...
Edit
/etc/firewalld/zones/public.xml
or (swarm-site.xml
whichever has the other port rules) and add a rule to allow port 8090 requests. The remainder of the instructions assume port 8090 is used. The result resembles:Code Block <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <port protocol="tcp" port="8009"/> <port protocol="tcp" port="8080"/> <port protocol="tcp" port="8081"/> <port protocol="udp" port="123"/> <port protocol="udp" port="514"/> <port protocol="tcp" port="514"/> <port protocol="tcp" port="8090"/> <masquerade/> </zone>
Reload the firewall rules:
Code Block firewall-cmd --reload
Create a directory to configure port90 files
Code Block mkdir -p /opt/datacore/swarm-port90-console/
Create a configuration file to disable HTTP/1.0, remove headers that might expose internal IP addresses, Access Control for port90 container (
opt/datacore/swarm-port90-console/disable_http1.0.conf
)Code Block <IfModule mod_rewrite.c> RewriteEngine On # Block HTTP/1.0 requests RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$ RewriteRule .* - [F,L] </IfModule> <IfModule mod_headers.c> # Remove any headers that might contain internal IP addresses Header unset X-Forwarded-For Header unset X-Real-IP Header unset X-Client-IP Header unset Via Header unset X-Forwarded-Host # Anonymize the internal IP address RequestHeader edit X-Forwarded-For "192\.168\.\d+\.\d+" "anonymized" </IfModule> # Set proxy settings in the main configuration or a VirtualHost # For instance, you can place this in your main httpd.conf or a VirtualHost config: ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Deny from all Allow from 192.168.1.0/24 Allow from 10.0.0.0/16 Allow from 127.0.0.1 </Proxy>
Download the container
scs-container-port90-console.tar.gz
here and transfer it to the SCS server. Load the container:Code Block podman load < scs-container-port90-console.tar.gz
Collect the IP address of any Swarm node and replace it in the following command. Install the container:
Code Block podman run -d --name swarm-port90-console --security-opt=seccomp=unconfined -p 8090:8090 -e SCSP_HOST=[Swarm node IP] -v /opt/datacore/swarm-port90-console/disable_http1.0.conf:/etc/httpd/conf.d/block_http1.0.conf:Z docker-repo.tx.caringo.com/caringo-syslog:stable
Now port 8090 on the SCS server can be used to access Swarm’s port90 console:
http://[SCS-IP]:8090
No further actions are required. However, the container does not run when the SCS server is restarted. Continue with the instructions below to configure the container to auto-start.
...