Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature - Multiple REPL with Remote REPL support #67

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Feature - Multiple REPL with Remote REPL support #67

wants to merge 7 commits into from

Conversation

arun-prakash-fokus
Copy link

@arun-prakash-fokus arun-prakash-fokus commented Nov 16, 2022
edited
Loading

@arun-prakash-fokus arun-prakash-fokus mentioned this pull request Nov 16, 2022
Closed
9 tasks
@icebob
Copy link
Member

icebob commented Nov 17, 2022

I don't think it's a good idea to allow accessing the whole Moleculer project via a TCP socket. If you expose the port, anybody can join your cluster without any authentication and can make wrong things as well.

If you expose a port, it can be the port of the transporter and you can join from your computed with moleculer-cli as moleculer connect nats://some-server:4222.

@arun-prakash-fokus
Copy link
Author

arun-prakash-fokus commented Nov 18, 2022
edited
Loading

I don't think it's a good idea to allow accessing the whole Moleculer project via a TCP socket. If you expose the port, anybody can join your cluster without any authentication and can make wrong things as well.

That's a valid concern.
However, IMHO since moleculer-repl is added under devDependencies, its never packed during the docker image build or when the moleculerjs package is built with NODE_ENV=production. Furthermore, the broker.repl() is only called when the "--repl" option is passed to the moleculer-runner.
Its unlikely that a TCP socket would be opened during production mode by error.

If you expose a port, it can be the port of the transporter and you can join from your computed with moleculer-cli as moleculer connect nats://some-server:4222.

Thanks for the tip 👍🏾
By expose, do you mean the docker-compose,

expose:
    - 4222

or

ports:
    - 4222:4222

In my docker-compose, other than the traefik container ports (80, 443 and 8080), no other containers have port forwarding. I use the traefik labels to route http and tcp traffic to the moleculer service container.

@intech
Copy link
Member

intech commented Nov 18, 2022

@icebob the socket does not have to be public. It can be localhost and ssh port forwarding or a zero-trust network.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arun-prakash-fokus @icebob @intech