let encrypt renewal

joemailey
joemailey
Community Member

I've just setup SCIM cluster in google cloud, following the default instructions.
It doesn't seem safe to me, to allow scim site to be publicly available.

I'm just wondering what the best practice is here without over complicating it?

Can I lock down port 443, but allow port 80 to remain open for cert renewal?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • hemal.g_1p
    edited March 2023

    Hi @joemailey ,

    Thank you for reaching us with the question. Apology for delayed response.
    Could you please link us what instruction you're following? it seems outdated to us. Port 80 is used for setup only and everything else is operating through port 443, including Let's Encrypt cert renewal. Although your Scim dns is publicly available, its only accessible with bearer token. Unless that is compromised everything is safe.

This discussion has been closed.