- Domains
- DNS Management
- Content Delivery Network
-
Cloud Containers
- Overview
-
Using Containers
- Creating and Managing
- Connecting to a Container
- Swapping the Image
- Domain Aliases
- Environment Variables
- Protected Environment Variables
- Backing Up
- Automatic Updates
- SSL Support
- Adjusting Execution Time Limits
- Upgrading Apache Image
- Renaming a Container
- Port Management
- Caching
- Cloning/Overwriting
- Restoring a Backup
- Production Mode
- Metrics Dashboard
- Accessing supervisord
- SSH / SFTP Users
- Databases
- Volumes
- Custom Images
-
Technical Guides
- Create a NodeJS Container
- Creating a Service Container
- Working with .NET Core Web Containers
- Working with Node.js Web Containers
- Working with Umbraco Web Containers
- Deploying your application with git
- Python + Conda Container
- Enable Country-Level blocking in Cloud Containers
- Working with SQL Server Containers
- Working with the SilverStripe Caching folder
- Profiling a site using Xdebug on Cloud Containers
- Virtual Servers
- Dedicated Servers
- Private Cloud
- Cloud / Shared Hosting
- Email Hosting
- Monitoring & Bandwidth
- Account & Billing
- Developers
- SSL Certificates
Security Groups
Overview
Security Groups are reusable collections of firewall rules, which can be attached to any of your servers. They're commonly used to hold related rules that perform a certain task. For example:
- Giving a specific list of IPs SSH access to your server
- Opening the HTTP/HTTPS ports on your server
Creating a Security Group
While you're logged into the Control Panel , click Networking on the left menu. Then go to the Security Group module. From there, click Add Group on the top right of the screen.
You'll need to give your group a label, to help you identify it throughout the rest of the Control Panel. You can always change this label later if you need to.
Modifying a Security Group
-
Once your group has been created, you can start modifying the firewall rules within it. If you've ever used tools like
iptables, the interface may feel familiar to you. -
The form for modifying Security Groups has two separate sections that specify the direction of traffic, one for Inbound traffic and one for Outbound. It's important to make sure that the rules you create go in the correct section.
-
A Source IP is the address that a network packet was sent from. A Dest. IP is the address that a packet is intended to be sent to. The same logic applies for source/destination ports.
Please note that if you do not specify a protocol, port, or IP address as part of a rule, that rule will apply to all traffic.
Rule Ordering
-
Firewall rules within a Security Group are always applied to traffic in order, from top to bottom.
-
Putting a
DROPorREJECTrule in the middle of your group, will effectively stop any rules below it from being applied. If that isn't what you need, it's important to specify a protocol, port or IP, so that any "other" traffic can continue onto the following rules.
Moving Rules
Since order matters, you may find you need to move an existing rule to a higher or lower position within a group. If this happens, you can hover your mouse over the relevant rule, and drag it to another position with the 6 dots on the left (seen circled in red below).
Attaching a Security Group to a Server
Once you've finished configuring your Security Group, you can read about how to apply it one of your servers using the article here.
Once you've attached a Security Group to any servers, any future updates you make to the group will be reflected on those servers automatically.
Deleting a Security Group
Security Groups cannot be deleted if they are currently in use by any servers. Please note that once a Security Group has been deleted, it cannot be recovered.