The Meteor documentation for WebApp indicates that it’s not required for Meteor applications, but does not specify how to disable it. We have need of other packages also included in meteor-base
, so it’s included in versions
in our project, but how do we prevent it from loading and starting?
It’s a little confusing in the documentation. You can actually build Meteor apps without WebApp (using only DDP based data transfer in your app logic) but Meteor itself still requires WebApp, which is why it is hard-wired in Meteor base.
Based on a GitHub search it seems also to be part of
- autoupdate
- appcache
- ddp-server
- dynamic-import
- browser-policy
- server-render
- oauth and accounts-oauth (thus all accounts-*)
- http
- cordova(???)
- mongo (???)
So trying to remove WebApp may break your functionality overall.
In docs it says it says that if you pass a --bare
flag during your app creation, it doesn’t include the webapp
package. But if it is a dependency of meteor-base
package then it will be added no matter what.
Should we update the docs?
EDIT :
I just checked that using --bare
flag does not include WebApp
package.
In my experience webapp is the only package that you must have to run Meteor. If you remove the webapp package with meteor remove webapp
, or by editing the packages file directly, you will get an error related to needing a “main” function that returns “daemon”.
There was a pertinent issue for this, where someone said it is “subject to a change in the future.”
I haven’t heard of someone re-implementing a main function aside from webapp. I’m not sure therefore why the documentation you referenced would say that “You can easily build a Meteor app without it”.
Is this the problem you’re facing?
@filipenevola are there documentation corrections, modifications or examples that need to be provided here, or perhaps this is subject to change?
Questions to this: if I want to make a backend-only minimal server, can I ensure that whenever browser tries to go to the url, it would behave exactly as if the url would not exist? Or any attempt to hide it (like rejection/redirection) would expose that there is a server behind the url? Or maybe block 80/433 ports either in Meteor or on hosting level then? But then the question on which port DDP connects and can it be amended?
ok… this seem to be the solution:
WebApp.rawConnectHandlers.use((req, res, next) => {
// Don't send any response, just leave the connection open.
});
Instead of outright blocking ports 80 and 443, you can configure a middleware in Meteor to not respond to any HTTP requests. This way, when the server is accessed via a browser, it will just hang without sending any response, mimicking a non-existent server.
This would help to still have default ports accessible but not answering on everything, only on something meaningful.
Or, even ‘simpler’ - just make the server running on some non-standard port.