Adding host configuration feature #1101
Conversation
|
Thanks @farajfarook! Why not bind to 0.0.0.0 all ips? Also, please make sure you follow up on our code commit guidelines: https://github.com/meanjs/mean/blob/master/CONTRIBUTING.md#commit-message-guidelines |
|
@farajfarook I would agree with @lirantal that it should be bound to 0.0.0.0 by default. However, I'd also recommend putting this in the production env file, but commented out with a note saying binding it to 127.0.0.1 is much safer in production. |
| @@ -7,6 +7,7 @@ module.exports = { | |||
| certificate: './config/sslcerts/cert.pem' | |||
| }, | |||
| port: process.env.PORT || 8443, | |||
| host: process.env.HOST || '127.0.0.1', | |||
There was a problem hiding this comment.
@farajfarook we should be consistent and set the production config to 0.0.0.0 too.
IMO it's not that much of a security risk because users usually clone on their own machine and set it up later to run on production usually using build tools.
More than that, nowadays people use docker (or other types of VMs) and it is required to bind to a non-loopback host/ip to make the app accessible.
|
@farajfarook I added another comment, once we're done and decided upon this please squash your commits to just one and we'll merge. Thanks again for contributing! |
Adding the functionality of configuring the host to bind the server. By default this is set to 0.0.0.0.
|
@lirantal Did the changes as per your comment and squashed the commits. 👍 Please merge. |
|
thanks I'll review and merge later on. |
|
LGTM |
Adding host configuration feature
Adding the functionality of configuring the host to start the server.
By default set this to
127.0.0.1as the best practice is to run the server locally and expose the port via a proxy like nginx.