In our previous post, we have learned how to secure Apache Nifi with Google's OAuth2. In that post we saw, how user can be authenticated via Google's OAuth client ID.
In this post, we will see how the outside user can be blocked permanently from accessing Apache Nifi's UI. Here outside user mean, the user who is access UI from different machine.
For this, we will use firewalld to block the port. This can be done from local/remote terminal. But to automate the whole process, we will use Ansible.
It is assumed that, you have installed Nifi. This post will not cover how to install and configure Apache Nifi using Ansible.
Here are the steps:
Steps:
1. Install firewall
1 2 3 4 | - name: Install firewalld
package:
name: "firewalld"
state: present
|
2. Enable Firewalld, you don't need to reboot the server.
5 6 7 8 9 | - name: enable firewalld service: name: firewalld state: started enabled: yes |
3. Now instruct Firewalld to block 8080 port permanently
10 11 12 13 | - name: do not permit traffic in default zone on port 8080/tcp shell: "firewall-cmd --remove-port={{port}}/tcp --permanent" args: executable: /bin/bash |
4. Now reload the Firewalld to reflect the changes
14 15 16 17 | - name: reload firewall shell: "firewall-cmd --reload" args: executable: /bin/bash |
Now run the Ansible playbook and verify if it working. Push a comment if you got any issue.
- That's all
No comments:
Post a Comment