[FOLIO-756] Secure folio-registry Created: 02/Aug/17  Updated: 12/Nov/18  Resolved: 30/Oct/17

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Task Priority: P2
Reporter: Adam Dickmeiss Assignee: John Malconian
Resolution: Done Votes: 0
Labels: ci, sprint23, sprint24, sprint25
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 3 days Time Spent: 3 hours
Σ Original Estimate: Not Specified Original estimate: Not Specified

Issue links:
Relates
relates to OKAPI-416 design metamodules Open
relates to FOLIO-708 set up a central Okapi instance for s... Closed
relates to FOLIO-906 Enable okapi internal module in most ... Closed
relates to OKAPI-451 allow pull to pass credentials Closed
Sub-tasks:
Key
Summary
Type
Status
Assignee
FOLIO-913 Script / doc to secure Okapi Sub-task Closed Heikki Levanto  
Sprint:

 Description   

With some access control



 Comments   
Comment by John Malconian [ 18/Sep/17 ]

With Okapi 2.0 now available, secure okapi registry, folio-registry.aws.indexdata.com so that authorization is required to post module descriptors or any kind of write access to the instance.

Update CI so that the proper credentials needed to post MDs are added.

Comment by Jakub Skoczen [ 26/Sep/17 ]

Heikki is working on a script to act as an example for how to setup secure Okapi. In the meantime we are talking about simplifying this process, see OKAPI-416 Open .

Comment by Heikki Levanto [ 10/Oct/17 ]

I don't have that script ready yet, but there is something not completely unlike it in mod-notes, called run.sh. It boots up an Okapi instance with one tenant, one user, the whole auth subsystem, and the necessary permissions.

Comment by John Malconian [ 30/Oct/17 ]

folio-registry.aws.indexdata.com is now secured via a nginx reverse proxy configuration that allows all GET and HEAD requests but requires either IP or Basic Auth for any other request method. New URL is accessible at http://folio-registry.aws.indexdata.com (Port 80).

Comment by Heikki Levanto [ 01/Nov/17 ]

Script committed to Okapi master, at https://github.com/folio-org/okapi/blob/master/doc/securing.md

Generated at Thu Feb 08 23:08:06 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.