Node listening interface should be configurable

[s-d-h]

It seems the listening interface for the node is not configurable and hard coded to listen on all interfaces (0.0.0.0). For folks running a standalone node on a provider that doesn't provide a firewall in front of the box this presents two problems:

1. The sensitive ports (3334/8081/etc) usually hidden behind nginx are exposed to the public internet with no way to configure the app to restrict listening to localhost.
2. With no configuration option the only way to restrict access to the ports is with a host level firewall. While this works it would be super easy for folks to accidentally expose those ports as the default install in distros such as Ubuntu has the firewall off.

I may be missing something but having the interface be configurable would be super helpful and a default of localhost may keep people from accidentally leaving those ports exposed.

[stuartbain]

I haven't tested it myself, but there's a configuration setting in default.config where you can specify the TCP listening interface: network.tcp.address which defaults to 0.0.0.0

See: https://github.com/radixdlt/radixdlt/blob/rc/1.0-beta.36/radixdlt-core/radixdlt/src/main/resources/default.config#L192

[s-d-h]

@stuartbain awesome, thank you, I definitely missed that. I tested the setting and it looks like it does control the binding for port 30001 but port 3334/8081 still listen on all interfaces.

This is what led me down the path to believing it was not something I could configure, which I believe is where 3334/8081 are set up.

https://github.com/radixdlt/radixdlt/blob/rc/1.0-beta.36/radixdlt-core/radixdlt/src/main/java/com/radixdlt/api/NodeHttpServer.java#L75
https://github.com/radixdlt/radixdlt/blob/rc/1.0-beta.36/radixdlt-core/radixdlt/src/main/java/com/radixdlt/client/ArchiveServer.java#L70

[stuartbain]

I knew I had seen 0.0.0.0 hard coded somewhere. +1 to make the bound ip address configurable.