I am trying to minimize my attack surface for a running balena device. I have a service exposing port 80 on the device. This service is used to manage and maintain my application and I can’t allow this port to be exposed to the Internet at all times.
After some searching, I have discovered 2 options:
- Add a simple microservice that can proxy my original port 80. I can shutdown this service from the dashboard.
- Using reverse ssh and then
acceptincoming traffic as per requirement.
Is this any other way I can achieve this? Ideally I would to set up some environment variable that I can set and clear to dynamically open/close ports.