From 3d8dd68b140c64bb27282e431dfc92f4be94a91c Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 16 Nov 2022 15:25:10 +0100 Subject: [PATCH] default to localhost, not listen on all Signed-off-by: Kristoffer Dalby --- cmd/headscale/headscale_test.go | 4 ++-- config-example.yaml | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index 6acd7c0a..e84e11e2 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -55,7 +55,7 @@ func (*Suite) TestConfigFileLoading(c *check.C) { // Test that config file was interpreted correctly c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080") - c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080") + c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080") c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090") c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3") c.Assert(viper.GetString("db_path"), check.Equals, "./db.sqlite") @@ -98,7 +98,7 @@ func (*Suite) TestConfigLoading(c *check.C) { // Test that config file was interpreted correctly c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080") - c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080") + c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080") c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090") c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3") c.Assert(viper.GetString("db_path"), check.Equals, "./db.sqlite") diff --git a/config-example.yaml b/config-example.yaml index 96a267bc..9e33539e 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -14,7 +14,9 @@ server_url: http://127.0.0.1:8080 # Address to listen to / bind to on the server # -listen_addr: 0.0.0.0:8080 +# For production: +# listen_addr: 0.0.0.0:8080 +listen_addr: 127.0.0.1:8080 # Address to listen to /metrics, you may want # to keep this endpoint private to your internal @@ -27,7 +29,10 @@ metrics_listen_addr: 127.0.0.1:9090 # remotely with the CLI # Note: Remote access _only_ works if you have # valid certificates. -grpc_listen_addr: 0.0.0.0:50443 +# +# For production: +# grpc_listen_addr: 0.0.0.0:50443 +grpc_listen_addr: 127.0.0.1:50443 # Allow the gRPC admin interface to run in INSECURE # mode. This is not recommended as the traffic will