Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add correct language for --rest-api-host-allowlist #610

Merged
merged 20 commits into from
Oct 24, 2024
Merged

Add correct language for --rest-api-host-allowlist #610

Changes from 11 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
1e50d02
add correct language
joaniefromtheblock Oct 4, 2024
f869875
quiet linter
joaniefromtheblock Oct 4, 2024
6b4a696
Update to suggestions
joaniefromtheblock Oct 10, 2024
a574449
Merge branch 'main' into update-allowlist-flag
joaniefromtheblock Oct 10, 2024
1756598
make example clearer
joaniefromtheblock Oct 10, 2024
f0cb295
add period
joaniefromtheblock Oct 10, 2024
f63f2e9
Update to fix linter
joaniefromtheblock Oct 10, 2024
b334ac1
Merge branch 'main' into update-allowlist-flag
joaniefromtheblock Oct 15, 2024
c6ec397
Merge branch 'main' into update-allowlist-flag
joaniefromtheblock Oct 18, 2024
539484a
update wording
joaniefromtheblock Oct 18, 2024
51d46ba
Merge branch 'main' into update-allowlist-flag
joaniefromtheblock Oct 18, 2024
1942582
make clearer formatting
joaniefromtheblock Oct 21, 2024
cf78f88
make linter less angry
joaniefromtheblock Oct 21, 2024
2fcb6ec
move description to rest doc
joaniefromtheblock Oct 21, 2024
d770f2e
make linter less angry
joaniefromtheblock Oct 21, 2024
73ddab2
remove trailing space
joaniefromtheblock Oct 22, 2024
bf55ee3
clear up linter noise a bit
joaniefromtheblock Oct 22, 2024
2eeeaf4
Update docs/reference/rest.md
joaniefromtheblock Oct 22, 2024
234dd9f
style guide edit
joaniefromtheblock Oct 23, 2024
088047a
Update index.md
joaniefromtheblock Oct 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 17 additions & 6 deletions docs/reference/cli/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2745,7 +2745,7 @@
### `rest-api-host-allowlist`

<Tabs>
<TabItem value="Syntax" label="Syntax" default>
<TabItem value="Syntax" label="Syntax" default>

```bash
--rest-api-host-allowlist=<hostname>[,<hostname>...]... or "*"
Expand All @@ -2755,28 +2755,39 @@
<TabItem value="Example" label="Example" >

```bash
--rest-api-host-allowlist=medomain.com,meotherdomain.com
--rest-api-host-allowlist=localhost,127.0.0.1,10.0.0.1
```

</TabItem>
<TabItem value="Environment variable" label="Environment variable" >

```bash
TEKU_REST_API_HOST_ALLOWLIST=medomain.com,meotherdomain.com
TEKU_REST_API_HOST_ALLOWLIST=localhost,127.0.0.1,10.0.0.1
```

</TabItem>
<TabItem value="Configuration file" label="Configuration file" >

```bash
rest-api-host-allowlist: ["medomain.com", "meotherdomain.com"]
rest-api-host-allowlist: ["localhost", "127.0.0.1", "10.0.0.1"]
```

</TabItem>
</Tabs>

A comma-separated list of hostnames to allow access to the REST API.
By default, Teku accepts access from `localhost` and `127.0.0.1`.
A comma-separated list of hostnames or IP addresses from which the REST API server will respond.
joaniefromtheblock marked this conversation as resolved.
Show resolved Hide resolved
This flag restricts the server's responding addresses, but not the client access.

You can configure the API to listen on all network interfaces using `rest-api-interface="0.0.0.0"` and allow connections from specific addresses by setting `rest-api-host-allowlist`.

Check failure on line 2781 in docs/reference/cli/index.md

View workflow job for this annotation

GitHub Actions / Lint

Trailing spaces 

docs/reference/cli/index.md:2781:183 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1] https://github.com/DavidAnson/markdownlint/blob/v0.35.0/doc/md009.md
When you configure the interface to listen on all available IP addresses (`rest-api-interface: "0.0.0.0"`) and allow all hosts
(`rest-api-host-allowlist: ["*"]`), you enable connections from any address, such as `localhost` (127.0.0.1) or a specific network IP such as `10.0.0.1`.
If you instead set the API to listen only on a specific IP, such as `10.0.0.1`, and still allow all hosts, only that IP can connect, and any attempts from `localhost` will fail.

Configuring the interface to listen on all IP addresses but restricting the allowlist to `localhost` allows only `localhost` to connect, and other IP addresses, such as `10.0.0.1`, receive a 403 error.
If the API listens on 10.0.0.1 but only allows `localhost`, neither can connect - `localhost` can't reach the server, and `10.0.0.1` is blocked.

By default, Teku's REST API server responds only to requests where the Host header matches `localhost` or `127.0.0.1`.
If you specify values, the server will only respond to requests where the Host header matches one of the specified hosts or IP addresses.

:::warning

Expand Down
Loading