0

I would like to pipe all traffic through an NGINX proxy and make sure that the node server won't be accessible directly from the outside.

Node's http module has the ability to listen on a given port on localhost only, is there an option to enable sails.js to do the same?

iStefo
  • 418
  • 3
  • 9

2 Answers2

5

Simply add this line:

config/local.js

explicitHost: process.env.HOST || 'localhost'

Or you could add a policy:

config/policies.js

module.exports.policies = {
  '*': 'isLocal'
}

api/policies/isLocal.coffee

 # sessionAuth
 #
 # @module      :: Policy
 # @description :: Accept only local connections
 # @docs        :: http://sailsjs.org/#!documentation/policies

module.exports = (req, res, cb) ->

  if req.ip is '127.0.0.1' then cb()
  else res.forbidden new Error 'Accept only local connections'
CHAN
  • 1,518
  • 18
  • 16
-2

Not sure why you want to use Sails to restrict access to only localhost when you're using nginx as a proxy server (nginx is designed to do what you want). You can use an nginx configuration file to restrict local access to your Sails app.

  server {
    listen 80;
    server_name www.yourSailsApp.com;
    ...
    location / {
      allow   127.0.0.1;
      deny    all;
    }
  }

You may need to add your site to your HOSTS file /etc/hosts:

127.0.0.1 yourSailsApp.com

Alternatively, you can just find the public IP of your server and use that in the nginx configuration instead, in the allow field.

kk415kk
  • 1,227
  • 1
  • 14
  • 30
  • 2
    The idea was that nginx handles authentication and SSL termination so nginx should definitely be reachable from everywhere. I didn't want the node instance to be reached from non-localhost so the nginx can't be bypassed. – iStefo Sep 02 '14 at 13:34