New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow binding the web server port to a specific address #981
Comments
Here's the docs on how to do that! https://owncast.online/docs/configuration/#custom-ports
|
Hm, I think I worded my request poorly. More than the actual port, what I mean is the binding, that is that the listening port is only bound on localhost and so outside connections are not possible. IOW, I want to set the binding to localhost:8080, for example, because in that case only nginx will be able to connect to 8080. Right now, if I set, for example, port to 12345 and I use a reverse proxy, clients can:
The former scenario is what I want to avoid. With Docker it's fairly easy because you can set Like this, if one wants, there is one less service listening on all interfaces, and eliminates the need of using a firewall rule to block access to the port, to force all client traffic (web service) through the reverse proxy. This of course doesn't concern the actual streaming port, just the web interface's. |
Yeah I see what you're getting at, it's a good idea. It would be a good command line flag to add. I'll slip this in with a future update, thanks for the suggestion! |
it's implemented with a default to 0.0.0.0 for ease of use. 127.0.0.1 is recommended for setups behind a SSL Proxy, simply to have less attack surface exposed to the public. |
The best example is when using a reverse proxy, which means the server admin could allow connections to the actual server port (8080) only from localhost (while everyone else connects through the proxy itself), but includes people with multiple network interfaces who may want to have the web port listening to only one of the addresses they have.
The text was updated successfully, but these errors were encountered: