Configure to prevent access from outside of localhost?

jaishima · June 7, 2024, 2:49pm

Is it possible to configure CryoSPARC so that all of its ports cannot be accessed from outside of localhost? We have a reverse proxy configured which enables secure access, but also need to have ports 39000-39009 secured from access (besides localhost).

I have noticed that the supervisord.conf file has configurations for several ports that use gunicorn to bind to 0.0.0.0 - we should be able to change those to 127.0.0.1. However, all of the other ports do not have configuration to prevent such access.

Thanks,

Jun Aishima

wtempel · June 7, 2024, 3:05pm

@jaishima Some of the ports in the 39000-39009 would need to be accessed by CryoSPARC worker computers, in case the CryoSPARC instance has any. Is you CryoSPARC instance of the Single Workstation type (master/worker combined on same host, no additional workers)?

jaishima · June 7, 2024, 3:16pm

Yes, we will be using CryoSPARC in that Single Workstation for now, so do not expect to have any of the ports visible to the outside world.

wtempel · June 12, 2024, 7:24pm

For security-related port restrictions, you may want to configure the firewall on your OS.