From bbc6c465ac8a698f676aaf63a80e270bc5f85738 Mon Sep 17 00:00:00 2001 From: Nicolas Surleraux Date: Wed, 24 May 2023 11:42:27 +0200 Subject: [PATCH 1/4] Allow to listen on a specific address via TLJH config --- docs/topic/tljh-config.md | 13 +++++++++++++ tests/test_traefik.py | 11 +++++++++++ tljh/config.py | 7 ++++++- tljh/configurer.py | 2 ++ tljh/traefik.toml.tpl | 4 ++-- 5 files changed, 34 insertions(+), 3 deletions(-) diff --git a/docs/topic/tljh-config.md b/docs/topic/tljh-config.md index 561e4b9..2df93ee 100644 --- a/docs/topic/tljh-config.md +++ b/docs/topic/tljh-config.md @@ -85,6 +85,19 @@ sudo tljh-config set https.port 8443 sudo tljh-config reload proxy ``` +(tljh-set-listen-address) + +### Listen address + +Use `http.address` and `https.address` to set the addresses that TLJH will listen on, +which is an empty address by default (it means it listens on all interfaces by default). + +```bash +sudo tljh-config set http.address 127.0.0.1 +sudo tljh-config set https.address 127.0.0.1 +sudo tljh-config reload proxy +``` + (tljh-set-user-lists)= ### User Lists diff --git a/tests/test_traefik.py b/tests/test_traefik.py index 4098586..b75369d 100644 --- a/tests/test_traefik.py +++ b/tests/test_traefik.py @@ -240,3 +240,14 @@ def test_extra_config(tmpdir, tljh_dir): # Check that the defaults were updated by the extra config assert toml_cfg["log"]["level"] == "ERROR" assert toml_cfg["api"]["dashboard"] == True + + +def test_listen_address(tmpdir, tljh_dir): + state_dir = config.STATE_DIR + config.set_config_value(config.CONFIG_FILE, "http.address", "127.0.0.1") + config.set_config_value(config.CONFIG_FILE, "https.address", "127.0.0.1") + traefik.ensure_traefik_config(str(state_dir)) + + cfg = _read_static_config(state_dir) + assert cfg["entryPoints"]['http']['address'] == "127.0.0.1:80" + assert cfg["entryPoints"]['https']['address'] == "127.0.0.1:443" diff --git a/tljh/config.py b/tljh/config.py index 60d5cc6..0bb3921 100644 --- a/tljh/config.py +++ b/tljh/config.py @@ -244,10 +244,15 @@ def check_hub_ready(): base_url = load_config()["base_url"] base_url = base_url[:-1] if base_url[-1] == "/" else base_url + http_address = load_config()["http"]["address"] http_port = load_config()["http"]["port"] + # The default config is an empty address, so it binds on all interfaces. + # Test the connectivity on the local address. + if http_address == '': + http_address = '127.0.0.1' try: r = requests.get( - "http://127.0.0.1:%d%s/hub/api" % (http_port, base_url), verify=False + "http://%s:%d%s/hub/api" % (http_address, http_port, base_url), verify=False ) if r.status_code != 200: print(f"Hub not ready: (HTTP status {r.status_code})") diff --git a/tljh/configurer.py b/tljh/configurer.py index 8e49d75..1fb60f6 100644 --- a/tljh/configurer.py +++ b/tljh/configurer.py @@ -28,10 +28,12 @@ default = { "cpu": None, }, "http": { + "address": "", "port": 80, }, "https": { "enabled": False, + "address": "", "port": 443, "tls": { "cert": "", diff --git a/tljh/traefik.toml.tpl b/tljh/traefik.toml.tpl index fa5b6ef..5fc0034 100644 --- a/tljh/traefik.toml.tpl +++ b/tljh/traefik.toml.tpl @@ -22,7 +22,7 @@ X-Xsrftoken = "redact" [entryPoints] [entryPoints.http] - address = ":{{ http['port'] }}" + address = "{{ http['address'] }}:{{ http['port'] }}" [entryPoints.http.transport.respondingTimeouts] idleTimeout = "10m" @@ -33,7 +33,7 @@ X-Xsrftoken = "redact" scheme = "https" [entryPoints.https] - address = ":{{ https['port'] }}" + address = "{{ https['address'] }}:{{ https['port'] }}" [entryPoints.https.http.tls] options = "default" From bf360ec3322fe9f6de18bf99ae519833fe6f7531 Mon Sep 17 00:00:00 2001 From: Nicolas Surleraux Date: Wed, 24 May 2023 11:53:18 +0200 Subject: [PATCH 2/4] Enable https in test_listen_address so it renders --- tests/test_traefik.