Octopus server security - public internet accessibility

Johannes Fourie's Avatar

Johannes Fourie

15 May, 2017 05:16 PM

Hi, my current setup is done in an isolated network where the octopus server and tentacles are all on the same network.

I would however like to expand this to some servers in Azure that don't have access to this local network. That means I may need to set up polling tentacles in Azure to connect to the Octopus server which then needs to be accessible over the internet.

Is this safe? What is the suggested way of doing this kind of configuration?

  1. Support Staff 1 Posted by Michael Richard... on 16 May, 2017 12:14 AM

    Michael Richardson's Avatar

    Hi Johannes,

    You certainly can do that safely, if configured correctly.

    However, if possible we would recommend creating your Azure Tentacles in Listening mode. Then, in Azure you need to configure security rules to open the port the Tentacle will listen on (10933 by default). You can lock this down to only allow access from the Octopus server.

    This way you don't need to open inbound communications to your internal Octopus server.

    Was there a reason you needed to use Polling Tentacles?

    Either way, we also support using a proxy for Tentacle communications, if that helps.

    Regards,
    Michael

  2. 2 Posted by Johannes Fourie on 16 May, 2017 03:09 PM

    Johannes Fourie's Avatar

    Main reason was not needing to set up inbound mapping rules for every Azure server.

    Listening is still the best and we may still go that direction.

    I guess the polling port is secure as the system is using certificates for security right?

    Can I configure a certificate on the octopus server so it can be accessed via https? For the polling setup I had to open ports to the server and the listening port to set up the tentacle, so just need to make sure both entries are secure before going ahead with polling from outside the network.

    Thanks

  3. 3 Posted by Johannes Fourie on 16 May, 2017 03:10 PM

    Johannes Fourie's Avatar

    Awesome thanks, this will surely help

  4. Support Staff 4 Posted by Michael Richard... on 17 May, 2017 05:10 AM

    Michael Richardson's Avatar

    Listening and polling are both equally as secure from an encryption perspective. The only difference is in the network configuration.

    If you are referring to exposing the Octopus Web Portal via HTTPS, then absolutely: https://octopus.com/docs/how-to/expose-the-octopus-web-portal-over-...

    Please don't hesitate to ask if you have any further questions.

  5. Paul Stovell closed this discussion on 22 Aug, 2017 02:58 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac