summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2016-04-27 17:52:33 +0100
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2016-04-27 17:59:58 +0100
commit563d46cb9b78a1617708f6bd4e47c1960b3038e8 (patch)
tree0ae4a2fc94e9fcd03578c14a5af6f59435151773
parent5c1440dc02e4cb2677ad404b77a8901dd60a696f (diff)
downloadlorry-controller-563d46cb9b78a1617708f6bd4e47c1960b3038e8.tar.gz
Bind webapp server on 127.0.0.1 by default
Most of us thought this was the default configuration, but it wasn't. This change means that the webapp service will only be accessible from the same host that is running it, making it more secure. Thanks to Ben Brown for finding this error. Change-Id: I27f6604a0ebc7a093b63b11345b9c8963ed91c18
-rw-r--r--etc/lighttpd/lorry-controller-webapp-httpd.conf3
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/lighttpd/lorry-controller-webapp-httpd.conf b/etc/lighttpd/lorry-controller-webapp-httpd.conf
index ec92783..319c8ec 100644
--- a/etc/lighttpd/lorry-controller-webapp-httpd.conf
+++ b/etc/lighttpd/lorry-controller-webapp-httpd.conf
@@ -1,5 +1,6 @@
server.document-root = "/var/www/htdocs"
+server.bind = "127.0.0.1"
server.port = 12765
server.username = "lorry"
@@ -15,7 +16,7 @@ mimetype.assign = (
".css" => "text/css"
)
-$SERVER["socket"] == ":12765" {
+$SERVER["socket"] == "127.0.0.1:12765" {
server.username = "lorry"
server.groupname = "lorry"
fastcgi.server = (