-
Notifications
You must be signed in to change notification settings - Fork 2
Secure nTask
To ensure the security of the nTask Manager, we recommend implementing the following measures:
- Use a legitimate TLS certificate to secure communication between the manager and the workers.
- Change the default port to a high port.
- Filter with
iptablesthe input to allow only the IPs of the workers. - Create an SSH tunnel to prevent the API port from being exposed on the internet.
Using SSH tunnels is a recommended method to enhance the security of the nTask Manager. By configuring SSH tunnels, the manager can send the port to each worker without exposing the API to the internet.
To connect a SSH server automatcally from nTask you need a private certificate with access to the server and to confiure a configSSHFile:
{
"ipPort": {
"<IP1>" : "22",
"<IP2>" : "22",
"<IP3>" : "22"
},
"username": "root",
"privateKeyPath": "~/.ssh/ssh_key",
"privateKeyPassword": ""
}-
ipPort: List of ip and port combination to connect to with SSH. -
username: User to access via SSH. -
privateKeyPath: Path to the SSH private key. -
privateKeyPassword: (Optional) Password for the private key.
Alternatively, you can establish an SSH tunnel manually by following these steps:
ssh -L local_port:remote_server:remote_port -R remote_port:localhost:local_port user@remote_serverReplace local_port with the port number on the manager machine, remote_server with the IP address or hostname of the worker machine, remote_port with the port number on the worker machine, and user with the SSH user.
This command establishes a tunnel between the manager and the worker, allowing secure communication without exposing the API to the internet.