let encrypt renewal
I've just setup SCIM cluster in google cloud, following the default instructions.
It doesn't seem safe to me, to allow scim site to be publicly available.
I'm just wondering what the best practice is here without over complicating it?
Can I lock down port 443, but allow port 80 to remain open for cert renewal?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
Comments
-
Hi @joemailey ,
Thank you for reaching us with the question. Apology for delayed response.
Could you please link us what instruction you're following? it seems outdated to us. Port 80 is used for setup only and everything else is operating through port 443, including Let's Encrypt cert renewal. Although your Scim dns is publicly available, its only accessible with bearer token. Unless that is compromised everything is safe.0
