holochain-rust icon indicating copy to clipboard operation
holochain-rust copied to clipboard

Published 20 hours ago verified publisher icon holochain

How can we bind the http interface to a different ip than 127.0.0.1?

Open gotjoshua opened this issue 4 years ago • 9 comments

I got to the end of the helo holo tutorial and I can't find any documentation about binding the http interface to a different ip/host. I'd like to bind to http://0.0.0.0:8888 instead of 127.0.0.1 Is it possible?

gotjoshua avatar Jan 11 '20 00:01 gotjoshua

Hi @gotjoshua this'd be a great conversation for the tutorials section of the forum -- the short answer is that it's not terribly safe to bind to 0.0.0.0 because a running instance represents one agent's presence in the app's DHT, and giving other people direct access to the GUI and RPC ports gives them the opportunity to impersonate that agent. But if you're just trying to do dev on a remote machine, there's a clever setup using SSH that keeps things secure.

pdaoust avatar Jan 31 '20 05:01 pdaoust

well, binding to 0.0.0.0 is rather insecure on the host machine... but it is easy and secure within a docker container as the 0.0.0.0 is isolated to the container and ports of the host are strictly controlled. But sometimes if a service only binds to 127.0.0.1 internally to the docker container, then the traffic from outside is ignored.

However, it seems that it is working quite well "as is" and I have a running setup published here: https://github.com/dcomposed/holo-code-server

gotjoshua avatar Jan 31 '20 11:01 gotjoshua

Good point re: docker; never thought of that use case. Right now the only thing I can think of is to set up a reverse proxy for HTTP and WebSocket on the Docker guest, which I believe you've done already (or the tools in code-server supplies for you)?

pdaoust avatar Feb 03 '20 22:02 pdaoust

(NB I like this code-server thing; could be really really useful for dev camps and hackathons! Is your Holochain flavour ready to share yet?)

pdaoust avatar Feb 03 '20 22:02 pdaoust

For sure it's sharable... The link is there above... If you want a preview we can exchange login info over a secure channel somehow... Or if you have a server or VPS, by all means try to spin up an instance. I'd love some feedback. I had the same thought about Hackathon... That's actually when/ why I made it!

gotjoshua avatar Feb 03 '20 23:02 gotjoshua

hey @gotjoshua ; thanks for the invitation! Hmmm, secure channel... Direct message on the forum is sorta secure, in that it's on a self-hosted instance... otherwise I can share my phone number if you have Signal on your phone.

pdaoust avatar Feb 04 '20 04:02 pdaoust

I have signal... I couldn't find out how to do direct message in the holo forum on my phone... Maybe you can direct message me your signal number...

gotjoshua avatar Feb 04 '20 06:02 gotjoshua

on the holo forums my handle is onezoomin

or you can put your signal number here and delete it afterwards if you're comfortable with that... ( although it would be visible in the comment history :/ )

gotjoshua avatar Feb 05 '20 08:02 gotjoshua

hey @pdaoust you still want to set up that code-server demo at some point?

gotjoshua avatar Feb 09 '20 09:02 gotjoshua