NOTICE: JetBackup Management Console is in ALPHA testing stage. Please handle with caution.
Any information on this document is subject to change as we continue to develop and make changes.
General Security
JetBackupMC can be managed through web Protocol / API via two different ports, each port has its own role -
- Port 3031 - Regular browser/web management and & API calls.
- Port 3032 - Secured communication between registered servers & JetBackupMC.
This is for JetBackupMC internal usage only.
A "Registered server" is a cPanel/Another server that using JetBackup for backups, and reports to the MC for analyses and ease of management.
To ensure the security of your server, please follow these recommendations -
- All INCOMING public TCP/UDP traffic to the server should be blocked.
- Server management ports (SSH & 3031) should be allowed only to whitelisted IPs.
- Port 3032 should be allowed only for JetBackup registered servers.
Best practices usage would be to install JetBackupMC inside the same DC with shared LAN network between all or most registered servers.
This will allow LAN traffic for registered servers through port 3032 and will reduce the overhead of managing access control lists.
If you choose to install JetBackupMC on a remote WAN accessible server, our best practices would be to install free CSF firewall,
lock all incoming traffic, and only allow particular IPs.
- Follow CSF installation here - https://download.configserver.com/csf/install.txt
- Edit CSF conf file located on /etc/csf/csf.conf
- Make sure "TEST MODE" is turned OFF in order for your changes to take effect -
TESTING = "0"
- Close ALL incoming traffic, the following "*_IN" values should look as followed -
TCP_IN = ""
UDP_IN = ""
TCP6_IN = ""
UDP6_IN = ""
- Whitelist your IPs -
csf -a 11.11.11.11 (replace "11.11.11.11" with your IP)
Don't forget to restart CSF in order for the changes to take effect (csf -r)
To ease the usage, you can edit the IP allowed file here - /etc/csf/csf.allow (any change requires CSF restart -> csf -r)