From 20b2378ec8d3aa51b96a8d2c2a038f3b82b69352 Mon Sep 17 00:00:00 2001 From: Alberto Chiusole Date: Thu, 20 Feb 2025 18:28:36 +0100 Subject: [PATCH 1/5] Add all public endpoints to list of domains to allow in firewalls --- .../firewall-configuration.mdx | 32 ++++++++++++++++++- .../firewall-configuration.mdx | 32 ++++++++++++++++++- .../firewall-configuration.mdx | 32 ++++++++++++++++++- .../firewall-configuration.mdx | 32 ++++++++++++++++++- 4 files changed, 124 insertions(+), 4 deletions(-) diff --git a/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx index 755bf6d55..308c0244b 100644 --- a/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,40 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud +containers and other services provided by Seqera, you'll need to add +`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't +supported by your firewall, you can use the following: +- `cloud.seqera.io` +- `api.cloud.seqera.io` +- `user-data.cloud.seqera.io` +- `tower.nf` +- `api.tower.nf` +- `connect.cloud.seqera.io` and its subdomains `*.connect.cloud.seqera.io` +- `hub.seqera.io` +- `intern.seqera.io` +- `wave.seqera.io` +- `community.wave.seqera.io` +- `cerbero.seqera.io` +- `public.cr.seqera.io` +- `auth.cr.seqera.io` +- `cr.seqera.io` +- `licenses.seqera.io` +- `api.multiqc.info` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `community-cr-prod.seqera.io` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `public-cr-prod.seqera.io` +- `wave-cache-prod-cloudflare.seqera.io` - `fusionfs.seqera.io.cdn.cloudflare.net` - `nf-xpack.seqera.io.cdn.cloudflare.net` +- `community-cr-prod.seqera.io.cdn.cloudflare.net` +- `fusionfs.seqera.io.cdn.cloudflare.net` +- `nf-xpack.seqera.io.cdn.cloudflare.net` +- `public-cr-prod.seqera.io.cdn.cloudflare.net` - `wave-cache-prod-cloudflare.seqera.io.cdn.cloudflare.net` If you chose to filter by specific DNS records, please note that new services may be added in the future. diff --git a/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx index 755bf6d55..308c0244b 100644 --- a/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,40 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud +containers and other services provided by Seqera, you'll need to add +`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't +supported by your firewall, you can use the following: +- `cloud.seqera.io` +- `api.cloud.seqera.io` +- `user-data.cloud.seqera.io` +- `tower.nf` +- `api.tower.nf` +- `connect.cloud.seqera.io` and its subdomains `*.connect.cloud.seqera.io` +- `hub.seqera.io` +- `intern.seqera.io` +- `wave.seqera.io` +- `community.wave.seqera.io` +- `cerbero.seqera.io` +- `public.cr.seqera.io` +- `auth.cr.seqera.io` +- `cr.seqera.io` +- `licenses.seqera.io` +- `api.multiqc.info` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `community-cr-prod.seqera.io` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `public-cr-prod.seqera.io` +- `wave-cache-prod-cloudflare.seqera.io` - `fusionfs.seqera.io.cdn.cloudflare.net` - `nf-xpack.seqera.io.cdn.cloudflare.net` +- `community-cr-prod.seqera.io.cdn.cloudflare.net` +- `fusionfs.seqera.io.cdn.cloudflare.net` +- `nf-xpack.seqera.io.cdn.cloudflare.net` +- `public-cr-prod.seqera.io.cdn.cloudflare.net` - `wave-cache-prod-cloudflare.seqera.io.cdn.cloudflare.net` If you chose to filter by specific DNS records, please note that new services may be added in the future. diff --git a/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx index 755bf6d55..308c0244b 100644 --- a/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,40 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud +containers and other services provided by Seqera, you'll need to add +`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't +supported by your firewall, you can use the following: +- `cloud.seqera.io` +- `api.cloud.seqera.io` +- `user-data.cloud.seqera.io` +- `tower.nf` +- `api.tower.nf` +- `connect.cloud.seqera.io` and its subdomains `*.connect.cloud.seqera.io` +- `hub.seqera.io` +- `intern.seqera.io` +- `wave.seqera.io` +- `community.wave.seqera.io` +- `cerbero.seqera.io` +- `public.cr.seqera.io` +- `auth.cr.seqera.io` +- `cr.seqera.io` +- `licenses.seqera.io` +- `api.multiqc.info` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `community-cr-prod.seqera.io` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `public-cr-prod.seqera.io` +- `wave-cache-prod-cloudflare.seqera.io` - `fusionfs.seqera.io.cdn.cloudflare.net` - `nf-xpack.seqera.io.cdn.cloudflare.net` +- `community-cr-prod.seqera.io.cdn.cloudflare.net` +- `fusionfs.seqera.io.cdn.cloudflare.net` +- `nf-xpack.seqera.io.cdn.cloudflare.net` +- `public-cr-prod.seqera.io.cdn.cloudflare.net` - `wave-cache-prod-cloudflare.seqera.io.cdn.cloudflare.net` If you chose to filter by specific DNS records, please note that new services may be added in the future. diff --git a/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx index 755bf6d55..308c0244b 100644 --- a/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,40 