eosswedenorg/thalos-docs
1
0
Fork 0
mirror of https://github.com/eosswedenorg/thalos-docs synced 2026-06-18 04:50:03 +02:00
Code Releases Activity

Merge branch 'next'

Browse source
This commit is contained in:
Henrik Hautakoski 2024-08-29 15:14:36 +02:00
commit 4f73831d3d
7 changed files with 109 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

5
docs/redis/security/acl.md
View file

@ -12,7 +12,8 @@ The special account called `default` serves as the default account for unauthori
configured with a password. Connections can authenticate against this account without specifying a username.
Thalos utilizes this account as the default user account.
Additionally, it is advisable to restrict the Thalos server account as an added precaution against any unauthorized actions it may inadvertently perform, although such occurrences are highly unlikely.
Additionally, it is advisable to restrict the Thalos server account as an added precaution against any
unauthorized actions it may inadvertently perform, although such occurrences are highly unlikely.
The ACL in thalos is simple and uses 2 accounts:
@ -112,4 +113,4 @@ user thalos-client on >client_password resetchannels &ship::* +@connection +subs
## Useful links
* [Config File Example](https://redis.io/docs/management/config-file)
* [Official ACL Documentation](https://redis.io/docs/management/security/acl)
* [Official ACL Documentation](https://redis.io/docs/management/security/acl)

14
docs/redis/security/index.md
View file

@ -1,15 +1,15 @@
# Securing redis
This documentation primarily focuses on setups where Redis is exposed to the internet
or an internal network where there is not a complete control over the clients.
This documentation primarily focuses on setups where Redis is exposed to the internet or an internal
network where there is not complete control over the clients.
For example, you may want to grant access to your Thalos instance to a friend.
While trusting your friend is reasonable, it is essential to consider potential future scenarios where
trust may no longer exist or their server could be compromised.
If you intend to run Thalos for internal use only, such as having internal applications
that are relying on a blockchain stream, it is perfectly acceptable to skip these
steps if you have complete control over all involved servers and do not expose the instance over a public IP.
If you intend to run Thalos for internal use only, such as having internal applications that are relying on a blockchain stream,
it is perfectly acceptable to skip these steps if you have complete control over all involved
servers and do not expose the instance over a public IP.
## Isolating redis
@ -42,8 +42,8 @@ bind * -::* # like the default, all available interfaces
## Firewall
Make sure you setup your firewall rules correctly. only allowing the ip's you trust to access the redis port.
This is out of scope of this documentation. consult your operating system or router manuals.
Make sure you setup your firewall rules correctly. Only allowing the IP addresses you trust to access the Redis port.
This is out of scope of this documentation. Consult your operating system or router manuals.
## Useful links