I have a new (trial) DSS install using the AWS AMI. Out of the box DSS is listening on all interfaces, not just localhost, although all requests to DSS should be routed through the NGINX as proxy.
How can I configure DSS to only listen on localhost?
It is not possible to configure this. You can setup security groups and/or iptables/firewalld rules to block access to internal ports. Please note however that this would prevent execution over Spark (including EMR) or Kubernetes, which need to connect-back to the DSS internal ports and more generally speaking to dynamically-open ports.
Thanks. That's unexpected. I've not met a package before where the listening can't be controlled.
It's simpler (and I think safer) to adjust this in the system config than in firewalls.
I've already firewalled it, but that's a second best solution, and adds complexity.