ssh -NL 8098:localhost:8098 your.vps.com
--Kyle
On 03/04/2012 09:55 PM, Tim Robinson wrote:
Yeah, I read your blog post when it first came out. I liked it.
I appreciate the warning, but practically speaking I'm really just not worried
about it. It's a test environment on an external VPS that no one knows the info
for. Demo to the company means show image/content-type load, JSON via browser
with proper indentation, and Riak Control. SSH isn't going to do that for me.
I'm using public data for the testing. I can blow the whole thing away any time.
Aside from warnings does anyone want to help with the question.
Thanks,
Tim
-----Original Message-----
From: "Aphyr"<ap...@aphyr.com>
Sent: Sunday, March 4, 2012 10:41pm
To: "Tim Robinson"<t...@blackstag.com>
Subject: Re: Questions on configuring public and private ips for riak on ubuntu
I can get SSH access over Riak's HTTP and protobufs interfaces in about
five seconds, and can root a box shortly after that, depending on
kernel. Please don't do it. Just don't.
http://aphyr.com/posts/224-do-not-expose-riak-to-the-internet
http://aphyr.com/posts/218-systems-security-a-primer
--Kyle
On 03/04/2012 09:38 PM, Tim Robinson wrote:
Right now I am just loading data for test purposes. It's nice to be able to do
some benchmarks against the private network (which is @1Gbit/s)... while being
able to poke a hole in the firewall when I want to do a test/demo.
Tim
-----Original Message-----
From: "Alexander Sicular"<sicul...@gmail.com>
Sent: Sunday, March 4, 2012 9:15pm
To: "Tim Robinson"<t...@blackstag.com>
Cc: "riak-users@lists.basho.com"<riak-users@lists.basho.com>
Subject: Re: Questions on configuring public and private ips for riak on ubuntu
this is a "Very Bad" idea. do not expose your riak instance over a public ip
address. riak has no internal security mechanism to keep people from doing very bad
things to your data, configuration, etc.
-Alexander Sicular
@siculars
On Mar 5, 2012, at 12:43 AM, Tim Robinson wrote:
Hello all,
I have a few questions on networking configs for riak.
I have both a public ip and a private ip for each riak node. I want Riak to
communicate over the private ip addresses to take advantage of free bandwidth,
but I would also like the option to interface with riak using the public ip's
if need be (i.e. for testing / demo's etc).
I'm gathering that the way people to this is by setting up app.config to use ip
"0.0.0.0" to listen for all ip's. I'm also gathering vm.args needs to have a
unique name in the cluster so I would need to use the hostname for the -name option (i.e.
r...@www.fake-node-domain-name-1.com).
My hosts file would contain:
127.0.0.1 localhost.localdomain localhost
x.x.x.x www.fake-node-domain-name-1.com mynode-1
....
where x.x.x.x is the public ip not the private.
This is where I start to get lost.
As it sits, if I attempt to join using the private ip's i will get the
unreachable error - yet I can telnet connect to/from the equivalent nodes.
So I could add a second IP to the hosts file, but since I need to keep the
public one as well, how is that riak is going to use the private ips for gissip
ring, hinted hand-off, ... etc etc.
There's obviously some networking basics I am missing.
Any guidance from those of you who have done this?
Thanks.
Tim
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Tim Robinson
Tim Robinson
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Tim Robinson
Tim Robinson
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
