Firewall Recommendations
For all potentially publicly exposed points of your CloudBlue Commerce installation, we recommend that you set up firewall rules to restrict traffic. Below is a table with recommendations.
Important:
is not compatible with CloudFlare.Component | Allow traffic from |
---|---|
The PostgreSQL database server | All Kubernetes nodes |
UI and Branding (for internal access, HTTP, port 8080) | Your company's network only |
UI and Branding (for brand domains, HTTPS, port 443) |
The Internet Note: Depending on your requirements, you can use more restrictive rules. |
The external ingress controller (for the APS REST API) | CloudBlue Connect, externally installed APS application connectors, and other third-party tools. |
The internal ingress controller (for the monitoring and alerting solution UIs) |
Note: To learn more on how to restrict access to the monitoring and alerting solution UIs, see the Monitoring and Alerting Guide. |
Note: If your installation is integrated with third-party systems that are not covered here, you may need to set up additional firewall rules.