зеркало из https://github.com/mozilla/treeherder.git
4735e9d434
By default webservers like Django's runserver, gunicorn or the Webpack devserver only bind to the loopback adapter (127.0.0.1) and so are not accessible from outside the Vagrant / virtualbox VM, since port forwarding only forwards traffic to the non-loopback adapters. Previously varnish (which listened on `0.0.0.0`) was reverse proxying traffic to runserver/gunicorn, however we need to now do so for webpack-dev-server on another port too. Doing both with varnish adds complexity, and we don't actually need any of varnish's other features, so ideally want to stop using it. Rather than having to override each webserver to bind to all adapters (using the IP `0.0.0.0`), it's possible to forward traffic to the loopback adapter using iptables NAT PREROUTING rules. This is still secure so long as the Vagrantfile port forwarding uses a `host_ip` of `127.0.0.1`. To prevent this "Martian packet" traffic from being blocked, `route_localnet` must also be set to `1`. See: https://unix.stackexchange.com/questions/111433/iptables-redirect-outside-requests-to-127-0-0-1 By default neither sysctl or iptables settings are persisted across reboots, and fixing that requires more complexity (eg installing the iptables-persistent package and handling config changes during provision). As such, it's just easier to re-run the commands on each login since they take <30ms. |
||
|---|---|---|
| .. | ||
| ui | ||
| Makefile | ||
| admin.rst | ||
| code_style.rst | ||
| common_tasks.rst | ||
| conf.py | ||
| data_validation.rst | ||
| dataload.rst | ||
| deployment.rst | ||
| index.rst | ||
| installation.rst | ||
| list_of_services.rst | ||
| pulseload.rst | ||
| rest_api.rst | ||
| retrieving_data.rst | ||
| seta.rst | ||
| submitting_data.rst | ||
| testcases.rst | ||
| troubleshooting.rst | ||