Configuring Zinc & Seaside to listen 127.0.0.1 only
Locked
Configuring Zinc & Seaside to listen 127.0.0.1 only
 
|
Hi,
I must deploy an application made with Zinc and Seaside. My application is behind a proxy installed on the same computer, I want to configure Seaside to accept only the connection from the 127.0.0.1 address. How to do that ? Best regards Olivier ;-)_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
I just add something like this to my
#renderContentOn: method
html requestContext request remoteAddress = '127.0.0.1' ifFalse: [ ^html text: 'go away!' ]. Cheers, Bob On 9/30/13 4:46 AM, Olivier Auverlot
wrote:
Hi, I must deploy an application made with Zinc and Seaside. My application is behind a proxy installed on the same computer, I want to configure Seaside to accept only the connection from the 127.0.0.1 address. How to do that ? Best regards Olivier ;-)_______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
In reply to this post by Olivier Auverlot
Try
(ZnServer on: portNumber) bindingAddress: NetNameResolver loopBackAddress; start Norbert Am 30.09.2013 um 10:46 schrieb Olivier Auverlot <[hidden email]>: > Hi, > > I must deploy an application made with Zinc and Seaside. My application is behind a proxy installed on the same computer, I want to configure Seaside to accept only the connection from the 127.0.0.1 address. > > How to do that ? > > Best regards > Olivier ;-)_______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
Oh,
just read your last sentence again and you want to do it with seaside? You could make a subclass of WARequestFilter that checks for remote address. This filter you can add to your application thus decorating it. Take look at WAExceptionFilter and its usage to get a glimpse of you can do it. In your inquiry I read something security like in the subtext of your question. If this is the case then handling checks at the web application level is probably not the best suited solution. You would only secure one application and if there are more installed they would be open until you have all of them secured. Binding the Socket for the zinc server to the loopback (127.0.0.1) device is better (and mostly easier). That way only your proxy and local users can access the seaside image and you don't need to think much more about it. Norbert Am 30.09.2013 um 11:34 schrieb Norbert Hartl <[hidden email]>: > Try > > (ZnServer on: portNumber) > bindingAddress: NetNameResolver loopBackAddress; > start > > Norbert > > Am 30.09.2013 um 10:46 schrieb Olivier Auverlot <[hidden email]>: > >> Hi, >> >> I must deploy an application made with Zinc and Seaside. My application is behind a proxy installed on the same computer, I want to configure Seaside to accept only the connection from the 127.0.0.1 address. >> >> How to do that ? >> >> Best regards >> Olivier ;-)_______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
In reply to this post by NorbertHartl
The full answer, with Seaside running would look like this:
| server adaptor | server := ZnServer on: 8080. server bindingAddress: NetNameResolver loopBackAddress. adaptor := ZnZincServerAdaptor new. adaptor server: server; configureDelegate; configureServerForBinaryReading. adaptor start. server Sven On 30 Sep 2013, at 11:34, Norbert Hartl <[hidden email]> wrote: > Try > > (ZnServer on: portNumber) > bindingAddress: NetNameResolver loopBackAddress; > start > > Norbert > > Am 30.09.2013 um 10:46 schrieb Olivier Auverlot <[hidden email]>: > >> Hi, >> >> I must deploy an application made with Zinc and Seaside. My application is behind a proxy installed on the same computer, I want to configure Seaside to accept only the connection from the 127.0.0.1 address. >> >> How to do that ? >> >> Best regards >> Olivier ;-)_______________________________________________ >> seaside mailing list >> [hidden email] >> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside > > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
That's works fine ! Thanks at all for you help.
