don't expose port 8080, was "add firewall rules, allowing only 80, 443, 22"

[pdurbin]

I just spun up an instance and all ports are open when really all I think I need are:

• 22 to ssh in
• 80 to redirect to 443
• 443 for https

I'd suggest blocking all the rest with whatever newfangled firewall technology is in vogue these days. (Back in the day, I used iptables on CentOS 6.)

I suppose it should probably be configurable but, again, I'm fine with the three ports above if that make is easier for an initial run at this. I'm also fine with Rocky only, for now.

[pdurbin]

My immediate desire was to block 8080 but thanks to this old PR by @pameyer (a technique which was rediscovered by @ofahimIQSS), I have a workaround:

• document how to configure glassfish to listen from localhost only IQSS/dataverse#5320

Or maybe I have a belt and a firewall could be the suspenders some day. 😄

Anyway, I'm good for now. This issue doesn't need to be high priority at all.

[pdurbin]

I re-titled this issue since I saw this PR is set to close it:

• Have Payara Default to Localhost #405

We can worry about firewalls another day!

[wshahn]

I ran my branch today with vagrant, and was able to confirm the desired behavior.

wshahn@rdmc-dls-5090:~/dataverse$ vagrant ssh
[vagrant@vbox ~]$ ss -plnt
State              Recv-Q             Send-Q                              Local Address:Port                            Peer Address:Port             Process
. . .
LISTEN             0                  4096                           [::ffff:127.0.0.1]:8080                                       *:*
. . .