From 2668ea4553e75e0079fa7e47917ff0d203e6a5f1 Mon Sep 17 00:00:00 2001 From: Waldemar Heinze <1307809+wheinze@users.noreply.github.com> Date: Thu, 24 Nov 2022 23:39:11 +0100 Subject: [PATCH] server: make `host` configurable to enable IPv6 support This change also separates the API host and the LDAP host for further customization. --- lldap_config.docker_template.toml | 12 +++++++ server/src/infra/cli.rs | 8 +++++ server/src/infra/configuration.rs | 4 +++ server/src/infra/ldap_server.rs | 10 ++++-- server/src/infra/tcp_server.rs | 52 +++++++++++++++++-------------- 5 files changed, 59 insertions(+), 27 deletions(-) diff --git a/lldap_config.docker_template.toml b/lldap_config.docker_template.toml index 9ab45ec..c16fd3f 100644 --- a/lldap_config.docker_template.toml +++ b/lldap_config.docker_template.toml @@ -7,9 +7,21 @@ ## You can set it with the LLDAP_VERBOSE environment variable. # verbose=false +## The host address that the LDAP server will be bound to. +## To enable IPv6 support, simply switch "ldap_host" to "::": +## To only allow connections from localhost (if you want to restrict to local self-hosted services), +## change it to "127.0.0.1" ("::1" in case of IPv6)". +#ldap_host = "0.0.0.0" + ## The port on which to have the LDAP server. #ldap_port = 3890 +## The host address that the HTTP server will be bound to. +## To enable IPv6 support, simply switch "http_host" to "::". +## To only allow connections from localhost (if you want to restrict to local self-hosted services), +## change it to "127.0.0.1" ("::1" in case of IPv6)". +#http_host = "0.0.0.0" + ## The port on which to have the HTTP server, for user login and ## administration. #http_port = 17170 diff --git a/server/src/infra/cli.rs b/server/src/infra/cli.rs index 031d67e..a31a968 100644 --- a/server/src/infra/cli.rs +++ b/server/src/infra/cli.rs @@ -54,10 +54,18 @@ pub struct RunOpts { #[clap(long, env = "LLDAP_SERVER_KEY_FILE")] pub server_key_file: Option, + /// Change ldap host. Default: "0.0.0.0" + #[clap(long, env = "LLDAP_LDAP_HOST")] + pub ldap_host: Option, + /// Change ldap port. Default: 3890 #[clap(long, env = "LLDAP_LDAP_PORT")] pub ldap_port: Option, + /// Change HTTP API host. Default: "0.0.0.0" + #[clap(long, env = "LLDAP_HTTP_HOST")] + pub http_host: Option, + /// Change HTTP API port. Default: 17170 #[clap(long, env = "LLDAP_HTTP_PORT")] pub http_port: Option, diff --git a/server/src/infra/configuration.rs b/server/src/infra/configuration.rs index 63bce2f..bfdc3ee 100644 --- a/server/src/infra/configuration.rs +++ b/server/src/infra/configuration.rs @@ -64,8 +64,12 @@ impl std::default::Default for LdapsOptions { #[derive(Clone, Debug, Deserialize, Serialize, derive_builder::Builder)] #[builder(pattern = "owned", build_fn(name = "private_build"))] pub struct Configuration { + #[builder(default = r#"String::from("0.0.0.0")"#)] + pub ldap_host: String, #[builder(default = "3890")] pub ldap_port: u16, + #[builder(default = r#"String::from("0.0.0.0")"#)] + pub http_host: String, #[builder(default = "17170")] pub http_port: u16, #[builder(default = r#"SecUtf8::from("secretjwtsecret")"#)] diff --git a/server/src/infra/ldap_server.rs b/server/src/infra/ldap_server.rs index 9cc2899..80b8cf4 100644 --- a/server/src/infra/ldap_server.rs +++ b/server/src/infra/ldap_server.rs @@ -177,7 +177,7 @@ where info!("Starting the LDAP server on port {}", config.ldap_port); let server_builder = server_builder - .bind("ldap", ("0.0.0.0", config.ldap_port), binder) + .bind("ldap", (config.ldap_host.clone(), config.ldap_port), binder) .with_context(|| format!("while binding to the port {}", config.ldap_port)); if config.ldaps_options.enabled { let tls_context = ( @@ -212,8 +212,12 @@ where config.ldaps_options.port ); server_builder.and_then(|s| { - s.bind("ldaps", ("0.0.0.0", config.ldaps_options.port), tls_binder) - .with_context(|| format!("while binding to the port {}", config.ldaps_options.port)) + s.bind( + "ldaps", + (config.ldap_host.clone(), config.ldaps_options.port), + tls_binder, + ) + .with_context(|| format!("while binding to the port {}", config.ldaps_options.port)) }) } else { server_builder diff --git a/server/src/infra/tcp_server.rs b/server/src/infra/tcp_server.rs index 76772ea..ee11596 100644 --- a/server/src/infra/tcp_server.rs +++ b/server/src/infra/tcp_server.rs @@ -129,30 +129,34 @@ where let mail_options = config.smtp_options.clone(); info!("Starting the API/web server on port {}", config.http_port); server_builder - .bind("http", ("0.0.0.0", config.http_port), move || { - let backend_handler = backend_handler.clone(); - let jwt_secret = jwt_secret.clone(); - let jwt_blacklist = jwt_blacklist.clone(); - let server_url = server_url.clone(); - let mail_options = mail_options.clone(); - HttpServiceBuilder::new() - .finish(map_config( - App::new() - .wrap(tracing_actix_web::TracingLogger::::new()) - .configure(move |cfg| { - http_config( - cfg, - backend_handler, - jwt_secret, - jwt_blacklist, - server_url, - mail_options, - ) - }), - |_| AppConfig::default(), - )) - .tcp() - }) + .bind( + "http", + (config.http_host.clone(), config.http_port), + move || { + let backend_handler = backend_handler.clone(); + let jwt_secret = jwt_secret.clone(); + let jwt_blacklist = jwt_blacklist.clone(); + let server_url = server_url.clone(); + let mail_options = mail_options.clone(); + HttpServiceBuilder::new() + .finish(map_config( + App::new() + .wrap(tracing_actix_web::TracingLogger::::new()) + .configure(move |cfg| { + http_config( + cfg, + backend_handler, + jwt_secret, + jwt_blacklist, + server_url, + mail_options, + ) + }), + |_| AppConfig::default(), + )) + .tcp() + }, + ) .with_context(|| { format!( "While bringing up the TCP server with port {}",