From 73a5cc0b6af3432c976a0a55a209b83e778fd391 Mon Sep 17 00:00:00 2001 From: "Jason E. Aten" Date: Sat, 9 Jul 2016 12:48:59 -0500 Subject: [PATCH] Document the --http-addr flag. Accompanies the merged fix https://github.com/cockroachdb/cockroach/pull/7475 --- secure-a-cluster.md | 8 ++++---- start-a-local-cluster.md | 1 + start-a-node.md | 1 + 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/secure-a-cluster.md b/secure-a-cluster.md index 2794e09a867..0d34bcaab7a 100644 --- a/secure-a-cluster.md +++ b/secure-a-cluster.md @@ -46,7 +46,7 @@ Now that you have a [local cluster](start-a-local-cluster.html) up and running, 3. Restart the first node: ~~~ shell - $ cockroach start --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background + $ cockroach start --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background --http-addr=127.0.0.1 build: {{site.data.strings.version}} @ {{site.data.strings.build_time}} admin: https://ROACHs-MBP:8080 @@ -65,8 +65,8 @@ Now that you have a [local cluster](start-a-local-cluster.html) up and running, 4. Restart additional nodes: ~~~ shell - $ cockroach start --store=node2 --port=26258 --http-port=8081 --join=localhost:26257 --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background - $ cockroach start --store=node3 --port=26259 --http-port=8082 --join=localhost:26257 --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background + $ cockroach start --store=node2 --port=26258 --http-port=8081 --http-addr=127.0.0.1 --join=localhost:26257 --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background + $ cockroach start --store=node3 --port=26259 --http-port=8082 --http-addr=127.0.0.1 --join=localhost:26257 --ca-cert=certs/ca.cert --cert=certs/node.cert --key=certs/node.key --background ~~~ @@ -119,7 +119,7 @@ Now that you have a [local cluster](start-a-local-cluster.html) up and running, When you're done using the SQL shell, press **CTRL + D** to exit. -7. Reopen the [Admin UI](explore-the-admin-ui.html) by pointing your browser to `https://localhost:8080`. You can also find the address in the `admin` field in the standard output of any node on startup. +7. Reopen the [Admin UI](explore-the-admin-ui.html) by establishing an SSH tunnel `ssh -L 8080:127.0.0.1:8080 ROACHs-MBP` (substitute your first node's address for ROACHs-MBP). Then point your browser at `https://127.0.0.1:8080`. You can also find the address in the `admin` field in the standard output of any node on startup. Note that your browser will consider the CockroachDB-created certificate invalid; you’ll need to click through a warning message to get to the UI. diff --git a/start-a-local-cluster.md b/start-a-local-cluster.md index 43e95f16372..e971ac807a1 100644 --- a/start-a-local-cluster.md +++ b/start-a-local-cluster.md @@ -45,6 +45,7 @@ This command starts a node, accepting all [`cockroach start`](start-a-node.html) - Communication is insecure, with the server listening only on `localhost` on port `26257` for internal and client communication and on port `8080` for HTTP requests from the Admin UI. - To bind to different ports, set `--port=` and `--http-port=`. + - To bind the Admin web UI to a private IP address or host, set `--http-addr=`. - To listen on an external hostname or IP address, set `--insecure` and `--host=`. For a demonstration, see [Manual Deployment](manual-deployment.html). - Node data is stored in the `cockroach-data` directory. To store data in a different location, set `--store=`. To use multiple stores, set this flag separately for each. diff --git a/start-a-node.md b/start-a-node.md index 7c29fbdc119..b7223548e73 100644 --- a/start-a-node.md +++ b/start-a-node.md @@ -34,6 +34,7 @@ Flag | Description `--cert` | The path to the [node certificate](create-security-certificates.html). This flag is required to start a secure node. `--host` | The address to listen on for internal and client communication. The node also advertises itself to other nodes using this address. Therefore, if it is a hostname, it must be resolvable from all nodes, and if it is an IP address, it must be routable from all nodes.

When running an insecure local cluster (without `--insecure` and without cert flags), this defaults to `localhost` and cannot be changed. When running an insecure distributed cluster (with `--insecure` but without cert flags) or a secure local or distributed cluster (without `--insecure` but with cert flags), this can be an external address. `--http-port` | The port to listen on for HTTP requests from the Admin UI.

**Default:** 8080 +`--http-addr` | The IP address or hostname to listen on for Admin UI HTTP requests.

**Default:** same as --host `--insecure` | Set this only if the cluster is insecure and running on multiple machines.

If the cluster is insecure and local, leave this out. If the cluster is secure, leave this out and set the `--ca-cert`, `--cert`, and `-key` flags. `--join` | The address for connecting the node to an existing cluster. When starting the first node, leave this flag out. When starting subsequent nodes, set this flag to the address of any existing node. Optionally, you can specify the addresses of multiple existing nodes as a comma-separated list. `--key` | The path to the [node key](create-security-certificates.html) protecting the node certificate. This flag is required to start a secure node.