search

esl / mongooseim-docker

Apache License 2.0
27 stars 29 forks source link

cowboy doesn't answer to requests from external network #33

Closed sordak closed 4 years ago

sordak commented 4 years ago

I have host with IP 172.17.0.148. There is mongooseim-docker with IP 172.25.0.7 on that host. Cowboy is listening to port 8088. Configuration is default except next lines:

  { {8088, "172.25.0.7"} , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {modules, [
          {"172.25.0.7", "/api", mongoose_api_admin, []}
      ]}
  ]},

  { {8089, "172.25.0.7"} , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {protocol_options, [{compress, true}]},
      {ssl, [{certfile, "priv/ssl/fake_cert.pem"}, {keyfile, "priv/ssl/fake_key.pem"}, {password, ""}]},
      {modules, [
          {"172.25.0.7", "/api/sse", lasse_handler, [mongoose_client_api_sse]},
          {"172.25.0.7", "/api/messages/[:with]", mongoose_client_api_messages, []},
          {"172.25.0.7", "/api/contacts/[:jid]", mongoose_client_api_contacts, []},
          {"172.25.0.7", "/api/rooms/[:id]",    mongoose_client_api_rooms, []},
          {"172.25.0.7", "/api/rooms/[:id]/config",    mongoose_client_api_rooms_config, []},
          {"172.25.0.7", "/api/rooms/:id/users/[:user]",    mongoose_client_api_rooms_users, []},
          {"172.25.0.7", "/api/rooms/[:id]/messages",    mongoose_client_api_rooms_messages, []},
          %% Swagger 
          {"172.25.0.7", "/api-docs", cowboy_swagger_redirect_handler, {priv_file, cowboy_swagger, "swagger/index.html"}},
          {"172.25.0.7", "/api-docs/swagger.json", cowboy_swagger_json_handler, #{}},
          {"172.25.0.7", "/api-docs/[...]", cowboy_static, {priv_dir, cowboy_swagger, "swagger", [{mimetypes, cow_mimetypes, all}]}} 
      ]}
  ]},

I'm running mongooseim-docker with next command:

/usr/bin/docker run -d -t --network mim_cluster -h mongooseim-1 --name mongooseim-1 -v `pwd`/mongooseim-def-off:/member -p 5222:5222 -p 8088:8088 mongooseim/mongooseim

I am getting answer if I run next on host:

/usr/bin/curl -X GET --header 'Accept: application/json' 'http://172.25.0.7:8088/api/users/localhost'

But I can't get any answer when I run command from servers from 172.17.0.0 network. Say, from server with IP 172.17.0.150:

/usr/bin/curl -X GET --header 'Accept: application/json' 'http://172.17.0.148:8088/api/users/localhost'

I have tried to substitute 172.25.0.7 with 0.0.0.0, 127.0.0.1 and 172.17.0.148 in mongooseim.cfg, but it didn't help.

I can 'telnet 172.17.0.148 8088' from 172.17.0.150 and make 'GET'. It gives me the next:

telnet 172.17.0.148 8088
Trying 172.17.0.148...
Connected to 172.17.0.148.
Escape character is '^]'.
GET
HTTP/1.1 400 Bad Request
connection: close
content-length: 0

Connection closed by foreign host.

Execution of 'telnet 172.17.0.148 5222' from 172.17.0.150 gives:

telnet 172.17.0.148 5222
Trying 172.17.0.148...
Connected to 172.17.0.148.
Escape character is '^]'.
GET
<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' id='FB93302CFE4F9BED' from='localhost' version='1.0'><stream:error><xml-not-well-formed xmlns='urn:ietf:params:xml:ns:xmpp-streams'/></stream:error></stream:stream>Connection closed by foreign host.

Question:

How do I configure mongooseim (cowboy), so I could make requests from servers from 172.17.0.0 network?

michalwski commented 4 years ago

There are 2 things worth considering:

  1. The IP interface on which the HTTP(S) endpoint is listening. This is configured by the following line: { {8088, "172.25.0.7"} , ejabberd_cowboy, [ I think you can change it to: { 8088 , ejabberd_cowboy, [ which will start the endpoint on all available network interfaces (most probably only one one in a container).
  2. The HOST header in a HTTP request. When you configure the routes like below: 
    {modules, [
      {"172.25.0.7", "/api", mongoose_api_admin, []}
  ]}

    You basically tell MongooseIM to accept only these request which has "172.25.0.7" as a value of the Host header. I suggest changing it to "_" which tells the server to accept any Host value.

The following config worked for me:

{ 8088 , ejabberd_cowboy, [
      {num_acceptors, 10},
      {transport_options, [{max_connections, 1024}]},
      {modules, [
          {"_", "/api", mongoose_api_admin, []}
      ]}
  ]},

Please, keep in mind the the API exposed on port 8088 doesn't have any authentication layer and allows to manipulate the server. It's meant to be accessible only from your other backend services so you may want to put some restrictions who can access it.

sordak commented 4 years ago

Solved. Thank you!