shizunge
commented
2 years ago You can do it with traefik (and other reverse proxy I believe) You do not need to use Caddy. Here is an example https://github.com/bsherman/netmaker-traefik
Closed deluxghost closed 1 year ago
shizunge
commented
2 years ago You can do it with traefik (and other reverse proxy I believe) You do not need to use Caddy. Here is an example https://github.com/bsherman/netmaker-traefik
deluxghost
commented
2 years ago You can do it with traefik (and other reverse proxy I believe) You do not need to use Caddy. Here is an example https://github.com/bsherman/netmaker-traefik
isn't that still expose 8081 and 50051 on the host server?
shizunge
commented
2 years ago Ah, the example is still use network_mode: host.
In my setup, I use docker network, and I set CLIENT_MODE=off. network_mode: host is only required if you are using CLIENT_MODE=on.
I started my client manually on the host after netmaker server starts up, then connect it to the netmaker server (netmaker UI provides a command to do so).
shizunge
commented
2 years ago Actually, you can already use env variable API_PORT: "8081" and GRPC_PORT: "50051" to change the port.
alcroito
commented
2 years ago Hi.
It's not about changing port numbers, but rather not exposing the services to be accessible via the public host ip.
The linked https://github.com/bsherman/netmaker-traefik indeed does not expose the ports.
But when not using traefik (e.g. nginx or caddy running on the host, not in a container) that doesn't seem currently possible.
It would be nice to allow specifying the listener address to 127.0.0.1, to avoid exposing the ports on the public network.
EDIT: At least with non-host-network-mode, it's possible to limit the listening address by using something like:
netmaker-ui:
container_name: netmaker-ui
depends_on:
- netmaker
image: gravitl/netmaker-ui
links:
- "netmaker:api"
ports:
- "127.0.0.1:8082:80"It would still be nice if it was possible to specify a localhost listening address when using host network mode.
afeiszli
commented
2 years ago @alcroito @deluxghost In the new docker compose, with Caddy, docker ports for api are no longer exposed publicly: https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.contained.yml
thanks to @fersingb for this!
alcroito
commented
2 years ago @alcroito @deluxghost In the new docker compose, with Caddy, docker ports for api are no longer exposed publicly: https://github.com/gravitl/netmaker/blob/master/compose/docker-compose.contained.yml
thanks to @fersingb for this!
Please re-read my last comment. It was already possible to limit the port when using non-host network mode. With host network mode, support would have to be added to the netmaker api service. docker-compose would not help.
The netmaker api service would need a new option that takes an ip or host name to bind the port to.
mattkasun
commented
1 year ago netmaker no longer uses host mode
reason: I am trying to only serve http/grpc through a reverse proxy