diff --git a/README_SETUP.md b/README_SETUP.md
index afc63592e7797adafa8cd58df37d0aff0a8d5b15..a15fbc3d03fd19078bd41deb384473e9e8b79de4 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -94,7 +94,9 @@ server:
* Setup for MySQL back-end:
specify the fields `MYSQL_USER_NAME`, `MYSQL_USER_PASSWORD`,
`MYSQL_DATABASE_NAME`, and `MYSQL_HOST`.
- * Choose the ports under which CaosDB will be accessible.
+ * Choose the host and ports under which CaosDB will be accessible. The host
+ is the IP address the server should listen on. Blank (the default) means
+ all interfaces, and `127.0.0.1` means only localhost.
* Setup the SSL certificate: Assuming that there is an appropriate `Java Key
Store` file (see above), change the fields `CERTIFICATES_KEY_PASSWORD`,
`CERTIFICATES_KEY_STORE_PATH`, and `CERTIFICATES_KEY_STORE_PASSWORD`.
diff --git a/conf/core/server.conf b/conf/core/server.conf
index 153f76914618d8c524ea417586cb48481e16bf88..793f81115e12d0b7e0eba11c07df36978d5c5662 100644
--- a/conf/core/server.conf
+++ b/conf/core/server.conf
@@ -77,6 +77,10 @@ MYSQL_SCHEMA_VERSION=v5.0
# The context root is a prefix which allows running multiple instances of CaosDB using the same
# hostname and port. Must start with "/".
CONTEXT_ROOT=
+# Server bind/host address, which is the address to listen to. Set to blank, or
+# 0.0.0.0 in IPv4, to listen to all. Set to 127.0.0.1 to make it available to
+# localhost only.
+SERVER_BIND_ADDRESS=
# HTTPS port of this server instance.
SERVER_PORT_HTTPS=443
# HTTP port of this server instance.
diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index 74e70fc61feeb6ace0f1919610bee0cb868439cf..bd053276e08fda4a898950e476814999f9bf4156 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -330,6 +330,13 @@ public class CaosDBServer extends Application {
}
private static void initWebServer() throws Exception {
+ /* For the host, the property can't be used directly since blank should mean
+ all interfaces, not localhost; which means replacing a blank value with
+ null. */
+ final String server_bind_address_property =
+ getServerProperty(ServerProperties.KEY_SERVER_BIND_ADDRESS);
+ final String server_bind_address =
+ server_bind_address_property.length() == 0 ? null : server_bind_address_property;
final int port_https =
Integer.parseInt(getServerProperty(ServerProperties.KEY_SERVER_PORT_HTTPS));
final int port_http =
@@ -347,10 +354,15 @@ public class CaosDBServer extends Application {
Integer.parseInt(getServerProperty(ServerProperties.KEY_MAX_CONNECTIONS));
if (NO_TLS) {
- runHTTPServer(port_http, initialConnections, maxTotalConnections);
+ runHTTPServer(server_bind_address, port_http, initialConnections, maxTotalConnections);
} else {
runHTTPSServer(
- port_https, port_http, port_redirect_https, initialConnections, maxTotalConnections);
+ server_bind_address,
+ port_https,
+ port_http,
+ port_redirect_https,
+ initialConnections,
+ maxTotalConnections);
}
}
@@ -368,7 +380,10 @@ public class CaosDBServer extends Application {
* @throws Exception
*/
private static void runHTTPServer(
- final int port_http, final int initialConnections, final int maxTotalConnections)
+ final String server_bind_address,
+ final int port_http,
+ final int initialConnections,
+ final int maxTotalConnections)
throws Exception {
Engine.getInstance()
.getRegisteredServers()
@@ -381,7 +396,7 @@ public class CaosDBServer extends Application {
new Server(
(Context) null,
Arrays.asList(Protocol.HTTP),
- null,
+ server_bind_address,
port_http,
(Restlet) null,
"org.restlet.ext.jetty.HttpServerHelper");
@@ -418,6 +433,7 @@ public class CaosDBServer extends Application {
* connections on `port_http` and redirect any http connections to `port_redirect_https`.
*
* @author Timm Fitschen
+ * @param server_bind_address IP address to listen on (null means all interfaces).
* @param port_https Listen on this port for https connections.
* @param port_http Listen on this port for http connections and send http-to-https redirect with
* different port.
@@ -425,6 +441,7 @@ public class CaosDBServer extends Application {
* @throws Exception if problems occur starting up this server.
*/
private static void runHTTPSServer(
+ final String server_bind_address,
final int port_https,
final int port_http,
final int port_redirect_https,
@@ -441,7 +458,7 @@ public class CaosDBServer extends Application {
new Server(
(Context) null,
Arrays.asList(Protocol.HTTPS),
- null,
+ server_bind_address,
port_https,
(Restlet) null,
"org.caosdb.server.CaosDBServerConnectorHelper");
@@ -452,7 +469,7 @@ public class CaosDBServer extends Application {
logger.info("Redirecting to " + port_redirect_https);
component
.getServers()
- .add(Protocol.HTTP, port_http)
+ .add(Protocol.HTTP, server_bind_address, port_http)
.setNext(new HttpToHttpsRedirector(port_redirect_https));
}
diff --git a/src/main/java/org/caosdb/server/ServerProperties.java b/src/main/java/org/caosdb/server/ServerProperties.java
index 176492d691cc63c422e5996bb055763f8d05a751..d1df2c66587fe6377fb8293cb8b16264480e8ef0 100644
--- a/src/main/java/org/caosdb/server/ServerProperties.java
+++ b/src/main/java/org/caosdb/server/ServerProperties.java
@@ -62,6 +62,7 @@ public class ServerProperties extends Properties {
public static final String KEY_CONTEXT_ROOT = "CONTEXT_ROOT";
public static final String KEY_POLICY_COMPONENT = "POLICY_COMPONENT";
+ public static final String KEY_SERVER_BIND_ADDRESS = "SERVER_BIND_ADDRESS";
public static final String KEY_SERVER_PORT_HTTPS = "SERVER_PORT_HTTPS";
public static final String KEY_SERVER_PORT_HTTP = "SERVER_PORT_HTTP";
public static final String KEY_REDIRECT_HTTP_TO_HTTPS_PORT = "REDIRECT_HTTP_TO_HTTPS_PORT";