Join us on Wednesday, June 3rd for a deep dive into Customer Predictive Analytics Learn more

security: have DSS listen on localhost interface only

Level 1
security: have DSS listen on localhost interface only

I have a new (trial) DSS install using the AWS AMI.  Out of the box DSS is listening on all interfaces, not just localhost, although all requests to DSS should be routed through the NGINX as proxy.

How can I configure DSS to only listen on localhost?

Thanks

David

0 Kudos
3 Replies
Dataiker
Dataiker

Hi,

It is not possible to configure this. You can setup security groups and/or iptables/firewalld rules to block access to internal ports. Please note however that this would prevent execution over Spark (including EMR) or Kubernetes, which need to connect-back to the DSS internal ports and more generally speaking to dynamically-open ports.

0 Kudos
Level 1
Author

Thanks.  That's unexpected.  I've not met a package before where the listening can't be controlled.

It's simpler (and I think safer) to adjust this in the system config than in firewalls.

I've already firewalled it, but that's a second best solution, and adds complexity.

0 Kudos
Level 2

I agree, it seems weird that this can't be done but also it's probably not a realistic use of Dataiku since users would always need to access it from outside.

0 Kudos
Labels (3)