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud +containers and other services provided by Seqera, you'll need to add +`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't +supported by your firewall, you can use the following: +- `cloud.seqera.io` +- `api.cloud.seqera.io` +- `user-data.cloud.seqera.io` +- `tower.nf` +- `api.tower.nf` +- `connect.cloud.seqera.io` and its subdomains `*.connect.cloud.seqera.io` +- `hub.seqera.io` +- `intern.seqera.io` +- `wave.seqera.io` +- `community.wave.seqera.io` +- `cerbero.seqera.io` +- `public.cr.seqera.io` +- `auth.cr.seqera.io` +- `cr.seqera.io` +- `licenses.seqera.io` +- `api.multiqc.info` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `community-cr-prod.seqera.io` +- `fusionfs.seqera.io` +- `nf-xpack.seqera.io` +- `public-cr-prod.seqera.io` +- `wave-cache-prod-cloudflare.seqera.io` - `fusionfs.seqera.io.cdn.cloudflare.net` - `nf-xpack.seqera.io.cdn.cloudflare.net` +- `community-cr-prod.seqera.io.cdn.cloudflare.net` +- `fusionfs.seqera.io.cdn.cloudflare.net` +- `nf-xpack.seqera.io.cdn.cloudflare.net` +- `public-cr-prod.seqera.io.cdn.cloudflare.net` - `wave-cache-prod-cloudflare.seqera.io.cdn.cloudflare.net` If you chose to filter by specific DNS records, please note that new services may be added in the future. From 490174e522dfd9c464f8600017511946cef25c64 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Fri, 21 Feb 2025 20:25:20 +0200 Subject: [PATCH 2/5] Update firewall-configuration.mdx Signed-off-by: Justine Geffen --- .../enterprise/advanced-topics/firewall-configuration.mdx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx index 308c0244b..72ede1473 100644 --- a/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-23.3/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,7 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud -containers and other services provided by Seqera, you'll need to add -`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't -supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services provided by Seqera, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: - `cloud.seqera.io` - `api.cloud.seqera.io` From c61a686e80e6f82f24fd93ce93f06f74ddda747c Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Fri, 21 Feb 2025 20:25:48 +0200 Subject: [PATCH 3/5] Update firewall-configuration.mdx Signed-off-by: Justine Geffen --- .../enterprise/advanced-topics/firewall-configuration.mdx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx index 308c0244b..72ede1473 100644 --- a/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-23.4/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,7 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud -containers and other services provided by Seqera, you'll need to add -`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't -supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services provided by Seqera, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: - `cloud.seqera.io` - `api.cloud.seqera.io` From 66cfb080386b8607ee1b2483b8bc5459725c7ace Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Fri, 21 Feb 2025 20:26:09 +0200 Subject: [PATCH 4/5] Update firewall-configuration.mdx Signed-off-by: Justine Geffen --- .../enterprise/advanced-topics/firewall-configuration.mdx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx index 308c0244b..72ede1473 100644 --- a/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-24.1/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,7 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud -containers and other services provided by Seqera, you'll need to add -`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't -supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services provided by Seqera, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: - `cloud.seqera.io` - `api.cloud.seqera.io` From e057c55026be96bed629b25ede67b0732371a2db Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Fri, 21 Feb 2025 20:26:27 +0200 Subject: [PATCH 5/5] Update firewall-configuration.mdx Signed-off-by: Justine Geffen --- .../enterprise/advanced-topics/firewall-configuration.mdx | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx b/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx index 308c0244b..72ede1473 100644 --- a/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx +++ b/platform_versioned_docs/version-24.2/enterprise/advanced-topics/firewall-configuration.mdx @@ -30,10 +30,7 @@ $ python3 ### DNS allowlist -In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud -containers and other services provided by Seqera, you'll need to add -`*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't -supported by your firewall, you can use the following: +In order for you to access resources such as Fusion tarballs, `nf-xpack` files, Wave cloud containers and other services provided by Seqera, you'll need to add `*.seqera.io.cdn.cloudflare.net` to the allowlist in your network firewall. If DNS wildcards aren't supported by your firewall, you can use the following: - `cloud.seqera.io` - `api.cloud.seqera.io`