-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bind RPC to localhost by default, add to sample config #7835
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will break upgrades and has been problematic in the past when the address is saved in the meta store and is changed.
I don't think we should make this change.
Actually, just realized this is the |
We should also reevaluate whether we need to use a separate port |
CHANGELOG.md
Outdated
@@ -45,6 +45,7 @@ The stress tool `influx_stress` will be removed in a subsequent release. We reco | |||
- [#7585](https://github.com/influxdata/influxdb/pull/7585): Return Error instead of panic when decoding point values. | |||
- [#7812](https://github.com/influxdata/influxdb/issues/7812): Fix slice out of bounds panic when pruning shard groups. Thanks @vladlopes | |||
- [#7822](https://github.com/influxdata/influxdb/issues/7822): Drop database will delete /influxdb/data directory | |||
- [#7835](https://github.com/influxdata/influxdb/pull/7835): Bind backup and restore port to localhost by default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs to be moved to 1.3 section now.
Also, I think we need to add a note under a configuration changes section (like prior releases) that notes the change in default value. Some people may be relying on the current default for remote backups.
Prior to this change, the default configuration would listen on all interfaces, potentially exposing the RPC to the public internet.
c1a58fc
to
6f438ea
Compare
Finally updated the changelog and rebased, @jwilder. |
Bind the RPC port to localhost by default so it is not potentially exposed to the public internet.
Add toplevel
bind-address
to the sample config because it was missing, and fix a couple typos in the config.