loolwsd is hardcoded to bind to 0.0.0.0. If you run it by default it opens two ports # netstat -p -t tcp -l -n Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name ... tcp 0 0 0.0.0.0:9980 0.0.0.0:* LISTEN 1739/loolwsd tcp 0 0 127.0.0.1:9981 0.0.0.0:* LISTEN 1739/loolwsd Why is this? Most web daemons let me pick a listen address, so that I can, if I want, put it behind nginx/apache/whatever. Is this just an oversight because your default supported config assumes everyone will wrap loolwsd inside docker and use `docker port 127.0.0.1:9980:9980` to wrap it. The code that causes this is because the 9980 websocket port is hardcoded to "Type::Public", and that causes: https://cgit.freedesktop.org/libreoffice/online/tree/wsd/LOOLWSD.cpp#n2605 ``` std::shared_ptr<ServerSocket> socket = getServerSocket( ServerSocket::Type::Public, port, WebServerPoll, factory); ``` https://cgit.freedesktop.org/libreoffice/online/tree/wsd/LOOLWSD.cpp#n2555 ``` if (!serverSocket->bind(type, port)) return nullptr; ``` https://cgit.freedesktop.org/libreoffice/online/tree/net/Socket.cpp#n210 ``` if (type == Type::Public) addrv4.sin_addr.s_addr = type == htonl(INADDR_ANY); else addrv4.sin_addr.s_addr = type == htonl(INADDR_LOOPBACK); ``` Instead of this trying to be helpful, can there please be a <listen> config option? I just want to be able to tell loolwsd "listen here, I promise I know what I'm doing" In practice this doesn't seem to hurt me; I have nginx fronting loolwsd so no one actually speaks unencrypted to loolwsd, but there's the potential that someone might misconfigure a client somewhere and that worries me.
Hi Nick; seems you read the code =) patches most welcome, prolly you would want to read and base from something like: commit a1ee97c222d60bbb81c597327e2b5ff89e903970 Author: Michael Meeks <michael.meeks@collabora.com> Date: Tue Jan 9 14:02:02 2018 +0000 Add IPv6 support, and configuration option. To reduce support pain; I'd love to have a 'simple' listen mode whereby it only listens to the localhost - for these nginx / wrapping modes. I fear well-meaning sysadmins tweaking random sets of settings and producing impossible setups. Anyhow - should be an easy first hack =) go for it ! And what're you using LOOL for ?
*** Bug 115170 has been marked as a duplicate of this bug. ***
Andras Timar committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/online/commit/?id=c745732ac7337723d9a493086284d18d0364e82a tdf#115163 allow bind to loopback interface
Implemented as per comment 1. More complicated setups can be realized with firewalls, etc.
Andras Timar committed a patch related to this issue. It has been pushed to "libreoffice-6-1": https://git.libreoffice.org/online/+/51131f234192f8393d1b304481fb829c74ae2239%5E%21 tdf#115163 allow bind to loopback interface