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/test_traefik.py b/tests/test_traefik.py index b75369d..69dc681 100644 --- a/tests/test_traefik.py +++ b/tests/test_traefik.py @@ -244,8 +244,11 @@ def test_extra_config(tmpdir, tljh_dir): def test_listen_address(tmpdir, tljh_dir): state_dir = config.STATE_DIR + config.set_config_value(config.CONFIG_FILE, "https.enabled", True) + config.set_config_value(config.CONFIG_FILE, "http.address", "127.0.0.1") config.set_config_value(config.CONFIG_FILE, "https.address", "127.0.0.1") + traefik.ensure_traefik_config(str(state_dir)) cfg = _read_static_config(state_dir) From d63732515275c9cfb64a70ea6b68e9b1a3bea33c Mon Sep 17 00:00:00 2001 From: Nicolas Surleraux Date: Thu, 25 May 2023 14:41:26 +0200 Subject: [PATCH 3/4] Add https requirements in tests --- tests/test_traefik.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_traefik.py b/tests/test_traefik.py index 69dc681..cd7d251 100644 --- a/tests/test_traefik.py +++ b/tests/test_traefik.py @@ -245,10 +245,12 @@ def test_extra_config(tmpdir, tljh_dir): def test_listen_address(tmpdir, tljh_dir): state_dir = config.STATE_DIR config.set_config_value(config.CONFIG_FILE, "https.enabled", True) + config.set_config_value(config.CONFIG_FILE, "https.tls.key", "/path/to/ssl.key") + config.set_config_value(config.CONFIG_FILE, "https.tls.cert", "/path/to/ssl.cert") config.set_config_value(config.CONFIG_FILE, "http.address", "127.0.0.1") config.set_config_value(config.CONFIG_FILE, "https.address", "127.0.0.1") - + traefik.ensure_traefik_config(str(state_dir)) cfg = _read_static_config(state_dir) From 0f385af837ab56632bfb45622b5df5efac8ec6f2 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 12:56:21 +0000 Subject: [PATCH 4/4] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- tests/test_traefik.py | 4 ++-- tljh/config.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/test_traefik.py b/tests/test_traefik.py index cd7d251..f950266 100644 --- a/tests/test_traefik.py +++ b/tests/test_traefik.py @@ -254,5 +254,5 @@ def test_listen_address(tmpdir, tljh_dir): traefik.ensure_traefik_config(str(state_dir)) cfg = _read_static_config(state_dir) - assert cfg["entryPoints"]['http']['address'] == "127.0.0.1:80" - assert cfg["entryPoints"]['https']['address'] == "127.0.0.1:443" + assert cfg["entryPoints"]["http"]["address"] == "127.0.0.1:80" + assert cfg["entryPoints"]["https"]["address"] == "127.0.0.1:443" diff --git a/tljh/config.py b/tljh/config.py index 0bb3921..d308e9e 100644 --- a/tljh/config.py +++ b/tljh/config.py @@ -248,8 +248,8 @@ def check_hub_ready(): http_port = load_config()["http"]["port"] # The default config is an empty address, so it binds on all interfaces. # Test the connectivity on the local address. - if http_address == '': - http_address = '127.0.0.1' + if http_address == "": + http_address = "127.0.0.1" try: r = requests.get( "http://%s:%d%s/hub/api" % (http_address, http_port, base_url), verify=False