How do you secure the ports open to the public? for example your backend or front end running on swarm? each port is open on each node as the link to routing mesh says...
Are you connecting to ssh server within the nebula network? ssh service starts before the nebula service which probably will fail at some point.
You will end with a public IP where a couple of ports are open on each worker node, so far ssh, 80, 443, nebula, back end... any intrusion from here will have access to your nebula network and the whole set up could be hacked.
Apart of iptables rules, DDos filters etc, and a possible external load balancer... have you done any extra layer of security?
if you're referring to the IPs passed to the nebula-cert command they should have a /24 because you're implicitly also defining the range of the nebula network.
How do you secure the ports open to the public? for example your backend or front end running on swarm? each port is open on each node as the link to routing mesh says...
Are you connecting to ssh server within the nebula network? ssh service starts before the nebula service which probably will fail at some point.
You will end with a public IP where a couple of ports are open on each worker node, so far ssh, 80, 443, nebula, back end... any intrusion from here will have access to your nebula network and the whole set up could be hacked.
Apart of iptables rules, DDos filters etc, and a possible external load balancer... have you done any extra layer of security?
Will consider netmaker which has GUI? (wireguard base)
In the first Nebula setup code box, should the IP's have /32 instead of /24?
if you're referring to the IPs passed to the nebula-cert command they should have a /24 because you're implicitly also defining the range of the nebula network.