring and alerting solution UIs, see the Monitoring and Alerting Guide. |
Note: If your installation is integrated with third-party systems that are not covered here, you may need to set up additional firewall rules.