How can I prevent Meteor from binding to a public IP?


#1

Okay, I have the following setup - nginx as a proxy server who deals with SSL and also deals out the static files, passing all other requests to the Meteor server on localhost:3000.

Meteor itself is run using forever start main.js (and the fitting ENV variables are set so it knows where the mongodb is, how to send mails and which port it should run under).

This works just fine and dandy. However, the website is not only reachable through https://example.com but also via http://example.com:3000.

So, is there an easy way to bind Meteor solely to localhost, short of using iptables to drop incoming requests?


#2

You can probably use the ROOT_URL env variable

ROOT_URL=http://localhost meteor

#3

Nope. Port 3000 still bound to the public ip, doesn’t matter whether I use http://localhost or http://127.0.0.1 or whatever.


#4

Check out http://www.meteorpedia.com/read/Bind_to_specific_IP_Address.

But I still suggest to use iptables to drop any requests to non-whitelisted ports.


#5

If that’s an ubuntu server, you could use ufw which is a very simple firewall frontend

sudo apt-get install ufw
sudo ufw allow 80
sudo ufw enable

basically means only port 80 is allowed and requests to other ports are dropped

make sure you allow the ssh port, too :wink:


#6

Setting BIND_IP=5.5.5.5 should definitely work in production. I wouldn’t expect that to work on development using the meteor-tool