Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Requests from 127.1 should be permitted irrespective of the configurations in the "allowed clients" settings. #5980

Closed
3 tasks done
metricss opened this issue Jul 8, 2023 · 3 comments
Closed
3 tasks done

Requests from 127.1 should be permitted irrespective of the configurations in the "allowed clients" settings. #5980

metricss opened this issue Jul 8, 2023 · 3 comments
Labels
wontfix

Comments

@metricss
Copy link

metricss commented Jul 8, 2023

Prerequisites

  • I have checked the Wiki and Discussions and found no answer

  • I have searched other issues and found no duplicates

  • I want to request a feature or enhancement and not ask a question

The problem

Since version 0.127.28, a health check mechanism has been implemented. Essentially, it uses queries to the server 127.0.0.1 to determine whether the service is running optimally.

However, if any configurations have been made in the "allowed clients" settings - and typically, users do not specify 127.1 - then queries from 127.1 will be rejected. Consequently, the health check would fail due to a query "timeout".

Proposed solution

Therefore, it may be more reasonable to permit queries from 127.1 irrespective of the configurations in the "allowed clients" settings. Of course, if there are any security implications, a notice could be provided to users enabling the "allowed clients" settings for their understanding and necessary actions.

Alternatives considered and additional information

No response
@pwsnla
Copy link

pwsnla commented Jul 8, 2023
edited
Loading

I don't think this is relevant anymore since healthcheck has been removed in v0.107.34. See this note in the wiki:

"Between v0.107.27 and v0.107.33, the image used Docker-provided healthcheck mechanism. It was causing many issues and has been removed in v0.107.34. See issues #5711, #5713, and discussion #5939."

@metricss
Copy link
Author

metricss commented Jul 8, 2023

Thanks for replying. Removing healthcheck may makes it irrelevant. But I've looked into the issues you mentioned earlier when trying to understand the problems with the healthcheck, and found that the only "solution" is to disable healthcheck.

I believe the info could assist developers in locating the root cause. Furthermore, if healthcheck was removed due to this specific issue, developers might be able to consider reinstating it. So users can monitor the service status and be possible to restart the container automatically when needed.

@ainar-g
Copy link
Contributor

ainar-g commented Jul 12, 2023

Thanks for the suggestion, but @pwsnla is correct, and we'd rather not add any implicit access rules, really.

@ainar-g ainar-g closed this as not planned Won't fix, can't repro, duplicate, stale Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@metricss @ainar-g @pwsnla