Can kamal-proxy listen on a specific network interface/IP address of a host?

[julianrubisch]

Sorry if this is out of scope and/or irrelevant, but I was wondering... I have a server with multiple network interfaces. I would love to separate some services out by routing requests via kamal-proxy only if they come in via one specific network interface / IP address.

Right now (I assume) this is not possible because kamal-proxy listens on 0.0.0.0, is that correct?

e9ce65d37e82   basecamp/kamal-proxy:v0.8.2   "kamal-proxy run"   24 minutes ago   Up 24 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   kamal-proxy

[julianrubisch]

So @tbuehlmann helped coming up with a workaround:

on the server, hack the proxy/options file:

$ cd ~/.kamal/
$ mkdir proxy && echo "--publish <some-ip>:80:80 --publish <some-ip>:443:443 --log-opt max-size=10m" > proxy/options

then do a kamal proxy reboot, and it "just works" 🎉

he also pointed out that probably it could be achieved if the kamal CLI would allow for non-numeric http ports here:

https://github.com/basecamp/kamal/blob/v2.3.0/lib/kamal/cli/proxy.rb#L26-L27

(or possibly a different, new argument)

[phoozle]

@julianrubisch I have proposed a solution - basecamp/kamal#1265
Would you be able to test it out with your server and let me know. If not I will do some of my own testing later today with my server.
Works on my server 👌

kamal proxy boot_config set --publish-ip=127.0.0.1

$ docker ps
CONTAINER ID   IMAGE                         COMMAND             CREATED         STATUS         PORTS                                          NAMES
5f1177b6f1e0   basecamp/kamal-proxy:v0.8.2   "kamal-proxy run"   3 minutes ago   Up 3 minutes   127.0.0.1:80->80/tcp, 127.0.0.1:443->443/tcp   kamal-proxy

$ netstat -tulpn | grep :80
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      2839/docker-proxy