moleculer-repl icon indicating copy to clipboard operation
moleculer-repl copied to clipboard

Published 20 hours ago verified publisher icon moleculerjs

Feature - Multiple REPL with Remote REPL support

Open arun-prakash-fokus opened this issue 2 years ago • 3 comments

  • feature allows the possibility to connect to a REPL instance running on a remote machine over a TCP socket. this allows one to connect to moleculer services running on remote machines over telnet or socat
  • the implementation uses the approach described in https://nodejs.org/api/repl.html#starting-multiple-repl-instances-against-a-single-running-instance
  • TCP socket port is configurable with the tcpPort REPL opts or with the replTcpPort broker configuration.
  • is simultaneous with PR https://github.com/moleculerjs/moleculer/pull/1153

arun-prakash-fokus avatar Nov 16 '22 22:11 arun-prakash-fokus

I don't think it's a good idea to allow accessing the whole Moleculer project via a TCP socket. If you expose the port, anybody can join your cluster without any authentication and can make wrong things as well.

If you expose a port, it can be the port of the transporter and you can join from your computed with moleculer-cli as moleculer connect nats://some-server:4222.

icebob avatar Nov 17 '22 19:11 icebob

I don't think it's a good idea to allow accessing the whole Moleculer project via a TCP socket. If you expose the port, anybody can join your cluster without any authentication and can make wrong things as well.

That's a valid concern. However, IMHO since moleculer-repl is added under devDependencies, its never packed during the docker image build or when the moleculerjs package is built with NODE_ENV=production. Furthermore, the broker.repl() is only called when the "--repl" option is passed to the moleculer-runner. Its unlikely that a TCP socket would be opened during production mode by error.

If you expose a port, it can be the port of the transporter and you can join from your computed with moleculer-cli as moleculer connect nats://some-server:4222.

Thanks for the tip 👍🏾 By expose, do you mean the docker-compose,

expose:
    - 4222

or

ports:
    - 4222:4222

In my docker-compose, other than the traefik container ports (80, 443 and 8080), no other containers have port forwarding. I use the traefik labels to route http and tcp traffic to the moleculer service container.

arun-prakash-fokus avatar Nov 18 '22 10:11 arun-prakash-fokus

@icebob the socket does not have to be public. It can be localhost and ssh port forwarding or a zero-trust network.

intech avatar Nov 18 '22 16:11 intech