connection refused and host: 0.0.0.0 #5334
-
I use fastify to create a node server. I did the following
I kept getting connection refused with curl (running in the vps itself) and when browsing from the browser of my computer. After some more reading, I did this
meaning adding host: "0.0.0.0", and then everything worked. Eventually I will upload the client side (written in vue) to the same vps, that will interact with this server using axios. The url will be Regarding security and vulnerability, is this the right configuration to do this or did I miss something? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
👋 About why your change worked, basically |
Beta Was this translation helpful? Give feedback.
-
Thank you for a quick reply.
By security I mean more vulnerable to hacking without any benefits for me
because of my bad configuration.
Maybe I got it wrong but 0.0.0.0 sounds too exposed but I do need a browser
to access it when running my client so maybe this is how it should be?
…On Wed, Feb 28, 2024, 10:57 Carlos Fuentes ***@***.***> wrote:
👋
I'm not sure what you refer to with security exactly, maybe you can
elaborate more on that?
About why your change worked, basically fastify listens to localhost by
default when no host has been set; it automatically will attach to the
different IPs your local hostnames has while resolving localhost (usually
will do dual listen to IPv6 and IPv4 loopback addresses).
By changing to 0.0.0.0 you are setting fastify to listen to all possible
network interfaces within the machine.
—
Reply to this email directly, view it on GitHub
<#5334 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AYCGAE2NQXNNZW34252RJCDYV3WRPAVCNFSM6AAAAABD435ZASVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DMMJVGQ2DI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
I'm not so technical when it comes to networks so I got a little confused
over this:
*Does the system only have one publicly routable IP address: *if you mean
whether the vps has one IP assigned to it, then yes.
*Then **0.0.0.0 is likely fine: *if there is only one ip then 0.0.0.0 is
fine? Not the other way around?
*if you can't guarantee that, then I would suggest specifying the address
you want to serve requests over: *by address you mean the assigned ip?
Something else?
Thanks
…On Wed, Feb 28, 2024, 15:22 James Sumners ***@***.***> wrote:
We cannot answer the question about whether or not it is "secure" for you
to use 0.0.0.0 or not. The framework listens on localhost only by default
so that users can make that decision for themselves. The recommendation is:
listen on only the interfaces you need to listen on to provide the service
you want to provide. Does the system only have one publicly routable IP
address (for various definitions of "public"), and you *know* it will
never gain any others? Then 0.0.0.0 is likely fine. But if you can't
guarantee that, then I would suggest specifying the address you want to
serve requests over.
—
Reply to this email directly, view it on GitHub
<#5334 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AYCGAEZRRDN6BFOESKJKGLTYV4VQXAVCNFSM6AAAAABD435ZASVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DMMJYGQ2TA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
👋
I'm not sure what you refer to with security exactly, maybe you can elaborate more on that?
About why your change worked, basically
fastify
listens tolocalhost
by default when no host has been set; it automatically will attach to the different IPs your local hostnames has while resolvinglocalhost
(usually will do dual listen toIPv6
andIPv4
loopback addresses).By changing to
0.0.0.0
you are settingfastify
to listen to all possible network interfaces within the machine.