Firewall rules between Chef Server, Workstation and Client

Hello All,

We are going to install chef server in network 1, workstation in network 2,
and client in network 3. There are firewalls between those networks.

Is there any document to demonstrate which ports/protocol need to be opened?

E.g. Open ports and protocol between server and workstation, and open
ports/protocol between workstation and client network.

Thanks.

Jeffty

On Jul 6, 2015, at 6:57 PM, jeffty wantwatering@gmail.com wrote:

Hello All,

We are going to install chef server in network 1, workstation in network 2, and client in network 3. There are firewalls between those networks.

Is there any document to demonstrate which ports/protocol need to be opened?

E.g. Open ports and protocol between server and workstation, and open ports/protocol between workstation and client network.

All Chef API comms are on port 443 by default. The server also listens on port 80 by default, but that is just a redirect to HTTPS/443. You can change the port in your chef-server.rb.

–Noah

Thanks Noah,

So we only need to open 443, 80 and 22 between server <-> workstation
network, and server <-> client network, right?

Thanks.
Jeffty

-----Original Message-----
From: Noah Kantrowitz [mailto:noah@coderanger.net]
Sent: Tuesday, July 07, 2015 10:17 AM
To: chef@lists.opscode.com
Subject: [chef] Re: Firewall rules between Chef Server, Workstation and
Client

On Jul 6, 2015, at 6:57 PM, jeffty wantwatering@gmail.com wrote:

Hello All,

We are going to install chef server in network 1, workstation in network
2, and client in network 3. There are firewalls between those networks.

Is there any document to demonstrate which ports/protocol need to be
opened?

E.g. Open ports and protocol between server and workstation, and open
ports/protocol between workstation and client network.

All Chef API comms are on port 443 by default. The server also listens on
port 80 by default, but that is just a redirect to HTTPS/443. You can change
the port in your chef-server.rb.

–Noah

80 is not needed, just 443. 22 is only needed if you plan to use SSH for something, Chef does not require that in any way though.

–Noah

On Jul 6, 2015, at 8:26 PM, jeffty wantwatering@gmail.com wrote:

Thanks Noah,

So we only need to open 443, 80 and 22 between server <-> workstation
network, and server <-> client network, right?

Thanks.
Jeffty

-----Original Message-----
From: Noah Kantrowitz [mailto:noah@coderanger.net]
Sent: Tuesday, July 07, 2015 10:17 AM
To: chef@lists.opscode.com
Subject: [chef] Re: Firewall rules between Chef Server, Workstation and
Client

On Jul 6, 2015, at 6:57 PM, jeffty wantwatering@gmail.com wrote:

Hello All,

We are going to install chef server in network 1, workstation in network
2, and client in network 3. There are firewalls between those networks.

Is there any document to demonstrate which ports/protocol need to be
opened?

E.g. Open ports and protocol between server and workstation, and open
ports/protocol between workstation and client network.

All Chef API comms are on port 443 by default. The server also listens on
port 80 by default, but that is just a redirect to HTTPS/443. You can change
the port in your chef-server.rb.

–Noah

Thanks Noah!

-----Original Message-----
From: Noah Kantrowitz [mailto:noah@coderanger.net]
Sent: Tuesday, July 07, 2015 11:32 AM
To: chef@lists.opscode.com
Subject: [chef] Re: Firewall rules between Chef Server, Workstation and
Client

80 is not needed, just 443. 22 is only needed if you plan to use SSH for
something, Chef does not require that in any way though.

–Noah

On Jul 6, 2015, at 8:26 PM, jeffty wantwatering@gmail.com wrote:

Thanks Noah,

So we only need to open 443, 80 and 22 between server <-> workstation
network, and server <-> client network, right?

Thanks.
Jeffty

-----Original Message-----
From: Noah Kantrowitz [mailto:noah@coderanger.net]
Sent: Tuesday, July 07, 2015 10:17 AM
To: chef@lists.opscode.com
Subject: [chef] Re: Firewall rules between Chef Server, Workstation
and Client

On Jul 6, 2015, at 6:57 PM, jeffty wantwatering@gmail.com wrote:

Hello All,

We are going to install chef server in network 1, workstation in
network
2, and client in network 3. There are firewalls between those networks.

Is there any document to demonstrate which ports/protocol need to be
opened?

E.g. Open ports and protocol between server and workstation, and open
ports/protocol between workstation and client network.

All Chef API comms are on port 443 by default. The server also listens
on port 80 by default, but that is just a redirect to HTTPS/443. You
can change the port in your chef-server.rb.

–Noah