Added IP Binding

[giordanocardillo]

I've added the possibility to listen to a specific IP, which is useful if I want to host mutiple deployments on the same server and proxy them using virtual hosts. If there is no binding, the servers are also accessible without proxy, using the PORT specified in mup.json file.
For example if i configure a nginx vhost with SSL someone can bypass SSL using the configured port.

This (i think) solves Issues #996 and #739

The issue was solved adding the env variable BIND which defaults to 0.0.0.0 if not specified.

I've checked the default value by not specifying the BIND parameter, and it works like before (cause of the binding to 0.0.0.0, all interfaces).

mup.json

{
  // Server authentication info
  "servers": [
    {
      "host": "[...]",
      "username": "[...]"
      //"password": "[...]",
      // or pem file (ssh based authentication)
      // WARNING: Keys protected by a passphrase are not supported
      //"pem": "[...]"
    }
  ],

  // Install MongoDB on the server. Does not destroy the local MongoDB on future setups
  "setupMongo": true,

  // Application name (no spaces).
  "appName": "first-try",

  // Location of app (local directory). This can reference '~' as the users home directory.
  // i.e., "app": "~/Meteor/my-app",
  // This is the same as the line below.
  "app": ".",

  // Configure environment
  // ROOT_URL must be set to your correct domain (https or http)
  "env": {
    "PORT": 3000,
    "ROOT_URL": "http://frame.giordanocardillo.it",
    "BIND": "127.0.0.1"
  },

  // Meteor Up checks if the app comes online just after the deployment.
  // Before mup checks that, it will wait for the number of seconds configured below.
  "deployCheckWaitTime": 30,

  // show a progress bar while uploading. 
  // Make it false when you deploy using a CI box.
  "enableUploadProgressBar": true
}

Resulting start.sh file on the server

#!/bin/bash

APPNAME=first-try
APP_PATH=/opt/$APPNAME
BUNDLE_PATH=$APP_PATH/current
ENV_FILE=$APP_PATH/config/env.list
PORT=3000
BIND=127.0.0.1
USE_LOCAL_MONGO=1

# Remove previous version of the app, if exists
docker rm -f $APPNAME

# Remove frontend container if exists
docker rm -f $APPNAME-frontend

# We don't need to fail the deployment because of a docker hub downtime
set +e
docker pull meteorhacks/meteord:base
set -e

if [ "$USE_LOCAL_MONGO" == "1" ]; then
  docker run \
    -d \
    --restart=always \
    --publish=$BIND:$PORT:80 \
    --volume=$BUNDLE_PATH:/bundle \
    --env-file=$ENV_FILE \
    --link=mongodb:mongodb \
    --hostname="$HOSTNAME-$APPNAME" \
    --env=MONGO_URL=mongodb://mongodb:27017/$APPNAME \
    --name=$APPNAME \
    meteorhacks/meteord:base
else
  docker run \
    -d \
    --restart=always \
    --publish=$BIND:$PORT:80 \
    --volume=$BUNDLE_PATH:/bundle \
    --hostname="$HOSTNAME-$APPNAME" \
    --env-file=$ENV_FILE \
    --name=$APPNAME \
    meteorhacks/meteord:base
fi

nginx site

server {
  listen                *:80;

  server_name           frame.giordanocardillo.it

  access_log            /var/log/nginx/frame.access.log;
  error_log             /var/log/nginx/frame.error.log;

  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header X-Forwarded-For $remote_addr;
  }
}

iptables DOCKER chain

Chain DOCKER (2 references)
target     prot opt source               destination         
RETURN     all  --  0.0.0.0/0            0.0.0.0/0           
DNAT       tcp  --  0.0.0.0/0            127.0.0.1            tcp dpt:27017 to:172.17.0.2:27017
DNAT       tcp  --  0.0.0.0/0            127.0.0.1            tcp dpt:3000 to:172.17.0.3:80