feat: add HTTP_HOST to bind metrics/health server to a specific interface#168
Open
lystopad wants to merge 1 commit into
Open
feat: add HTTP_HOST to bind metrics/health server to a specific interface#168lystopad wants to merge 1 commit into
lystopad wants to merge 1 commit into
Conversation
…face Allows operators to bind the HTTP server to a private interface (e.g. 127.0.0.1) instead of having Node.js listen on all interfaces by default, reducing exposure of the metrics and health endpoints. When HTTP_HOST is unset, behavior is unchanged: Node.js listens on all interfaces (:: on IPv6-capable hosts, otherwise 0.0.0.0). HTTP_HOST accepts IPv4 or IPv6 addresses. Co-Authored-By: Claude
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a new optional
HTTP_HOSTenvironment variable that lets operators bind the metrics/health HTTP server to a specific network interface (e.g.127.0.0.1for loopback-only, or a private interface) instead of having Node.js listen on all interfaces by default.This is useful when the ejector runs on a host that should not expose its metrics/health endpoints publicly — operators can scope the server to a private interface and rely on a reverse proxy or local scraper for access.
Behavior
HTTP_HOSTis optional. When unset, behavior is unchanged: Node.js listens on all interfaces (::on IPv6-capable hosts, otherwise0.0.0.0).127.0.0.1,0.0.0.0) or IPv6 (e.g.::1,::) addresses.listen(HTTP_PORT, HTTP_HOST)is called whenHTTP_HOSTis set; otherwise the originallisten(HTTP_PORT)call is preserved, so default Node.js binding semantics are kept identical.Files changed
src/services/config/service.ts— parseHTTP_HOST(optional string, no default).src/services/http-handler/service.ts— pass host tolisten()only when defined.sample.env,sample.infra.env— commented-out example with IPv4/IPv6 guidance.README.md— new row in the env var table documenting the variable and its default.Related Issue/Task
No related issue. Searched open issues for
HTTP_HOST,bind,interface,0.0.0.0— no prior art.How Has This Been Tested?
yarn test)Manual reasoning rather than runtime verification: the change is minimal and the conditional preserves the exact original
.listen(HTTP_PORT)call whenHTTP_HOSTis unset, so existing configurations are unaffected. The new branch passes both port and host to Node'snet.Server.listen(port, host), which is the documented signature for binding to a specific interface.Happy to add an integration test for the bind address if maintainers prefer.
Checklist
http-handlerbind; can add on request)