[
https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030546#comment-13030546
]
Arno Toell edited comment on TS-765 at 5/8/11 9:17 PM:
-------------------------------------------------------
For the record, a summary of changes as I discussed them with Leif in the IRC:
* 8088 is no problem anymore until clustering is enabled, so there is only the
TS-766 improvement left there. However _if_ enabled, I think it is still fairly
useful to allow the user to bind to a specific IP. Say, you run a public facing
proxy in cluster mode where you want to communicate in between on private IPs
between cluster peers.
* I would feel better if 8084 binds to the loopback only. This is perhaps
neither intrusive, as there is a check whether the source IP is local anyway.
Unless there are further comments on this, I will split this bug into those two
tasks later.
was (Author: at):
For the record, a summary of changes as I discussed them with Leif in the
IRC:
* 8088 is no problem anymore until clustering is enabled, so there is only the
TS-766 improvement left there. However _if_ enabled, I think it is still fairly
useful to allow the user to bind to a specific IP. Say, you run a public facing
proxy in cluster mode which should communicate on private IPs between peers.
* I would feel better if 8084 binds to the loopback only. This is perhaps
neither intrusive, as there is a check whether the source IP is local anyway.
Unless there are further comments on this, I will split this bug into those two
tasks later.
> Make ATS listening sockets configurable
> ---------------------------------------
>
> Key: TS-765
> URL: https://issues.apache.org/jira/browse/TS-765
> Project: Traffic Server
> Issue Type: Improvement
> Components: Configuration, Network
> Affects Versions: 2.1.8
> Reporter: Arno Toell
> Priority: Minor
>
> I consider the way how Traffic Server opens listening ports dangerous, or at
> least more risky than necessary. Currently ATS allows to configure port
> numbers for the related services, but not the listening interface. Instead it
> binds to 0.0.0.0. Therefore I'd like to suggest
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits
> for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless
> proxy.local.cluster.type is set to enable clustering (!= 3). I think
> _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS
> locally. If so it should be bound to the loop back at least or using Unix
> Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless
> proxy.local.cluster.type enables clustering. Similar to the
> "autoconfiguration port". If _traffic_cop_ (or something else on the local
> machine) is using this port, the same suggestions apply as above.
> * The "internal communication port" (8084) should not open a public socket at
> all. Instead use Unix Domain Sockets or something similar.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
