server: make host configurable to enable IPv6 support

This change also separates the API host and the LDAP host for further customization.

lldap_config.docker_template.toml

@@ -7,9 +7,21 @@
 ## You can set it with the LLDAP_VERBOSE environment variable.
 # verbose=false
 
+## The host address that the LDAP server will be bound to.
+## To enable IPv6 support, simply switch "ldap_host" to "::":
+## To only allow connections from localhost (if you want to restrict to local self-hosted services),
+## change it to "127.0.0.1" ("::1" in case of IPv6)".
+#ldap_host = "0.0.0.0"
+
 ## The port on which to have the LDAP server.
 #ldap_port = 3890
 
+## The host address that the HTTP server will be bound to.
+## To enable IPv6 support, simply switch "http_host" to "::".
+## To only allow connections from localhost (if you want to restrict to local self-hosted services),
+## change it to "127.0.0.1" ("::1" in case of IPv6)".
+#http_host = "0.0.0.0"
+
 ## The port on which to have the HTTP server, for user login and
 ## administration.
 #http_port = 17170

server/src/infra/cli.rs

@@ -54,10 +54,18 @@ pub struct RunOpts {
     #[clap(long, env = "LLDAP_SERVER_KEY_FILE")]
     pub server_key_file: Option<String>,
 
+    /// Change ldap host. Default: "0.0.0.0"
+    #[clap(long, env = "LLDAP_LDAP_HOST")]
+    pub ldap_host: Option<String>,
+
     /// Change ldap port. Default: 3890
     #[clap(long, env = "LLDAP_LDAP_PORT")]
     pub ldap_port: Option<u16>,
 
+    /// Change HTTP API host. Default: "0.0.0.0"
+    #[clap(long, env = "LLDAP_HTTP_HOST")]
+    pub http_host: Option<String>,
+
     /// Change HTTP API port. Default: 17170
     #[clap(long, env = "LLDAP_HTTP_PORT")]
     pub http_port: Option<u16>,

server/src/infra/configuration.rs

@@ -64,8 +64,12 @@ impl std::default::Default for LdapsOptions {
 #[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)]
 #[builder(pattern = "owned", build_fn(name = "private_build"))]
 pub struct Configuration {
+    #[builder(default = r#"String::from("0.0.0.0")"#)]
+    pub ldap_host: String,
     #[builder(default = "3890")]
     pub ldap_port: u16,
+    #[builder(default = r#"String::from("0.0.0.0")"#)]
+    pub http_host: String,
     #[builder(default = "17170")]
     pub http_port: u16,
     #[builder(default = r#"SecUtf8::from("secretjwtsecret")"#)]

server/src/infra/ldap_server.rs

@@ -177,7 +177,7 @@ where
 
     info!("Starting the LDAP server on port {}", config.ldap_port);
     let server_builder = server_builder
-        .bind("ldap", ("0.0.0.0", config.ldap_port), binder)
+        .bind("ldap", (config.ldap_host.clone(), config.ldap_port), binder)
         .with_context(|| format!("while binding to the port {}", config.ldap_port));
     if config.ldaps_options.enabled {
         let tls_context = (
@@ -212,8 +212,12 @@ where
             config.ldaps_options.port
         );
         server_builder.and_then(|s| {
-            s.bind("ldaps", ("0.0.0.0", config.ldaps_options.port), tls_binder)
-                .with_context(|| format!("while binding to the port {}", config.ldaps_options.port))
+            s.bind(
+                "ldaps",
+                (config.ldap_host.clone(), config.ldaps_options.port),
+                tls_binder,
+            )
+            .with_context(|| format!("while binding to the port {}", config.ldaps_options.port))
         })
     } else {
         server_builder

server/src/infra/tcp_server.rs

@@ -129,30 +129,34 @@ where
     let mail_options = config.smtp_options.clone();
     info!("Starting the API/web server on port {}", config.http_port);
     server_builder
-        .bind("http", ("0.0.0.0", config.http_port), move || {
-            let backend_handler = backend_handler.clone();
-            let jwt_secret = jwt_secret.clone();
-            let jwt_blacklist = jwt_blacklist.clone();
-            let server_url = server_url.clone();
-            let mail_options = mail_options.clone();
-            HttpServiceBuilder::new()
-                .finish(map_config(
-                    App::new()
-                        .wrap(tracing_actix_web::TracingLogger::<CustomRootSpanBuilder>::new())
-                        .configure(move |cfg| {
-                            http_config(
-                                cfg,
-                                backend_handler,
-                                jwt_secret,
-                                jwt_blacklist,
-                                server_url,
-                                mail_options,
-                            )
-                        }),
-                    |_| AppConfig::default(),
-                ))
-                .tcp()
-        })
+        .bind(
+            "http",
+            (config.http_host.clone(), config.http_port),
+            move || {
+                let backend_handler = backend_handler.clone();
+                let jwt_secret = jwt_secret.clone();
+                let jwt_blacklist = jwt_blacklist.clone();
+                let server_url = server_url.clone();
+                let mail_options = mail_options.clone();
+                HttpServiceBuilder::new()
+                    .finish(map_config(
+                        App::new()
+                            .wrap(tracing_actix_web::TracingLogger::<CustomRootSpanBuilder>::new())
+                            .configure(move |cfg| {
+                                http_config(
+                                    cfg,
+                                    backend_handler,
+                                    jwt_secret,
+                                    jwt_blacklist,
+                                    server_url,
+                                    mail_options,
+                                )
+                            }),
+                        |_| AppConfig::default(),
+                    ))
+                    .tcp()
+            },
+        )
         .with_context(|| {
             format!(
                 "While bringing up the TCP server with port {}",