netmaker icon indicating copy to clipboard operation
netmaker copied to clipboard

Published 20 hours ago verified publisher icon gravitl

allow changes to server listening addr

Open deluxghost opened this issue 3 years ago • 7 comments

reason: I am trying to only serve http/grpc through a reverse proxy

deluxghost avatar Jan 25 '22 07:01 deluxghost

You can do it with traefik (and other reverse proxy I believe) You do not need to use Caddy. Here is an example https://github.com/bsherman/netmaker-traefik

shizunge avatar Jan 30 '22 22:01 shizunge

You can do it with traefik (and other reverse proxy I believe) You do not need to use Caddy. Here is an example https://github.com/bsherman/netmaker-traefik

isn't that still expose 8081 and 50051 on the host server?

deluxghost avatar Jan 31 '22 05:01 deluxghost

Ah, the example is still use network_mode: host.

In my setup, I use docker network, and I set CLIENT_MODE=off. network_mode: host is only required if you are using CLIENT_MODE=on.

I started my client manually on the host after netmaker server starts up, then connect it to the netmaker server (netmaker UI provides a command to do so).

shizunge avatar Jan 31 '22 06:01 shizunge

Actually, you can already use env variable API_PORT: "8081" and GRPC_PORT: "50051" to change the port.

shizunge avatar Jan 31 '22 06:01 shizunge

Hi.

It's not about changing port numbers, but rather not exposing the services to be accessible via the public host ip.

The linked https://github.com/bsherman/netmaker-traefik indeed does not expose the ports.

But when not using traefik (e.g. nginx or caddy running on the host, not in a container) that doesn't seem currently possible.

It would be nice to allow specifying the listener address to 127.0.0.1, to avoid exposing the ports on the public network.

EDIT: At least with non-host-network-mode, it's possible to limit the listening address by using something like:

  netmaker-ui:
    container_name: netmaker-ui
    depends_on:
      - netmaker
    image: gravitl/netmaker-ui
    links:
      - "netmaker:api"
    ports:
      - "127.0.0.1:8082:80"

It would still be nice if it was possible to specify a localhost listening address when using host network mode.

alcroito avatar Mar 08 '22 15:03 alcroito

@alcroito @deluxghost In the new docker compose, with Caddy, docker ports for api are no longer exposed publicly: https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.contained.yml

thanks to @fersingb for this!

afeiszli avatar May 18 '22 21:05 afeiszli

@alcroito @deluxghost In the new docker compose, with Caddy, docker ports for api are no longer exposed publicly: https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.contained.yml

thanks to @fersingb for this!

Please re-read my last comment. It was already possible to limit the port when using non-host network mode. With host network mode, support would have to be added to the netmaker api service. docker-compose would not help.

The netmaker api service would need a new option that takes an ip or host name to bind the port to.

alcroito avatar May 18 '22 22:05 alcroito

netmaker no longer uses host mode

mattkasun avatar May 05 '23 11:05 mattkasun