Skip to content
  • Català: Aquesta pàgina no està traduida encara al català.
  • Castellano: Esta página no está traducida aún al castellano.

IsardVDI Security concerns

By default IsardVDI in production mode will open some container ports to the public world as they are required (can be modified in isardvdi.cfg)

  • 80/TCP: Redirect HTTP to HTTPS and HTTP CONNECT method to proxy spice clients
  • 443/TCP: Web secure port and HTML5 viewers port
  • 9999/TCP: RDP proxy gateway port to connect RDP clients
  • 443/UDP: Wireguard VPN for client users
  • 4443/UDP: Wireguard VPN for infrastructure hypervisors. Not need to be open in an all-in-one setup.
NAME                        SERVICE                     PORTS
isard-api                   isard-api
isard-authentication        isard-authentication
isard-core_worker           isard-core_worker
isard-db                    isard-db
isard-engine                isard-engine
isard-grafana               isard-grafana
isard-grafana-agent         isard-grafana-agent
isard-guac                  isard-guac
isard-hypervisor            isard-hypervisor
isard-loki                  isard-loki
isard-portal                isard-portal                0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:9999->9999/tcp,
isard-prometheus            isard-prometheus
isard-redis                 isard-redis
isard-scheduler             isard-scheduler
isard-squid                 isard-squid
isard-static                isard-static
isard-stats-cadvisor        isard-stats-cadvisor
isard-stats-go              isard-stats-go
isard-stats-node-exporter   isard-stats-node-exporter
isard-stats-rethinkdb       isard-stats-rethinkdb
isard-storage               isard-storage
isard-vpn                   isard-vpn                   0.0.0.0:443->443/udp, 0.0.0.0:4443->4443/udp,
isard-webapp                isard-webapp
isard-websockify            isard-websockify

To apply a base security and complex infrastructure setups to your installation you have some example scripts for Debian 10 at sysadm folder:

  • debian_docker.sh: This is not a security script, it is only the first thing you should do: install docker & docker-compose. Refer to documentation for other installation sample scripts or better go to the latests documentation for your distro at (https://docs.docker.com/engine/install/)[https://docs.docker.com/engine/install/]
  • debian_firewall.sh: This is a sample script to install and setup fail2ban and manage ports in firewalld instead of letting the default docker open the ports.
Last update: July 7, 2023