Allow specifying bind-interface via ENV variable
#58
Assignees
Comments
|
Thanks for such a detailed issue. I'm happy to implement this. Would you like to submit a PR (so you're listed as a contributor), or would you like me to implement it? |
|
I've got a lot on my plate at the moment and would prefer to defer to you for implementation, but I appreciate the offer. Thanks for the quick reply and willingness to do it! |
|
This is also needed for podman, which does not use the proxy either. The proposed fix is not quite right, it should be |
optiz0r
added a commit
to optiz0r/docker-flightradar24
that referenced
this issue
Jul 16, 2022
Allows setting the `bind-interface` config option in fr24feed.ini to allow access from non-private IP addresses. Can be set to `0.0.0.0` to allow access from any IP address (warning, may be insecure). If env var is not set (default), the config option will not be added to the config file, which is a secure default. Fixes sdr-enthusiasts#58
mikenye
pushed a commit
that referenced
this issue
Jul 17, 2022
Allows setting the `bind-interface` config option in fr24feed.ini to allow access from non-private IP addresses. Can be set to `0.0.0.0` to allow access from any IP address (warning, may be insecure). If env var is not set (default), the config option will not be added to the config file, which is a secure default. Fixes #58
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request (TL;DR)
Allow setting
bind-interfacein the config file via an environment variable, e.g. something like this:# Set up fr24feed { echo receiver="beast-tcp" echo fr24key="${FR24KEY}" echo host="${BEASTHOST}:${BEASTPORT}" echo bs="no" echo raw="no" echo logmode="1" echo logpath="/var/log" echo mlat="${MLAT}" echo mlat-without-gps="${MLAT}" + if [ -z "${BIND_INTERFACE}" ]; then + echo bind-interface="${BIND_INTERFACE}" + fi } > /etc/fr24feed.iniWhy?
By default, the fr24feed program only allows access to its web interface from IP addresses in a private range. If you try to access the web interface from an IP address outside one of these ranges, the following message is displayed:
So why doesn't this affect all users of this container? By default, docker runs with a "userland proxy". This means any incoming connections to a container appear to come from the proxy's address, typically
172.16.0.x(which is in the private range). So when running this container, most users' connections to the web-ui appears to come from an IP in the private range.However, I run docker without the userland proxy, so that my containers can see the real client IPs. I also access my container via the Tailscale VPN, which uses IP addresses outside the private range ref. So for my particular use case, I need to set the
bind-interfacevariable in the config.Thanks!
The text was updated successfully, but these errors were encountered: