From 8f8881ef4fe4a90d16a375e56e63c44447757261 Mon Sep 17 00:00:00 2001
From: Freja Nordsiek <freja.nordsiek@ds.mpg.de>
Date: Wed, 15 Sep 2021 09:35:25 +0200
Subject: [PATCH] Added the SERVER_BIND_ADDRESS configuration option to control
which interfaces the server binds to.
---
README_SETUP.md | 4 ++-
conf/core/server.conf | 4 +++
.../java/org/caosdb/server/CaosDBServer.java | 29 +++++++++++++++----
.../org/caosdb/server/ServerProperties.java | 1 +
4 files changed, 31 insertions(+), 7 deletions(-)
diff --git a/README_SETUP.md b/README_SETUP.md
index afc63592..a15fbc3d 100644
--- a/README_SETUP.md
+++ b/README_SETUP.md
@@ -94,7 +94,9 @@ server:
* Setup for MySQL back-end:
specify the fields `MYSQL_USER_NAME`, `MYSQL_USER_PASSWORD`,
`MYSQL_DATABASE_NAME`, and `MYSQL_HOST`.
- * Choose the ports under which CaosDB will be accessible.
+ * Choose the host and ports under which CaosDB will be accessible. The host
+ is the IP address the server should listen on. Blank (the default) means
+ all interfaces, and `127.0.0.1` means only localhost.
* Setup the SSL certificate: Assuming that there is an appropriate `Java Key
Store` file (see above), change the fields `CERTIFICATES_KEY_PASSWORD`,
`CERTIFICATES_KEY_STORE_PATH`, and `CERTIFICATES_KEY_STORE_PASSWORD`.
diff --git a/conf/core/server.conf b/conf/core/server.conf
index 153f7691..793f8111 100644
--- a/conf/core/server.conf
+++ b/conf/core/server.conf
@@ -77,6 +77,10 @@ MYSQL_SCHEMA_VERSION=v5.0
# The context root is a prefix which allows running multiple instances of CaosDB using the same
# hostname and port. Must start with "/".
CONTEXT_ROOT=
+# Server bind/host address, which is the address to listen to. Set to blank, or
+# 0.0.0.0 in IPv4, to listen to all. Set to 127.0.0.1 to make it available to
+# localhost only.
+SERVER_BIND_ADDRESS=
# HTTPS port of this server instance.
SERVER_PORT_HTTPS=443
# HTTP port of this server instance.
diff --git a/src/main/java/org/caosdb/server/CaosDBServer.java b/src/main/java/org/caosdb/server/CaosDBServer.java
index 74e70fc6..bd053276 100644
--- a/src/main/java/org/caosdb/server/CaosDBServer.java
+++ b/src/main/java/org/caosdb/server/CaosDBServer.java
@@ -330,6 +330,13 @@ public class CaosDBServer extends Application {
}
private static void initWebServer() throws Exception {
+ /* For the host, the property can't be used directly since blank should mean
+ all interfaces, not localhost; which means replacing a blank value with
+ null. */
+ final String server_bind_address_property =
+ getServerProperty(ServerProperties.KEY_SERVER_BIND_ADDRESS);
+ final String server_bind_address =
+ server_bind_address_property.length() == 0 ? null : server_bind_address_property;
final int port_https =
Integer.parseInt(getServerProperty(ServerProperties.KEY_SERVER_PORT_HTTPS));
final int port_http =
@@ -347,10 +354,15 @@ public class CaosDBServer extends Application {
Integer.parseInt(getServerProperty(ServerProperties.KEY_MAX_CONNECTIONS));
if (NO_TLS) {
- runHTTPServer(port_http, initialConnections, maxTotalConnections);
+ runHTTPServer(server_bind_address, port_http, initialConnections, maxTotalConnections);
} else {
runHTTPSServer(
- port_https, port_http, port_redirect_https, initialConnections, maxTotalConnections);
+ server_bind_address,
+ port_https,
+ port_http,
+ port_redirect_https,
+ initialConnections,
+ maxTotalConnections);
}
}
@@ -368,7 +380,10 @@ public class CaosDBServer extends Application {
* @throws Exception
*/
private static void runHTTPServer(
- final int port_http, final int initialConnections, final int maxTotalConnections)
+ final String server_bind_address,
+ final int port_http,
+ final int initialConnections,
+ final int maxTotalConnections)
throws Exception {
Engine.getInstance()
.getRegisteredServers()
@@ -381,7 +396,7 @@ public class CaosDBServer extends Application {
new Server(
(Context) null,
Arrays.asList(Protocol.HTTP),
- null,
+ server_bind_address,
port_http,
(Restlet) null,
"org.restlet.ext.jetty.HttpServerHelper");
@@ -418,6 +433,7 @@ public class CaosDBServer extends Application {
* connections on `port_http` and redirect any http connections to `port_redirect_https`.
*
* @author Timm Fitschen
+ * @param server_bind_address IP address to listen on (null means all interfaces).
* @param port_https Listen on this port for https connections.
* @param port_http Listen on this port for http connections and send http-to-https redirect with
* different port.
@@ -425,6 +441,7 @@ public class CaosDBServer extends Application {
* @throws Exception if problems occur starting up this server.
*/
private static void runHTTPSServer(
+ final String server_bind_address,
final int port_https,
final int port_http,
final int port_redirect_https,
@@ -441,7 +458,7 @@ public class CaosDBServer extends Application {
new Server(
(Context) null,
Arrays.asList(Protocol.HTTPS),
- null,
+ server_bind_address,
port_https,
(Restlet) null,
"org.caosdb.server.CaosDBServerConnectorHelper");
@@ -452,7 +469,7 @@ public class CaosDBServer extends Application {
logger.info("Redirecting to " + port_redirect_https);
component
.getServers()
- .add(Protocol.HTTP, port_http)
+ .add(Protocol.HTTP, server_bind_address, port_http)
.setNext(new HttpToHttpsRedirector(port_redirect_https));
}
diff --git a/src/main/java/org/caosdb/server/ServerProperties.java b/src/main/java/org/caosdb/server/ServerProperties.java
index 176492d6..d1df2c66 100644
--- a/src/main/java/org/caosdb/server/ServerProperties.java
+++ b/src/main/java/org/caosdb/server/ServerProperties.java
@@ -62,6 +62,7 @@ public class ServerProperties extends Properties {
public static final String KEY_CONTEXT_ROOT = "CONTEXT_ROOT";
public static final String KEY_POLICY_COMPONENT = "POLICY_COMPONENT";
+ public static final String KEY_SERVER_BIND_ADDRESS = "SERVER_BIND_ADDRESS";
public static final String KEY_SERVER_PORT_HTTPS = "SERVER_PORT_HTTPS";
public static final String KEY_SERVER_PORT_HTTP = "SERVER_PORT_HTTP";
public static final String KEY_REDIRECT_HTTP_TO_HTTPS_PORT = "REDIRECT_HTTP_TO_HTTPS_PORT";
--
GitLab