Olivier :-) Le 30 sept. 2013 à 11:51, Sven Van Caekenberghe a écrit : | server adaptor | _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
In reply to this post by Sven Van Caekenberghe-2
Hi,
I tried to start the server as per your instructions, but something didn't work as expected. I'm getting a HTTP 500 response when trying to access an REST API (WaRestfulHandler subclass). | server wsServer adaptor | server := ZnServer on: 8080. server bindingAddress: nil. adaptor := ZnZincServerAdaptor new. adaptor server: server; configureDelegate; configureServerForBinaryReading. adaptor start. wsServer := ZnServer on: 8081. wsServer bindingAddress: nil. wsServer delegate: (ZnWebSocketDelegate map: 'ws' to: GptWsHandler new). > POST /gpt-api/v1/events HTTP/1.1 > User-Agent: curl/7.26.0 > Host: servervm:8080 > Accept: */* > Content-Type: application/json > Content-Length: 162 > * upload completely sent off: 162 out of 162 b < HTTP/1.1 500 Internal Server Error < Content-Type: text/plain < Content-Length: 512 < Date: Mon, 23 Dec 2013 19:02:54 GMT < Server: Zinc HTTP Components 1.0 < Internal Error: receiver of "delegate" is nil If I start the server like this: ZnZincServerAdaptor stop. ZnServer stopDefault. ZnZincServerAdaptor startOn: 8080. ZnServer startDefaultOn: 8081. ZnServer default delegate: (ZnWebSocketDelegate map: 'store-status' to: GptStoreStatusHandler new). Everything works perfectly. I'm bounding the server to nil, because bounding to localhost worked but I need to find a workaround to reach the Seaside /config app externally from the nginx. Clues? _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
Re: Configuring Zinc & Seaside to listen 127.0.0.1 only
|
|
Esteban,
On 23 Dec 2013, at 20:20, Esteban A. Maringolo <[hidden email]> wrote: > Hi, > > I tried to start the server as per your instructions, but something > didn't work as expected. I'm getting a HTTP 500 response when trying > to access an REST API (WaRestfulHandler subclass). > > | server wsServer adaptor | > server := ZnServer on: 8080. > server bindingAddress: nil. > adaptor := ZnZincServerAdaptor new. > adaptor server: server; configureDelegate; configureServerForBinaryReading. > adaptor start. > wsServer := ZnServer on: 8081. > wsServer bindingAddress: nil. > wsServer delegate: (ZnWebSocketDelegate map: 'ws' to: GptWsHandler new). I tried again, the instructions: | server adaptor | server := ZnServer on: 8080. server bindingAddress: NetNameResolver loopBackAddress. adaptor := ZnZincServerAdaptor new. adaptor server: server; configureDelegate; configureServerForBinaryReading. adaptor start. server. or | server adaptor | server := ZnServer on: 8080. server bindingAddress: nil. adaptor := ZnZincServerAdaptor new. adaptor server: server; configureDelegate; configureServerForBinaryReading. adaptor start. server. just work. Please inspect ZnServer allSubInstances. it is very easy to get things mixed up and have multiple servers running, with the wrong one, the one you don’t expect, being active. Also, in your code above, you didn’t start the second server. >> POST /gpt-api/v1/events HTTP/1.1 >> User-Agent: curl/7.26.0 >> Host: servervm:8080 >> Accept: */* >> Content-Type: application/json >> Content-Length: 162 >> > * upload completely sent off: 162 out of 162 b > < HTTP/1.1 500 Internal Server Error > < Content-Type: text/plain > < Content-Length: 512 > < Date: Mon, 23 Dec 2013 19:02:54 GMT > < Server: Zinc HTTP Components 1.0 > < > Internal Error: receiver of "delegate" is nil You could put the server in #debugMode: and explore things in a debugger from there on. > If I start the server like this: > ZnZincServerAdaptor stop. > ZnServer stopDefault. > ZnZincServerAdaptor startOn: 8080. > ZnServer startDefaultOn: 8081. > ZnServer default > delegate: (ZnWebSocketDelegate map: 'store-status' to: > GptStoreStatusHandler new). > > Everything works perfectly. > > I'm bounding the server to nil, because bounding to localhost worked > but I need to find a workaround to reach the Seaside /config app > externally from the nginx. > > Clues? Either you bind to the local interface, limiting access for security, or not, there is no way around it. I could imagine having a locally bound Seaside instance being proxied selectively, exposing what you want, the way you want it, to the outside world. Does that make sense ? You have to be careful with the /admin interface though. HTH, Sven > _______________________________________________ > seaside mailing list > [hidden email] > http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside _______________________________________________ seaside mailing list [hidden email] http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside |
«
Return to Seaside General
|
1 view|%1 views
| Free forum by Nabble | Edit this page |