Merge branch 'adding-bind-address' into 'dev'

Adding the SERVER_BIND_ADDRESS configuration option to control which interfaces the server binds to.

See merge request caosdb/caosdb-server!81

CHANGELOG.md

@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 
 * An openAPI specification of the XML api
+* New server configuration option `SERVER_BIND_ADDRESS`, which is the address to listen to. See [server.conf](conf/core/server.conf).
 
 ### Changed
 

README_SETUP.md

@@ -100,7 +100,9 @@ server:
     * Setup for MySQL back-end:
       specify the fields `MYSQL_USER_NAME`, `MYSQL_USER_PASSWORD`,
       `MYSQL_DATABASE_NAME`, and `MYSQL_HOST`.
-    * Choose the ports under which CaosDB will be accessible.
+    * Choose the host and ports under which CaosDB will be accessible. The host
+      is the IP address the server should listen on. Blank (the default) means
+      all interfaces, and `127.0.0.1` means only localhost.
     * Setup the SSL certificate: Assuming that there is an appropriate `Java Key
       Store` file (see above), change the fields `CERTIFICATES_KEY_PASSWORD`,
       `CERTIFICATES_KEY_STORE_PATH`, and `CERTIFICATES_KEY_STORE_PASSWORD`.

conf/core/server.conf

@@ -77,6 +77,10 @@ MYSQL_SCHEMA_VERSION=v5.0
 # The context root is a prefix which allows running multiple instances of CaosDB using the same
 # hostname and port. Must start with "/".
 CONTEXT_ROOT=
+# Server bind/host address, which is the address to listen to. Set to blank, or
+# 0.0.0.0 in IPv4, to listen to all. Set to 127.0.0.1 to make it available to
+# localhost only.
+SERVER_BIND_ADDRESS=
 # HTTPS port of this server instance.
 SERVER_PORT_HTTPS=443
 # HTTP port of this server instance.

src/main/java/org/caosdb/server/CaosDBServer.java

@@ -330,6 +330,13 @@ public class CaosDBServer extends Application {
   }
 
   private static void initWebServer() throws Exception {
+    /* For the host, the property can't be used directly since blank should mean
+    all interfaces, not localhost; which means replacing a blank value with
+    null. */
+    final String server_bind_address_property =
+        getServerProperty(ServerProperties.KEY_SERVER_BIND_ADDRESS);
+    final String server_bind_address =
+        server_bind_address_property.length() == 0 ? null : server_bind_address_property;
     final int port_https =
         Integer.parseInt(getServerProperty(ServerProperties.KEY_SERVER_PORT_HTTPS));
     final int port_http =
@@ -347,10 +354,15 @@ public class CaosDBServer extends Application {
         Integer.parseInt(getServerProperty(ServerProperties.KEY_MAX_CONNECTIONS));
 
     if (NO_TLS) {
-      runHTTPServer(port_http, initialConnections, maxTotalConnections);
+      runHTTPServer(server_bind_address, port_http, initialConnections, maxTotalConnections);
     } else {
       runHTTPSServer(
-          port_https, port_http, port_redirect_https, initialConnections, maxTotalConnections);
+          server_bind_address,
+          port_https,
+          port_http,
+          port_redirect_https,
+          initialConnections,
+          maxTotalConnections);
     }
   }
 
@@ -368,7 +380,10 @@ public class CaosDBServer extends Application {
    * @throws Exception
    */
   private static void runHTTPServer(
-      final int port_http, final int initialConnections, final int maxTotalConnections)
+      final String server_bind_address,
+      final int port_http,
+      final int initialConnections,
+      final int maxTotalConnections)
       throws Exception {
     Engine.getInstance()
         .getRegisteredServers()
@@ -381,7 +396,7 @@ public class CaosDBServer extends Application {
         new Server(
             (Context) null,
             Arrays.asList(Protocol.HTTP),
-            null,
+            server_bind_address,
             port_http,
             (Restlet) null,
             "org.restlet.ext.jetty.HttpServerHelper");
@@ -418,6 +433,7 @@ public class CaosDBServer extends Application {
    * connections on `port_http` and redirect any http connections to `port_redirect_https`.
    *
    * @author Timm Fitschen
+   * @param server_bind_address IP address to listen on (null means all interfaces).
    * @param port_https Listen on this port for https connections.
    * @param port_http Listen on this port for http connections and send http-to-https redirect with
    *     different port.
@@ -425,6 +441,7 @@ public class CaosDBServer extends Application {
    * @throws Exception if problems occur starting up this server.
    */
   private static void runHTTPSServer(
+      final String server_bind_address,
       final int port_https,
       final int port_http,
       final int port_redirect_https,
@@ -441,7 +458,7 @@ public class CaosDBServer extends Application {
         new Server(
             (Context) null,
             Arrays.asList(Protocol.HTTPS),
-            null,
+            server_bind_address,
             port_https,
             (Restlet) null,
             "org.caosdb.server.CaosDBServerConnectorHelper");
@@ -452,7 +469,7 @@ public class CaosDBServer extends Application {
       logger.info("Redirecting to " + port_redirect_https);
       component
           .getServers()
-          .add(Protocol.HTTP, port_http)
+          .add(Protocol.HTTP, server_bind_address, port_http)
           .setNext(new HttpToHttpsRedirector(port_redirect_https));
     }
 

src/main/java/org/caosdb/server/ServerProperties.java

@@ -62,6 +62,7 @@ public class ServerProperties extends Properties {
   public static final String KEY_CONTEXT_ROOT = "CONTEXT_ROOT";
   public static final String KEY_POLICY_COMPONENT = "POLICY_COMPONENT";
 
+  public static final String KEY_SERVER_BIND_ADDRESS = "SERVER_BIND_ADDRESS";
   public static final String KEY_SERVER_PORT_HTTPS = "SERVER_PORT_HTTPS";
   public static final String KEY_SERVER_PORT_HTTP = "SERVER_PORT_HTTP";
   public static final String KEY_REDIRECT_HTTP_TO_HTTPS_PORT = "REDIRECT_HTTP_TO_HTTPS_PORT";