How can I prevent Meteor from binding to a public IP?

rhywden · April 27, 2016, 9:34pm

Okay, I have the following setup - nginx as a proxy server who deals with SSL and also deals out the static files, passing all other requests to the Meteor server on localhost:3000.

Meteor itself is run using forever start main.js (and the fitting ENV variables are set so it knows where the mongodb is, how to send mails and which port it should run under).

This works just fine and dandy. However, the website is not only reachable through https://example.com but also via http://example.com:3000.

So, is there an easy way to bind Meteor solely to localhost, short of using iptables to drop incoming requests?

reoh · April 27, 2016, 10:17pm

You can probably use the ROOT_URL env variable

ROOT_URL=http://localhost meteor

rhywden · April 27, 2016, 10:35pm

Nope. Port 3000 still bound to the public ip, doesn’t matter whether I use http://localhost or http://127.0.0.1 or whatever.

gadicc · April 28, 2016, 7:24am

Check out http://www.meteorpedia.com/read/Bind_to_specific_IP_Address.

But I still suggest to use iptables to drop any requests to non-whitelisted ports.

serkandurusoy · April 28, 2016, 7:39am

If that’s an ubuntu server, you could use ufw which is a very simple firewall frontend

sudo apt-get install ufw
sudo ufw allow 80
sudo ufw enable

basically means only port 80 is allowed and requests to other ports are dropped

make sure you allow the ssh port, too

abernix · April 28, 2016, 8:56am

Setting BIND_IP=5.5.5.5 should definitely work in production. I wouldn’t expect that to work on development using the meteor-tool