Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

localhost access denied when custom conf.yaml is mounted in docker #15

Closed
gmara13 opened this issue Mar 21, 2021 · 13 comments
Closed

localhost access denied when custom conf.yaml is mounted in docker #15

gmara13 opened this issue Mar 21, 2021 · 13 comments
Assignees
Labels
bug Something isn't working

Comments

@gmara13
Copy link

gmara13 commented Mar 21, 2021

ibeam has bee working fine with default set up. have ben testing requests on the server that ibeam is running on by hitting localhost:5000 url just fine. mounted a volume with conf.yaml that allows ip access from my local machine and access is confirmed but now localhost:5000 access is denied when running requests from the server ibeam is on. nothing changed on conf.yaml from default except for adding one ip under allowed ips. tried changing url to 127.0.0.1, 0.0.0.0, etc nothing works, keep getting 404 response.

@Voyz Voyz self-assigned this Mar 22, 2021
@Voyz
Copy link
Owner

Voyz commented Mar 22, 2021

Hey @gmara13 welcome to IBeam! 😊

Sorry to hear the conf.yaml is causing you some issues. Could I ask you to share the contents of your conf.yaml file here - make sure you hide the cacert password if you do - so we could understand what may be causing that issue?

Also, are you running IBeam as a standalone or as a Docker image?

@Voyz Voyz added the bug Something isn't working label Mar 22, 2021
@gmara13
Copy link
Author

gmara13 commented Mar 22, 2021

    ip2loc: "US"
    proxyRemoteSsl: true
    proxyRemoteHost: "https://api.ibkr.com"
    listenPort: 5000
    listenSsl: true
    svcEnvironment: "v1"
    sslCert: "vertx.jks"
    sslPwd: "mywebapi"
    authDelay: 3000
    portalBaseURL: ""
    serverOptions:
        blockedThreadCheckInterval: 1000000
        eventLoopPoolSize: 20
        workerPoolSize: 20
        maxWorkerExecuteTime: 100
        internalBlockingPoolSize: 20
    cors:
        origin.allowed: "*"
        allowCredentials: false
    webApps:
        - name: "demo"
          index: "index.html"
    ips:
      allow:
        - 192.*
        - 131.216.*
        - 127.0.0.1
        - xxx.xxx.xxx
      deny:
        - 212.90.324.10

its the same default file with the only addition of the ip allowed. conf works to allow that specified ip so settings are being passed
Edit: using the docker image

@Voyz
Copy link
Owner

Voyz commented Mar 23, 2021

Great, thanks for providing the conf file! I think I can see where the issue is. The original ips/allow looks like this:

    ips:
      allow:
        - 192.*
        - 131.216.*
        - 127.0.0.1

While yours contains that xxx.xxx.xxx addition, and a change from 192.* to 192.. I would guess this is why your localhost no longer is allowed. Try adding that asterisk * back behind 192. and see if this helps.

Alternatively, I'd also try verify that this xxx.xxx.xxx is a valid field there. From what I can see the asterisks are used as wildcards, as opposed to x's - possibly this is corrupting the setup?

@gmara13
Copy link
Author

gmara13 commented Mar 23, 2021

ah sorry mate. this was a typo from when i copied the text into github and tried to format it. the '' is actually present in '192.' and the 'xxx' are just placeholders to cover my ip. the below is what is present in the conf

ips:
  allow:
    - 192.*
    - 131.216.*
    - 127.0.0.1
    - 216.032.123.34

@Voyz
Copy link
Owner

Voyz commented Mar 24, 2021

Right, thanks for clarifying that 👍

Could you then share the code or command you use to communicate with the gateway (make sure to remove any credentials)? A 404 error sounds more like an incorrect endpoint. Also please share the full output of the command.

@gmara13
Copy link
Author

gmara13 commented Mar 24, 2021

so once the gateway is up im just using simple requests in python:
here is working from my PC accessing server:
https://gyazo.com/b5310581b6feaf91c5df4e1042a8595a

here is NOT working from server:
https://gyazo.com/26c6edb59b6e2b6504437173fe8a7bb5

if i take off the mounted conf.yaml though the localhost url works

@Voyz
Copy link
Owner

Voyz commented Mar 25, 2021

Thanks for all that info 👍

Can I ask you to add this IP: 0.0.0.0 to config.yaml ips/allow and try again?

I think I might have been incorrect in that IBeam uses the default config.yaml.

@gmara13
Copy link
Author

gmara13 commented Mar 25, 2021

0.0.0.0 was added to allowed but still getting 404 response

@Voyz
Copy link
Owner

Voyz commented Mar 26, 2021

Can you try this as the conf.yaml:

ip2loc: "US"
proxyRemoteSsl: true
proxyRemoteHost: "https://api.ibkr.com"
listenPort: 5000
listenSsl: true
svcEnvironment: "v1"
sslCert: "vertx.jks"
sslPwd: "mywebapi"
authDelay: 3000
portalBaseURL: ""
serverOptions:
  blockedThreadCheckInterval: 1000000
  eventLoopPoolSize: 20
  workerPoolSize: 20
  maxWorkerExecuteTime: 100
  internalBlockingPoolSize: 20
cors:
  origin.allowed: "*"
  allowCredentials: false
webApps:
  - name: "demo"
    index: "index.html"
ips:
  allow:
    - 192.*
    - 131.216.*
    - 127.0.0.1
    - 0.0.0.0
    - 172.17.0.0
    - 172.17.0.1
    - 172.17.0.2
    - 172.17.0.3
  deny:
    - 212.90.324.10

And try again?

@gmara13
Copy link
Author

gmara13 commented Mar 26, 2021

Solved! the addition of 172.17.0.0 solved the connection issue

@Voyz
Copy link
Owner

Voyz commented Mar 26, 2021

I'm glad that it helped! 😄

Although at the same time I'm puzzled as to why this would have fixed it. This is a docker-internal IP. I'm going to look into this when I find some time.

@Voyz
Copy link
Owner

Voyz commented Mar 30, 2021

Right, I can't figure it why exactly but indeed that 172.17.0.0 is necessary to connect from outside of the docker network. I remember having dug into it back in October when I was developing IBeam pre-alpha and must have put it there on purpose. I'm going to update the docs to clarify this. Thanks for highlighting the issue @gmara13 👍👏

@Voyz
Copy link
Owner

Voyz commented Mar 30, 2021

Updated Wiki documentation to clarify what the default conf.yaml file contains and why 172.17.0.* is there by default.

https://github.com/Voyz/ibeam/wiki/Gateway-Configuration
https://github.com/Voyz/ibeam/wiki/Troubleshooting#access-denied

Marking this issue as closed 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants