From 11e2a97b66af4e7b1cc11722e7e4d81018f95697 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Nowak?= <luke@nexedi.com> Date: Thu, 12 Jan 2023 17:10:23 +0100 Subject: [PATCH] rapid-cdn: Explain issues with low port methods --- software/rapid-cdn/README.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/software/rapid-cdn/README.rst b/software/rapid-cdn/README.rst index 14ba0f69b..db776423c 100644 --- a/software/rapid-cdn/README.rst +++ b/software/rapid-cdn/README.rst @@ -347,6 +347,12 @@ Additionally in order to access the server by itself such entries are needed in ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to ${listening_ipv6}:4443 ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to ${listening_ipv6}:8080 +**Note regarding ports**: + + * the port seen by application in case of IPv4 will be "correct" - the ``443`` or ``80`` + * the port seen by application in case of IPv6 will be "incorrect" - the ``4443`` or ``8080`` + + Solution 2 (network capability) ------------------------------- @@ -359,6 +365,10 @@ Then specify in the master instance parameters: * set ``port`` to ``443`` * set ``plain_http_port`` to ``80`` +**Note regarding securitry**: + + * such configuration results with all partitions being able to bind to low ports using this binary + Authentication to the backend ============================= -- 2.30.9