How to choose which specific NIC/port for Xen-Orchestra server to bind to?
-
I’m running Xen Orchestra on an Ubuntu VM with two virtual NICs attached to VM. The two NICs are designated eth0 and wg1. wg1 is a wireguard NIC and eth0 is a non-wireguard NIC.
Within the xen-orchestra configuration xo-server.toml, all I see is the option to bind to a specific port
[[http.listen]] port = 443When starting the xo-server.service, xo-server listens on port 443 however this port seems bound to the eth0 interface, not the wg1 interface.
I’d actually like xo-server to listen on wg1 and not on eth0. I’m unfortunately not a networking expert nor expert using xen-orchestra. Is it possible to configure xo-server to listen on a specific NIC?
If looking at server I have xo server bound to IP address of the eth0 NIC:
# netstat -tulpn ... tcp 0 0 142.xx.xxx.xxx:443 0.0.0.0:* LISTEN 2258771/node ...Current NICs on the system:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 1a:0b:43:61:c3:70 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 142.xxx.xxx.xxx/20 brd 142.93.127.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.10.0.5/16 brd 10.10.255.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::180b:43ff:fe61:c370/64 scope link valid_lft forever preferred_lft forever 3: wg1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 link/none inet 10.x.xxx.x/24 scope global wg1 valid_lft forever preferred_lft forever -
@kevdog So, first of all, the syntax
[[http.listen]]adds a new listening configuration, it does not alter the default listening config (on port80).By default, if no
hostnameentry is specified,xo-serverwill listen on all interfaces (both IPv4 and IPv6).You can confirm with
netstat:$ nestat -tlpn | grep 443 tcp6 0 0 :::443 :::* LISTEN - -
If you cloned the repo, you also have cloned the
sample.config.tomlfile, providing an example on how to do it
Take a look at the hostnamedirective. -
Ok I looked at the hostname directive and changed it to the specific IP address. However just a few thoughts since honestly I've never thought about it before.
If I had two physical or virtual NICs assigned to a xcp-ng VM -- say eth0 and eth1 -- how does the program by default decide on which NIC its going to bind it's ports by default? Is it always the card assigned to eth0 (since eth0 can be manipulated by systemd network setting so it may not necessarily represent the first actual card brought up on the bus architecture)?
I also thought hostname was used in XO's acme plugin which would could be used to generate automatic acme LE certs. If you change the hostname to an actual IP address, isn't this process going to be altered?
Thanks for your insights. I don't mind disaster recovery since no matter how many times you practice or simulate things, it seems I learn the most when the actual S**T hits the fan.
-
The program you mean XO? If you don't provide a hostname, it will listen to all (IIRC). Not sure to get all the rest so I'm adding @julien-f in the convo
-
@kevdog So, first of all, the syntax
[[http.listen]]adds a new listening configuration, it does not alter the default listening config (on port80).By default, if no
hostnameentry is specified,xo-serverwill listen on all interfaces (both IPv4 and IPv6).You can confirm with
netstat:$ nestat -tlpn | grep 443 tcp6 0 0 :::443 :::* LISTEN - -
@julien-f Thanks for explanation. Thank you
-
O olivierlambert marked this topic as a question on
-
O olivierlambert has marked this topic as solved on
