Do HipChat clients connect directly to the NFS share or is the connection proxied thru the HipChat server? Trying to lock down the share via the /etc/exports file. Was originally thinking that only the HipChat server needed to access the share but after more closely reading the Atlassian documentation, appears that each client needs to connect directly.
Hi, Byron.
If you are referring to HipChat Data Center, the server will be the ones responsible for connecting to the NFS share rather than the clients directly. Can you share the documentation that you came across that mentions that the client needs to have this connectivity?
The reason why I am asking is because the documentation of the HipChat Data Center architecture (both small and enterprise scale) suggests that the connection goes through the node(s) to access the NFS - HipChat Data Center Architecture
Thanks Ahmad. If I understand you correctly, we should be able to lock down the /exports on our NFS server to only allow the HipChat server to connect...correct?
The document linked below gives kinda ambiguous information on this stating that the /exports example given allows any client interface to connect. If it is only necessary for the HipChat to be able to connect, the example should be structured to only have the IP of the HipChat server or at least mention in the text that the only endpoint that needs to connect to the share is the HipChat server.
Article:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, Byron.
You are welcome. Yes, it is recommended to lock down the /exports to allow the node to connect only. The documentation only serves as a basic reference to set up the NFS server, meaning the minimal possible set up. So, you are able to modify it according to your needs.
You can list nodes if you prefer or put all the things related to HipChat on separate private network and whitelist the network as an example.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.