This message was deleted Rancher Users #harvester

Join Slack

This message was deleted.

# harvester

adamant-kite-43734

03/16/2024, 2:52 PM

This message was deleted.

red-queen-31013

03/16/2024, 2:55 PM

• Is possible to change password-based SSH auth after installation? • Is possible to deploy Havester to an internal dummy network and use some kind of OAUTH/IPALLOWLIST proxy for UI ? • Is possible to setup some kind of VPN for UI before installation?

red-queen-31013

03/16/2024, 3:06 PM

Did not You try some Crowdsec / fail2ban implementation for Nginx Ingress to at least drop brute force attempts ?

brainy-whale-97450

03/16/2024, 9:04 PM

This sounds like a network design problem to me. You should not be exposing anything to the internet unless necessary. Use a couple vlans, setup a management network with nat to internet, etc.

brainy-whale-97450

03/16/2024, 9:07 PM

I've seen plenty of people directly expose esxi and vcenter to the internet and all end up paying for it later. It's just not necessary or wise. Harvester, rancher, etc in my opinion should be treated the same.

3 Views

Open in Slack

Previous Next