Managing network interfaces for second node process in meteor stack

divito · June 23, 2015, 6:09pm

I would like to start a Meteor application in an infrastructure that have security restrictions applied to network interfaces.

Process must start binding to specific network interfaces, it’s not possible to bind as - example : TCP *:26758

When Meteor stack is online and running, two node processes can be found. The second process is triggered when connection to Mongo is successfully established:

$ ps -ef |grep -E "node|mongo" |grep -v grep

meteor   13128  5668  9 14:52 pts/0    00:00:07 /home/meteor/.meteor/packages/meteor-tool/.1.1.3.1a15mwv++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/bin/node /home/meteor/.meteor/packages/meteor-tool/.1.1.3.1a15mwv++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/main.js --port 192.168.0.107:8080

meteor   13149 13128  3 14:52 pts/0    00:00:02 /home/meteor/.meteor/packages/meteor-tool/.1.1.3.1a15mwv++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/mongodb/bin/mongod --bind_ip 127.0.0.1 --smallfiles --port 8081 --dbpath /home/meteor/apps/z1j-prod/.meteor/local/db --oplogSize 8 --replSet meteor

meteor   13205 13128  1 14:52 pts/0    00:00:01 /home/meteor/.meteor/packages/meteor-tool/.1.1.3.1a15mwv++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/bin/node /home/meteor/apps/z1j-prod/.meteor/local/build/main.js

I’m able to force interface bind for the first node process (pid 13128), but the second node process (pid 13205) starts listening in all interfaces:

lsof |grep meteor |grep LISTEN  |grep node
node      13128               meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
SignalSen 13128 13141         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13128 13143         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13128 13144         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13128 13145         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13128 13146         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13128 13206         meteor   13u     IPv4             244552       0t0        TCP oel70.node.com:webcache (LISTEN)
node      13205               meteor   11u     IPv4             244597       0t0        TCP localhost:36099 (LISTEN)
node      13205               meteor   25u     IPv4             244618       0t0        TCP *:26758 (LISTEN)
node      13205 13209         meteor   11u     IPv4             244597       0t0        TCP localhost:36099 (LISTEN)
node      13205 13209         meteor   25u     IPv4             244618       0t0        TCP *:26758 (LISTEN)
node      13205 13210         meteor   11u     IPv4             244597       0t0        TCP localhost:36099 (LISTEN)
node      13205 13210         meteor   25u     IPv4             244618       0t0        TCP *:26758 (LISTEN)
node      13205 13211         meteor   11u     IPv4             244597       0t0        TCP localhost:36099 (LISTEN)
node      13205 13211         meteor   25u     IPv4             244618       0t0        TCP *:26758 (LISTEN)
node      13205 13212         meteor   11u     IPv4             244597       0t0        TCP localhost:36099 (LISTEN)
node      13205 13212         meteor   25u     IPv4             244618       0t0        TCP *:26758 (LISTEN)

I start meteor with the following command: meteor --port 192.168.0.107:8080

This behavior it’s the same using meteor’s mongo instance or if using an external mongo instance
(export MONGO_URL=mongodb://mean.node.com:27017/meteor)

I’m using Meteor 1.1.0.2

Is possible to force interface binding for the second node process ??

Thanks