15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-26 02:32:50 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #402 from haiwen/opt_es_issues
Some checks failed
Deploy CI / deploy (push) Has been cancelled
Details 

opt: es issues
This commit is contained in:
Daniel Pan 2024-11-19 14:53:33 +08:00 committed by GitHub
parent 5a20078509 ae3e3a5586
commit 861a3555e5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
manual/deploy_pro/download_and_setup_seafile_professional_server.md
View File

@ -471,6 +471,14 @@ sudo docker run -d \
-d elasticsearch:7.16.2
```
**Note**: By default, Elasticsearch will only listen on `127.0.0.1`, but this rule may **become invalid** after Docker exposes the service port, ***which will make your Elasticsearch service vulnerable to attackers accessing and extracting sensitive data due to exposure to the external network***. We recommend that you manually configure the Docker firewall, such as
```sh
sudo iptables -A INPUT -p tcp -s <your seafile server ip> --dport 9200 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 9200 -j DROP
```
The above command will only allow the host where your Seafile service is located to connect to Elasticsearch, and other addresses will be blocked. If you deploy Elasticsearch based on binary packages, you need to refer to the [official document](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/important-settings.html#network.host) to set the address that Elasticsearch binds to.
### Modifying seafevents