Project

General

Profile

Actions

Feature #2368

closed

[PATCH] network: allow server.bind to bind to a network interface name on Linux

Added by jacmet over 10 years ago. Updated almost 5 years ago.

Status:
Wontfix
Priority:
Low
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

For setups with dynamic IPs, binding lighttpd to an IP address isn't very
handy. Instead support binding to network interface names on Linux using
the SO_BINDTODEVICE socket option, so you can do stuff like:

server.bind = "eth0"


Files

Actions #1

Updated by jacmet over 10 years ago

Sorry, forgot to regenerate patch - Previous patch would fail with !ipv6

Actions #2

Updated by stbuehler over 10 years ago

  • Priority changed from Normal to Low

Well, why not just bind to all ips, like 0.0.0.0 or [::] ?

I can understand the need to bind to specific interfaces, but i think such requirement is rarely combined with the need for dynamic ips.

Also i'm not sure how i would like to see it handled in the config.

Actions #3

Updated by jacmet over 10 years ago

stbuehler wrote:

Well, why not just bind to all ips, like 0.0.0.0 or [::] ?

Because the device has multiple interfaces, and the (configuration) web interface should only be available on one of them.

I can understand the need to bind to specific interfaces, but i think such requirement is rarely combined with the need for dynamic ips.

It is here for an embedded device, but ok - I realize that it probably isn't too common.

Also i'm not sure how i would like to see it handled in the config.

You dislike the server.bind = "eth0" syntax?

Actions #4

Updated by stbuehler over 10 years ago

jacmet wrote:

You dislike the server.bind = "eth0" syntax?

yes, as it doesn't specify the protocol (IPv4 or IPv6).

Actions #5

Updated by jacmet over 10 years ago

stbuehler wrote:

You dislike the server.bind = "eth0" syntax?

yes, as it doesn't specify the protocol (IPv4 or IPv6).

Which makes sense as SO_BINDTODEVICE works for both IPv4 and IPv6, or do you mean you would like to see a way of only listening on E.G. ipv6 and binding to a specific interface at the same time?

Actions #6

Updated by gstrauss over 6 years ago

  • Category set to core
Actions #7

Updated by gstrauss almost 6 years ago

  • Status changed from New to Wontfix

Binding to a device is potentially difficult to do portably. Yes, there are specific ways to do it on each operating system, but I am not sure this is the best approach.

Instead, I would suggest figuring out the IP addresses and then using those IP addresses. Approaching the problem this way means that all the existing lighttpd code, which works on IP addresses, continues to work as-is.

While there are ways that this could be done inside lighttpd, e.g. http://stackoverflow.com/questions/2283494/get-ip-address-of-an-interface-on-linux#2283541 , I think a better solution is to do this outside lighttpd, prior to starting lighttpd. Figure out the IP addresses via standalone command line tools or programs, and set an environment variable, e.g. LIGHTTPD_BIND_IP before starting lighttpd. Inside lighttpd.conf, use server.bind = env.LIGHTTPD_BIND_IP.

Actions #8

Updated by gstrauss over 5 years ago

Another option, if supported on your OS, is IPv6 address with scope identifier. See #678

Actions #9

Updated by gstrauss over 5 years ago

  • Target version deleted (1.4.x)
Actions #10

Updated by gopi219 almost 5 years ago

Hi,

The patch provided is not compatible with new releases lighted 1.4.41 thru 1.4.45. The network.c is different for previous versions. Could we have SO_BINDTODEVICE similar patch for new releases.

Thanks

Actions #11

Updated by gstrauss almost 5 years ago

Could we have SO_BINDTODEVICE similar patch for new releases.

Sorry, I think you missed reading the status of this ticket, which is "Wontfix"

Please see the numerous alternative suggested above and below, or present a detailed use case where none of the alternatives can be easily used.

Another quick answer is to bind to 0.0.0.0, but have your host-based firewall (e.g. iptables) prevent access to, say port 80, from specific IPs or devices.

Actions

Also available in: Atom