The following URLs and access types need outgoing permissions in firewalls in order for Mender to work correctly:
Hosted Mender access: Devices, APIs and browser access
https://hosted.mender.iohttps://*.hosted.mender.ioArtifact storage access: Devices, APIs and browser access
https://s3.amazonaws.com/hosted-mender-artifactshttps://hosted-mender-artifacts.s3.amazonaws.comhttps://c271964d41749feb10da762816c952ee.r2.cloudflarestorage.comHosted Mender access: Devices, APIs and browser access
https://eu.hosted.mender.iohttps://*.eu.hosted.mender.ioArtifact storage access: Devices, APIs and browser access
https://mender.blob.core.windows.net/artifactshttps://c271964d41749feb10da762816c952ee.r2.cloudflarestorage.comMender access: Devices, APIs and browser access
https://mender.example.com - Use the same address you specify it in the Server Installation SectionArtifact storage access: Devices, APIs and browser access
Permit access to the following URLs:
https://s3.amazonaws.com/<my-example-artifact-storage> - Amazon S3 Path-style requesthttps://<my-example-artifact-storage>.s3.amazonaws.com - Amazon S3 Virtual-hosted-style request
Permit access to your Storage proxy URL defined in Storage Setup Section
https://artifacts.example.com or simply:https://mender.example.com
Only required for on-premise installation
A minimum policy set to use an Amazon S3 bucket to store Mender Artifacts is:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetAccessPoint",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::BUCKET-NAME"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::BUCKET-NAME/*"
},
]
}© 2024 Northern.tech AS