HaRP exposes unecessary ports ? #66
Description
How to use GitHub
- Please use the 👍 reaction to show that you are affected by the same issue.
- Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
- Subscribe to receive notifications on status change and new comments.
Steps to reproduce
- deploy harp with docker compose and this file
version: "3"
services:
nextcloud-appapi-harp:
environment:
- HP_SHARED_KEY=MySecretKeyxxxxxxxxxxxxxxxxxxxxxx
- NC_INSTANCE_URL=http://domain.tld/nextcloud
- HP_EXAPPS_ADDRESS=192.168.10.20:8780
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/harp/certs:/certs
container_name: appapi-harp
hostname: appapi-harp
restart: unless-stopped
network_mode: host
image: ghcr.io/nextcloud/nextcloud-appapi-harp:release
- check netstat for open port :
netstat -taupen |grep -v LISTEN - Surprise :
docker (haproxy) is listening on configured port (8780), as asked in the config file
tcp 0 0 192.168.10.20:8780 0.0.0.0:* LISTEN 0 1278092793 2925/haproxy
But another binary (frps) is listening on other ports, publicly (line 2 and 3)
# netstat -taupen |grep -v earnapp |grep frps
tcp 0 0 127.0.0.1:36614 127.0.0.1:8200 ESTABLISHED 0 1278090791 2907/frps
tcp6 0 0 :::24000 :::* LISTEN 0 1278093581 2907/frps
tcp6 0 0 :::8782 :::* LISTEN 0 1278087105 2907/frps
tcp6 0 0 127.0.0.1:8782 127.0.0.1:59346 ESTABLISHED 0 1278093578 2907/frps
Expected behaviour
Only "192.168.10.20:8780" should be used,. No other port should be bind, even more publicly
Actual behaviour
check step 3 above.
Server configuration
Web server: nginx
Database: unrelated
PHP version: unrelated
Nextcloud version: (see Nextcloud admin page) : Nextcloud Hub 25 Autumn (32.0.1)