PowerShell / Polaris

A cross-platform, minimalist web framework for PowerShell
https://powershell.github.io/Polaris/
MIT License
512 stars 115 forks source link

Start ploaris with URL [Enhancement] #156

Closed Fecana closed 5 years ago

Fecana commented 6 years ago

Now we can only select the port. It would be very usefull if we could start the server selecting the bind/hostname: Start -Port 8080 => Start -Url http://www.myhost.uk:8080

Tiberriver256 commented 6 years ago

Excellent suggestion! A few thoughts here.

Reading through the code it looks like we actually use top level wildcard bindings. So if you are running Polaris as administrator the app will listen to and respond to all requests on the specified port regardless of the hostname.

@tylerl0706 - I'd be interested to hear your thoughts but I'm definitely for replacing the wildcard functionality with the ability to specify a hostname. Especially after seeing the security concerns in the warning blurb of the remarks section here.

We could do two parameter sets for some expanded functionality one for hostname + port combination and one to take an array of prefix strings which we could pass straight to HttpListener, in the case that someone might want to listen on more than one hostname / port at a time.

It would also be worth seeing if we can help people out a bit on a Windows box with running the listener without elevated rights. Instead of asking them to run the listener as admin we should probably check to see if there is an existing urlacl for the external hostname they want to listen on and if there's not an entry prompt them to run the necessary netsh http command to create the urlacl as admin and then drop back into the normal permission context to launch and run the server.

jeremymcgee73 commented 6 years ago

I think this is a worthwhile addition! I am fine with just listening to one hostname/port. I just don't see much of a advantage to running multiple. I would think if you wanted to do that, you would start multiple instances of Polaris( Start-Polaris -Polaris $InstanceTwo). My main motivation in storing the hostname/port/SSL is that it can then be checked for doing redirection and creating links. There are also uses when using Polaris as an API, maybe swagger.

jeremymcgee73 commented 5 years ago

How do you all think we should handle the default URL now? Currently if on Linux/OSX or running on windows as admin, we use the wildcard +. If it is ran as non-admin on Windows we use localhost. The real issue is that the URLACL needs to be set to use +. This would allow us to use the wildcard, without admin. But, this could be breaking change. Should I open a RFC? I think throwing an error, is better than switching to localhost.

I also thought about setting the URL to the wildcard as the default parameter in Start-Polaris. Then, when we create the prefix, we can apply the same logic as above, if the default parameter was set. This would prevent a breaking change, but is more ugly. https://github.com/PowerShell/Polaris/issues/21 Is where the change was introduced.

Paging @TylerLeonhardt @Tiberriver256 for advice 😊

TylerLeonhardt commented 5 years ago

Especially after seeing the security concerns in the warning blurb of the remarks section here.

well I'm sold 😄My biggest concerns is basically what I was experiencing in #21. I know from the Windows side, it's pretty typical to use your own hostname... but does that extend to linux?

Also, from a container perspective I'd like to know how that works.

Unfortunately, this is not my area of expertise... Any thoughts?

Tiberriver256 commented 5 years ago

I would say defaults should always be safe and defaults shouldn't change automatically based on your security context.

The safest default hostname is some sort of loopback reference (127.0.0.1 or localhost). It's the safest because it's not accessible anywhere other than that machine. If we allow the host to be configurable at Start-Polaris, we can add some documentation on recommendations for different environments but generally people could just choose to expose it how they like and when they like.

Having it exposed out a container would be something like:

Start-Polaris -Port 80 -Host "0.0.0.0"

or

Start-Polaris -Port 80 -Host "*"

If someone on a Windows box actually wanted to expose Polaris directly to their intranet / Internet and redirect to it with internal / external DNS you could actually run several instances of Polaris on the same port of the same server using:

Start-Polaris -Port 80 -Host "my-awesome-site.contoso.com"
Start-Polaris -Port 80 -Host "my-boss-sauce-site.contoso.com"
TylerLeonhardt commented 5 years ago

Why did I think that allowing you to specify the Host got rid of the ability to specify 0.0.0.0 somehow... I must have not had any coffee lol

Yes. This is EXACTLY what we should be doing 😄

Allow them to specify the host, with the default of 127.0.0.1 or localhost.