How System Manager will work without PORT 80 to Open

0

Problem Statement: We are using System Manager Service for patching our servers, but we are facing one challenge , The process of upgrading the servers are same like updating and patching server via downloading packages from UBUNTU repo over https .i.e. on PORT 80, but we can't open the port 80 as a security compliance on our servers.

Pls help and guide us, then how SMS will upgrade the servers and patch them. if PORT 80 is closed then "defaultbasepatchline" fails over the servers.

Thanks.

preguntada hace 2 años271 visualizaciones
1 Respuesta
0

I'm guessing you mean port 80 outbound, so the host can connect to the repo and and download the packages? (Also do you mean port 443, since you mention HTTPS?) If allowing outbound traffic from your hosts to the internet isn't acceptable for your security compliance, you might be able to work around this by setting up a web proxy host in your VPC (e.g. running Squid). You can configure rules on the host to only allow clients to connect to trusted URLs, such as Ubuntu's repos, and then configure the clients to connect via that proxy.

You don't need port 80 open inbound (or any ports open inbound) for any component of SSM to operate, assuming that your firewall is stateful and allows return packets for connections which are created outbound.

profile pictureAWS
EXPERTO
James_S
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas