If you are following this guide, please *please* set up iptables. If ElasticSearch runs on the same box as the web server, have it listen on localhost only.
If you are using a separate node, firewall it so it only accepts connections on port 9200 from the web server/servers.
There are guides everywhere on how to set up a firewall; read it for your applicable OS, and *configure it*. A public ES server attached to Mastodon is a menace to everyone you federate with.
Don't forget to firewall 9300 too because it is used for server to server communications
@Elizafox Why do I get the feeling Eugen isn't going to care until the second an instance gets pwned and someone dumps tons of private text into the open?
Server administration for *all* of mastodon seems outside the scope of his "job" to me. picking a server to join and placing trust in your admin is something the user must do after careful consideration. mastodon isnt encrypted or private by any measure. @Elizafox
@0x3F@Elizafox Providing sane defaults is very much in the scope of his job as a developer. The default setup shouldn't be totally public with no auth, that's just ASKING for problems.
And how do you expect your average user to be able to gauge the technical skills of their administrators?
@KS @Elizafox The fact that he rushed this version out so quick might have something to do with it. :blobzippermouth: