We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug描述 bfe docker 版本 bfenetworks/bfe:v-1.5.0 无法通过web-monitor 对配置进行热加载,提示:
{ "error": "reload is not allowed from [xxx.xxx.xxx.xxx:xxxx]" }
复现 docker run --name bfe -p 8080:8080 -p 8443:8443 -p 8421:8421 -v /home/work/data/bfe/log:/bfe/log -v /home/work/data/bfe/conf:/bfe/conf -d bfenetworks/bfe:v-1.5.0
推测 监控机制的热加载有安全要求(仅允许从同服务器访问):
// source ip address allowed to do reload var RELOAD_SRC_ALLOWED = map[string]bool{ "127.0.0.1": true, "::1": true, }
而从容器外访问无法满足同服务器的要求,另外容器中并未安装 curl 等工具,所以容器版bfe无法完成实现配置热加载。
The text was updated successfully, but these errors were encountered:
从安全角度考虑,BFE对发起reload的客户端来源地址确实做了限制,只允许从同机发起。
一种可能的解决方案是对于web-monitor端口的访问增加认证控制机制,从而允许远程触发reload。 如果哪位同学有兴趣,也欢迎贡献这方面的功能代码。
Sorry, something went wrong.
建议先将允许的来源地址转移至bfe_server.conf配置文件,而非硬编码在代码中。
1 这个功能内部版本BFE是支持的,可以考虑将这个功能开源出来
2 一些外部用户采用了如下方案来解决这类问题,供参考: @AFreeCoder
Can I work on this issue? @iyangsj @mileszhang2016
bhavyastar
No branches or pull requests
bug描述
bfe docker 版本 bfenetworks/bfe:v-1.5.0 无法通过web-monitor 对配置进行热加载,提示:
复现
docker run --name bfe -p 8080:8080 -p 8443:8443 -p 8421:8421 -v /home/work/data/bfe/log:/bfe/log -v /home/work/data/bfe/conf:/bfe/conf -d bfenetworks/bfe:v-1.5.0
推测
监控机制的热加载有安全要求(仅允许从同服务器访问):
而从容器外访问无法满足同服务器的要求,另外容器中并未安装 curl 等工具,所以容器版bfe无法完成实现配置热加载。
The text was updated successfully, but these errors were encountered: