Now that #7 is fixed and I can pull the Docker image, I've been able to try it out.
Overall, it works wonders and it's a great app!
However, when I run the image:
$ docker run --rm -it -p 3000:3000 ghcr.io/kiralt/torrent-stream-server:1.2.0
{"message":"Starting app on http://127.0.0.1:3000","level":"info"}
{"message":"Preparing torrent directory - /tmp/torrent-stream-server","level":"info"}
Looking at the log, even before opening the web UI, the message with 127.0.0.1
as listening address worried me. I wondered that, in such case, the Docker container won't be accessible from the outside, even with the appropriate port mapping (-p 3000:3000
).
However, I could connect to the service on my server over LAN at 192.169.1.100
and everything worked like a charm.
I wanted to investigate further, and installed the netstat
tool:
$ docker exec -it torrent-stream-server bash
Ign:1 http://deb.debian.org/debian stretch InRelease
Get:2 http://security.debian.org/debian-security stretch/updates InRelease [53.0 kB]
Get:3 http://deb.debian.org/debian stretch-updates InRelease [93.6 kB]
Get:4 http://deb.debian.org/debian stretch Release [118 kB]
Get:5 http://deb.debian.org/debian stretch Release.gpg [2410 B]
Get:6 http://security.debian.org/debian-security stretch/updates/main amd64 Packages [604 kB]
Get:7 http://deb.debian.org/debian stretch-updates/main amd64 Packages [2596 B]
Get:8 http://deb.debian.org/debian stretch/main amd64 Packages [7080 kB]
Fetched 7953 kB in 4s (1937 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
50 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
net-tools
0 upgraded, 1 newly installed, 0 to remove and 50 not upgraded.
Need to get 248 kB of archives.
After this operation, 963 kB of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch/main amd64 net-tools amd64 1.60+git20161116.90da8a0-1 [248 kB]
Fetched 248 kB in 0s (1027 kB/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package net-tools.
(Reading database ... 29937 files and directories currently installed.)
Preparing to unpack .../net-tools_1.60+git20161116.90da8a0-1_amd64.deb ...
Unpacking net-tools (1.60+git20161116.90da8a0-1) ...
Setting up net-tools (1.60+git20161116.90da8a0-1) ...
root@9cda3d8ef4c5:/usr/app# netstat -putanl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp6 0 0 :::3000 :::* LISTEN 8/node
tcp6 0 0 172.17.0.2:3000 192.168.1.101:58560 ESTABLISHED 8/node
tcp6 0 0 172.17.0.2:3000 192.168.1.101:58559 ESTABLISHED 8/node
I guess I'm able to connect over IPv6, since the only listening address is :::3000
, as reported by netstat
.
Looks like to me that the 127.0.0.1
listening address advertised is not the real.
I've had a quick look at the code and the listen address is just a hardcoded, text string. Also, it can't be configured otherwise, as opposed to the listening port.
Overall, it's somewhat confusing as a first-time user.
So, my findings are:
- With port mappings it works, and it is OK to listen on
:::3000
, however...
- I'm not sure if it would work in an IPv4-only scenario (no
0.0.0.0:3000 LISTEN
entry).
- If used in host networking mode (
--net=host
) it's not clear to me which listen address would use in a predictable manner. Also, you might actually want to force it to be 127.0.0.1
in such scenario.
- I could not set explicitly a listen address from configuration.
My proposal would be:
- Get the real listen address from the actual app object property, so it does not cause confusion or, worse yet, gives a false sense of not being exposed.
- Make listen address configurable, as done with the port (both via config and env var).
Hope this helps.