diff --git a/jekyll/_cci2/server/v4.4/installation/hardening-your-cluster.adoc b/jekyll/_cci2/server/v4.4/installation/hardening-your-cluster.adoc index ec2c63737b..93bf418835 100644 --- a/jekyll/_cci2/server/v4.4/installation/hardening-your-cluster.adoc +++ b/jekyll/_cci2/server/v4.4/installation/hardening-your-cluster.adoc @@ -27,6 +27,8 @@ NOTE: An nginx reverse proxy is placed in front of link:https://github.com/Kong/ CAUTION: When using Amazon Certificate Manager (ACM), the name of the nginx service will be `circleci-proxy-acm` instead of `circleci-proxy`. If you have switched from some other method of handling your TLS certificates to using ACM, this change will recreate the load balancer and you will have to reroute your associated DNS records for your `` and `app.`. +CAUTION: When using Nomad, clients and servers should be configured to use MTLS for secure communication. + [#network-traffic] == Network traffic This section explains the minimum requirements for a server installation to work. Depending on your workloads, you might need to add additional rules to egress for Nomad clients and VMs. As nomenclature between cloud providers differs, you will probably need to implement these rules using firewall rules and/or security groups. diff --git a/jekyll/_cci2/server/v4.5/installation/hardening-your-cluster.adoc b/jekyll/_cci2/server/v4.5/installation/hardening-your-cluster.adoc index b6df75c08b..d33c0b1bc0 100644 --- a/jekyll/_cci2/server/v4.5/installation/hardening-your-cluster.adoc +++ b/jekyll/_cci2/server/v4.5/installation/hardening-your-cluster.adoc @@ -27,6 +27,8 @@ NOTE: An nginx reverse proxy is placed in front of link:https://github.com/Kong/ CAUTION: When using Amazon Certificate Manager (ACM), the name of the nginx service will be `circleci-proxy-acm` instead of `circleci-proxy`. If you have switched from some other method of handling your TLS certificates to using ACM, this change will recreate the load balancer and you will have to reroute your associated DNS records for your `` and `app.`. +CAUTION: When using Nomad, clients and servers should be configured to use MTLS for secure communication. + [#network-traffic] == Network traffic This section explains the minimum requirements for a server installation to work. Depending on your workloads, you might need to add additional rules to egress for Nomad clients and VMs. As nomenclature between cloud providers differs, you will probably need to implement these rules using firewall rules and/or security groups. diff --git a/jekyll/_cci2/server/v4.6/installation/hardening-your-cluster.adoc b/jekyll/_cci2/server/v4.6/installation/hardening-your-cluster.adoc index 80be6e0185..cfba19cf6b 100644 --- a/jekyll/_cci2/server/v4.6/installation/hardening-your-cluster.adoc +++ b/jekyll/_cci2/server/v4.6/installation/hardening-your-cluster.adoc @@ -26,6 +26,8 @@ NOTE: An nginx reverse proxy is placed in front of link:https://github.com/Kong/ CAUTION: When using Amazon Certificate Manager (ACM), the name of the nginx service will be `circleci-proxy-acm` instead of `circleci-proxy`. If you have switched from some other method of handling your TLS certificates to using ACM, this change will recreate the load balancer and you will have to reroute your associated DNS records for your `` and `app.`. +CAUTION: When using Nomad, clients and servers should be configured to use MTLS for secure communication. + [#network-traffic] == Network traffic This section explains the minimum requirements for a server installation to work. Depending on your workloads, you might need to add additional rules to egress for Nomad clients and VMs. As nomenclature between cloud providers differs, you will probably need to implement these rules using firewall rules and/or security groups.