General Security

JetBackupMC can be managed through web Protocol / API via two different ports, each port has its own role:

• Port 3031 - Regular browser/web management and API calls.
• Port 3032 - Secured communication between registered servers and JetBackupMC. This is for JetBackupMC internal usage only.

A “Registered server” is a cPanel/Another server that uses JetBackup for backups and reports to the MC for analyses and ease of management.

To ensure the security of your server, please follow these recommendations:

• Block all incoming public TCP/UDP traffic to the server.
• Allow server management ports (SSH & 3031) only to whitelisted IPs.
• Allow Port 3032 only for JetBackup registered servers.

Best practices:

• Install JetBackupMC inside the same DC with a shared LAN network between all or most registered servers. This will allow LAN traffic for registered servers through port 3032 and reduce the overhead of managing access control lists.
• If you install JetBackupMC on a remote WAN-accessible server, we recommend installing the free CSF firewall, locking all incoming traffic, and only allowing particular IPs.

CSF Installation Steps:

• Follow CSF installation here: CSF Installation Guide
• Edit the CSF configuration file located at /etc/csf/csf.conf.
• Ensure “TEST MODE” is turned OFF for your changes to take effect by setting TESTING = "0".
• Close ALL incoming traffic by setting the following values:
  • TCP_IN = ""
  • UDP_IN = ""
  • TCP6_IN = ""
  • UDP6_IN = ""
• Whitelist your IPs using: ‘csf -a 11.11.11.11’ (replace ‘11.11.11.11’ with your IP).

Don’t forget to restart CSF for the changes to take effect (csf -r). To ease usage, you can edit the IP allowed file here: /etc/csf/csf.allow. Any change requires a CSF restart: csf -r.