Hi all,
I’m trying to set up a DMZ with Consul Connect and Nomad, and I’m running into some issues.
My setup ist the following:
- Nomad: 3 master/server nodes in datacenter “home” plus two client nodes in datacenter “dmz”
- Consul: 3 server nodes in datacenter “home” plus 2 client nodes in datacenter “home” because client nodes refuse to connect to the server nodes if the datacenter property does not match
My goal is to route service traffic from the “dmz” datacenter through the Consul Connect Gateway to the “home” datacenter. Right now I have ports 20000-31999 open in my firewall, but I would prefer to tighten these rules to just port 8443 for the Consul Connect gateway.
Anyone implemented something similar and could give me a heads up?
The documentation for more advanced topologies with Nomad + Consul still has room for improvement …