Securing Stroom
How to secure Stroom and the cluster
NOTE This document was written for stroom v4/5. Some parts may not be applicable for v6+.
Firewall
The following firewall configuration is recommended:
- Outside cluster drop all access except ports HTTP 80, HTTPS 443, and any other system ports your require SSH, etc.
- Within cluster allow all access
This will enable nodes within the cluster to communicate on:
- 8080 - Stroom HTTP.
- 8081 - Stroom HTTP (admin).
- 8090 - Stroom Proxy HTTP.
- 8091 - Stroom Proxy HTTP (admin).
- 3306 - MySQL
MySQL
TODO
Update this for MySQL 8It is recommended that you run mysql_secure_installation to set a root password and remove the test database:
When prompted, answer as follows (providing a root password when asked):
- Set root password? → Y
- Remove anonymous users? → Y
- Disallow root login remotely? → Y
- Remove test database and access to it? → Y
- Reload privilege tables now? → Y
Last modified March 17, 2026: Merge branch '7.10' into 7.11 (75cbea0)