[FOLIO-756] Secure folio-registry Created: 02/Aug/17 Updated: 12/Nov/18 Resolved: 30/Oct/17 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | Continuous Integration |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | Adam Dickmeiss | Assignee: | John Malconian |
| Resolution: | Done | Votes: | 0 |
| Labels: | ci, sprint23, sprint24, sprint25 | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | 3 days | Time Spent: | 3 hours |
| Σ Original Estimate: | Not Specified | Original estimate: | Not Specified |
| Issue links: |
|
||||||||||||||||||||
| Sub-tasks: |
|
||||||||||||||||||||
| Sprint: | |||||||||||||||||||||
| Description |
|
With some access control |
| Comments |
| Comment by John Malconian [ 18/Sep/17 ] |
|
With Okapi 2.0 now available, secure okapi registry, folio-registry.aws.indexdata.com so that authorization is required to post module descriptors or any kind of write access to the instance. Update CI so that the proper credentials needed to post MDs are added. |
| Comment by Jakub Skoczen [ 26/Sep/17 ] |
|
Heikki is working on a script to act as an example for how to setup secure Okapi. In the meantime we are talking about simplifying this process, see
|
| Comment by Heikki Levanto [ 10/Oct/17 ] |
|
I don't have that script ready yet, but there is something not completely unlike it in mod-notes, called run.sh. It boots up an Okapi instance with one tenant, one user, the whole auth subsystem, and the necessary permissions. |
| Comment by John Malconian [ 30/Oct/17 ] |
|
folio-registry.aws.indexdata.com is now secured via a nginx reverse proxy configuration that allows all GET and HEAD requests but requires either IP or Basic Auth for any other request method. New URL is accessible at http://folio-registry.aws.indexdata.com (Port 80). |
| Comment by Heikki Levanto [ 01/Nov/17 ] |
|
Script committed to Okapi master, at https://github.com/folio-org/okapi/blob/master/doc/securing.md |