I have spent whole day looking for an answer why my node js app is not reachable from the internet when I run it on Kubernetes with loadbalancer as a service type. The solution was to change host from localhost to 0.0.0.0 in node js server app definition, but I still don’t know why?
I hope this saves one’s time in the future.
When you say that you set the host I guess you mean what the app is told to listen on in the listen function like express app server . listen all intefaces instead of localhost only You can bind to a particular address or leave it open to all by using the 0.0.0.0 mask (the zeros function as a mask for matching rather than a true IP address - https://stackoverflow.com/a/20778887/9705485).
I imagine you had your app running fine locally and were able to access it from your host machine with your localhost configuration. This would be because your local machine would be accessing it in a way that conforms to the mask. Your config was effectively saying only localhost can access this app. So when you ported to Kubernetes then your machine has to go over a network and the incoming connection was then your machine's external/public IP address, which then did not match the localhost mask. So to get it to work you changed the mask to make it open to all IPs.
Related
I am trying to restrict access to my express/nodejs app so that it can only be accessed from it's domain url. Currently if I go to http://ip-address-of-server:3000, the app gets served directly, bypassing nginx.
I have tried adding 'localhost' in the app.listen --
app.listen(4000, 'localhost' , () => console.log('Server running'));
but this ends up making the app completely inaccessible. Even through nginx.
The app is running inside a docker container. And nginx is running on the host. I think this might be causing it but don't know how to fix this.
You can use Docker host mode networking for your app since you mentioned that "The app is running inside a docker container. And nginx is running on the host.".
Ref - https://docs.docker.com/network/host/
This way, it will be reachable via nginx on the same network. Your "localhost" settings will start working as usual after launching the container in docker host mode networking.
Looks like you want to do IP based filtering i.e. you want the node.js program to be accessible only from nginx (localhost or remote) and locally.
There are two ways
Use express-ipfilter middleware. https://www.npmjs.com/package/express-ipfilter to filter requests based on ips
Let node.js listen to everything but change the iptables on the host to restrict port access to specific ips. Expose the port of the node.js container to the host using -p and close the iptable for that port to the outside world
I prefer the second way as it is more robust and restricts traffic at the network level
I have a project at http://github.com/KPB-US/dispatch-display and in it I determine what [fire] station a display [client] belongs to based on it's ip address when the socket connects.
I have a docker composition set up so it can be up and running easily using docker-compose build and docker-compose up. This builds an nginx server that points to the upstream node application running on a node server.
Everything runs fine when I specify network_mode: "host" in both services in the docker-compose.yml. I'd rather have it run more securely using dockers default network mode-- but when I do that, I get NATed [I guess, see example message below] ip addresses from the clients instead of their actual ip addresses, so I don't know which stations [clients] they are coming from.
A connection attempt was made but that remote address is not
registered in the STATIONS list - 172.18.0.1
I am determining the incoming IP address based on the x-forwarded-for header and if missing, then the socket.conn.remoteAddress.
Any ideas on how I can resolve this? I'd like to keep the containers isolated from the network (as mentioned above) but yet still be able to know where the incoming connection is really coming from.
I have build a wt (witty) hello world example and I am trying to deploy this on a Google Cloud instance. It seems to run fine locally (hence it has all the necessary library dependencies). However, I am not able to it to deploy on the server.
I am trying (using my actual http address which is different from the example below)
./hello --docroot . --http-address 105.150.47.754 --http-port 80
but it responds with
Error (asio): bind : cannot assign requested address
It seems to work fine using (0.0.0.0/0)
The cloud instance allows HTTP tcp/80 traffic.
I have tried
setcap 'cap_net_bind_service=+ep' ~/hello
to allow non-root users to publish on ports below 1024, but also to no avail.
Any suggestions?
Cheers, Mike
If you are unable to listen on the specified IP address, one of the following is likely true:
1) Something (such as a web server) is already listening at that address on port 80, or
2) The IP address you are using is not assigned to one of the machine's network interfaces.
Using (0.0.0.0/0) with port 80 tells the Wt web server (wthttpd) to listen on all available local interfaces. Therefore, using that address will work with any available network interface assigned any IP address with port 80 available.
I'm trying to externally access my local node.js development server that's created using the grunt-contrib-connect plugin. The server works (locally) when I use localhost or 127.0.0.1 as the hostname parameter. However, when I change the parameter to * or 0.0.0.0 in order to allow external access (as specified in the documentation), I cannot access the server either locally or externally; this is the error I get in Chrome:
I've tried disabling my firewall and I can see packets coming in from my phone on the correct port (which I'm using to attempt to access my local server externally).
Any ideas why it doesn't work to use * or 0.0.0.0 as the hostname?
Figured it out - when I specified * or 0.0.0.0 as the hostname parameter, I was able to connect externally - I just hadn't tried since I wasn't able to access it locally and assumed it wasn't working at all. Changing the address in the browser to localhost:9000 (instead of 0.0.0.0:9000, which it defaults to) when Grunt first opens the page allowed me to access my server locally.
You can set your own ip address instead of the 0.0.0.0.
With this grunt launch the server on your ip. You can use your mobile to.
The livereload will work on your desktop and on your mobile.
It's not the best way if your work by team because each one have his ip address but it's good enough if you work alone.
I have just created a simple web server using node server and it's running fine. I can access it from the same PC by going to address http://127.0.0.1:1337.
Now I want to access that web server from my WAN IP. I got my my using whatismyip and got something like 110.36.xxx.xxx.
When I tried http://110.36.xxx.xxx:1337, I got:
Firefox can't establish a connection to the server at 110.36.xxx.xxx:1337.
Here is the screenshot how I created the port forwarding in my router:
What's wrong here?
Localhost is only accessible from the same pc. You have to launch your webserver either on address 0.0.0.0 (it will be available on all network interfaces) or 192.186.0.5 so that it is accessible from your wan interface