You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Arno Toell (JIRA)" <ji...@apache.org> on 2011/05/08 17:59:03 UTC

[jira] [Created] (TS-765) Make ATS listening sockets configurable

Make ATS listening sockets configurable
---------------------------------------

                 Key: TS-765
                 URL: https://issues.apache.org/jira/browse/TS-765
             Project: Traffic Server
          Issue Type: Improvement
          Components: Configuration, Network
    Affects Versions: 2.1.8
            Reporter: Arno Toell
            Priority: Minor


I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 

* Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
* Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
* Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TS-765) Make ATS listening sockets configurable

Posted by "Arno Toell (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arno Toell updated TS-765:
--------------------------

    Description: 
I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 

* Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
* Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
* Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
* The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

  was:
I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 

* Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
* Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
* Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 



> Make ATS listening sockets configurable
> ---------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Priority: Minor
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Issue Comment Edited] (TS-765) Make ATS listening sockets configurable

Posted by "Arno Toell (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030546#comment-13030546 ] 

Arno Toell edited comment on TS-765 at 5/8/11 9:17 PM:
-------------------------------------------------------

For the record, a summary of changes as I discussed them with Leif in the IRC:

* 8088 is no problem anymore until clustering is enabled, so there is only the TS-766 improvement left there. However _if_ enabled, I think it is still fairly useful to allow the user to bind to a specific IP. Say, you run a public facing proxy in cluster mode where you want to communicate in between on private IPs between cluster peers. 

* I would feel better if 8084 binds to the loopback only. This is perhaps neither intrusive, as there is a check whether the source IP is local anyway.  

Unless there are further comments on this, I will split this bug into those two tasks later. 

      was (Author: at):
    For the record, a summary of changes as I discussed them with Leif in the IRC:

* 8088 is no problem anymore until clustering is enabled, so there is only the TS-766 improvement left there. However _if_ enabled, I think it is still fairly useful to allow the user to bind to a specific IP. Say, you run a public facing proxy in cluster mode which should communicate on private IPs between peers. 

* I would feel better if 8084 binds to the loopback only. This is perhaps neither intrusive, as there is a check whether the source IP is local anyway.  

Unless there are further comments on this, I will split this bug into those two tasks later. 
  
> Make ATS listening sockets configurable
> ---------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Priority: Minor
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (TS-765) Make the backdoor port (8084 by default) only listen on "localhost"

Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom updated TS-765:
-----------------------------

    Fix Version/s: 2.1.9
         Assignee: Leif Hedstrom
          Summary: Make the backdoor port (8084 by default) only listen on "localhost"  (was: Make ATS listening sockets configurable)

Changing the Summary.

> Make the backdoor port (8084 by default) only listen on "localhost"
> -------------------------------------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Assignee: Leif Hedstrom
>            Priority: Minor
>             Fix For: 2.1.9
>
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TS-765) Make ATS listening sockets configurable

Posted by "Arno Toell (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030546#comment-13030546 ] 

Arno Toell commented on TS-765:
-------------------------------

For the record, a summary of changes as I discussed them with Leif in the IRC:

* 8088 is no problem anymore until clustering is enabled, so there is only the TS-766 improvement left there. However _if_ enabled, I think it is still fairly useful to allow the user to bind to a specific IP. Say, you run a public facing proxy in cluster mode which should communicate on private IPs between peers. 

* I would feel better if 8084 binds to the loopback only. This is perhaps neither intrusive, as there is a check whether the source IP is local anyway.  

Unless there are further comments on this, I will split this bug into those two tasks later. 

> Make ATS listening sockets configurable
> ---------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Priority: Minor
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (TS-765) Make the backdoor port (8084 by default) only listen on "localhost"

Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Leif Hedstrom resolved TS-765.
------------------------------

    Resolution: Fixed

Closing this, if any of the other items in the list needs fixing (other than TS-767), please open other bugs.

> Make the backdoor port (8084 by default) only listen on "localhost"
> -------------------------------------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Assignee: Leif Hedstrom
>            Priority: Minor
>             Fix For: 2.1.9
>
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TS-765) Make ATS listening sockets configurable

Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/TS-765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030541#comment-13030541 ] 

Leif Hedstrom commented on TS-765:
----------------------------------

1) There is an option to limit the IP to bind:

{code}
LOCAL proxy.local.incoming_ip_to_bind STRING 192.168.101.17
{code}

It's not as flexible as we'd like, we should redo all IP / port binding options for v3.2.

2) Not binding 8083 is not possible at this point, this port is also used for the synthetic health check. Since it won't do anything but the synthetic.txt page by default, I think this is fairly benign (and we really want it to support the health check, it's one of the "strength" we have, were if traffic_server doesn't proxy the synthetic.txt request propely to traffic_manager, we restart).

What we possibly could do is to only bind 127.0.0.1 in the case where we want to disable autoconf support.


3) Port 8088 should not be bound now, unless you enable clustering. I fixed that a long time ago.

4) I believe port 8084 is protected already, only allowing "forward proxy" request from either localhost, or the IP that the server binds as. The reason for 8084 is to allow the synthetic.txt request from traffic_cop to be proxied in forward proxy to traffic_manager's port 8083. This is needed, so that records.config settings don't get in the way of the health checks (as far as I can tell at least).

I.e. the request from traffic_cop is something on the line of

{code}
curl -x http://localhost:8084   http://127.0.0.1:8083/syntethic.txt
{code}

and this is done to properly exercise the entire HTTP proxy, from end-to-end, to assure everything is working.

> Make ATS listening sockets configurable
> ---------------------------------------
>
>                 Key: TS-765
>                 URL: https://issues.apache.org/jira/browse/TS-765
>             Project: Traffic Server
>          Issue Type: Improvement
>          Components: Configuration, Network
>    Affects Versions: 2.1.8
>            Reporter: Arno Toell
>            Priority: Minor
>
> I consider the way how Traffic Server opens listening ports dangerous, or at least more risky than necessary. Currently ATS allows to configure port numbers for the related services, but not the listening interface. Instead it binds to 0.0.0.0. Therefore I'd like to suggest 
> * Allow the user to specify a listening interface, don't assume 0.0.0.0 suits for all setups.
> * Disable the "autoconfiguration port" (i.e. 8083 by default) unless proxy.local.cluster.type is set to enable clustering (!= 3). I think _traffic_shell_ and eventually _traffic_line_ use this port to configure ATS locally. If so it should be bound to the loop back at least or using Unix Domain Sockets or whatever local socket method you prefer.
> * Disable the "reliable service port" (i.e. 8088 by default) unless proxy.local.cluster.type enables clustering. Similar to the "autoconfiguration port". If _traffic_cop_ (or something else on the local machine) is using this port, the same suggestions apply as above. 
> * The "internal communication port" (8084) should not open a public socket at all. Instead use Unix Domain Sockets or something similar. 

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira