Hello all,
After some time testing the PMM it’s time to migrate our monitoring to it.
I’m trying to find the best way to access/secure the Instance. For now, it will be a docker setup on one server.
I have found how to do it with reverse proxy (So I can get the SSL automatically) but here is the issue now:
-
I had in mind that I’ll allow the ips from hosts to access the PMM Server + our VPN exit nodes. With this way though, we cannot access the PMM outside the VPN Network (meaning from mobile phones to check an alert when there is no laptop access). Also, SSL will not be able to automatically renew.
-
Do you consider leaving ports 443 & 80 (For SSL renew and remote acces) open to 0.0.0.0/0 a safe approach? Of course, passwords will be strong in that case, but I cannot find anyhing more to secure the access on HTTPS level (2 step auth etc).
The last resort is to manually update SSL certificates and continue with solution 1. Any ideas or recommendations are welcome!