Loving the octopus deploy.
I am working in a small on-premise environment, i am automating new server tentacle registration, servers are created using cloudformation in AWS.
I have exposed a port for these machines to register with our on-premise Octopus Server, but it seems (as far as i can see) this also exposes the web interface and full control of the octopus server itself, if compromised. Soon, i will no longer be able to vet the accounts being added to the octopus server and i am concerned about security, this octopus server also manages internal resources as well.
I apologise if this has been documented or covered off in the forums already, but i have not been able to find anything.
My question is this, is it possible to expose just a service port for tentacle’s to register without exposing the entire server’s web interface also?
We are working with a shoe string budget and i don’t think our firewall is capable of filtering the correct inbound connections specifically from AWS servers on this port only.
Any help is appreciated, keep up the good work