evergreen-admin:security:firewall
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
evergreen-admin:security:firewall [2007/10/03 20:53] – miker | evergreen-admin:security:firewall [2022/02/10 13:34] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | [[user-comments: | ||
+ | |||
+ | |||
+ | ====== Security Considerations: | ||
+ | |||
+ | In general, we recommend reading more about networking from starting points like [[http:// | ||
+ | |||
+ | ===== Incoming ports ===== | ||
+ | |||
+ | Generally, there are about 4 zones you should have for your Evergreen system. | ||
+ | - Localhost (stuff on the server, accessed only by the server) | ||
+ | - Jabber server: This is the base messaging system of the OpenSRF network. If you are using the recommended Jabber server (eJabberd), access requires an authenticated username / password combination and is considered secure. The built-in Jabber server, "chop chop", performs no authentication, | ||
+ | - **Single-server scenario**: For a single-server system which runs Jabber, PostgreSQL database, Apache web server, and the memcached server, there is no need for the Jabber server to listen to any services outside of '' | ||
+ | - **Multi-server scenario**: For a multi-server system which runs Jabber and the OpenSRF Router on one of several servers, only the Apache web server and any OpenSRF application servers requires access to the Jabber server. | ||
+ | - Evergreen System Administrators (people who administer the bowels of the evergreen system) | ||
+ | -The big consideration here is the HTTP directory of the web server. | ||
+ | - General Public (people who use the PAC) | ||
+ | - The general public will need access to the web server (port 80) for the OPAC. | ||
+ | - 443: SSL in the OPAC | ||
+ | - Library Staff (People who use the staff client) | ||
+ | - The staff client uses the same ports as the public interface, so ports 80 and 443 will need to be opened. | ||
+ | |||
+ | ===== Outgoing ports ===== | ||
+ | |||
+ | Note that these are ports on external servers to which your Evergreen server(s) might need to connect. As a reminder of [[http:// | ||
+ | |||
+ | - 25: SMTP-For E-mail notifications | ||
+ | - 80: Web traffic (Syndicated content, Book Jackets, etc) | ||
+ | - 210: Z3950 (OCLC, LC, etc). Note that while 210 is commonly used by Z39.50 servers, it's not the only one in use; for example, the LC Z39.50 server uses port 7090. | ||
+ | |||
+ | Again: this list is just a start, and by all means incomplete. |
evergreen-admin/security/firewall.txt · Last modified: 2022/02/10 13:34 by 127.0.0.1