Bind HTTP API to localhost?

Roman · April 9, 2021, 1:53pm

Hi,

We’re currently implementing nomad in our infrastructure, so I’m building proper configuration files for everything right now.

I have a small ambiguity regarding the HTTP API:
In the docs it says: “This should be reachable by all the nodes from which end users are going to use the Nomad CLI tools.”

Is there any reason not to bind the HTTP API exclusively to localhost?
In our case we, the admins, don’t plan to access the API / Web UI from remote machines.

I already tried binding the HTTP API to 127.0.0.1 using the addresses directive.
After restarting nomad it crashes and logs:

nomad[3045070]: ==> Failed to parse HTTP advertise address (, 127.0.0.1, 4646, false): Defaulting advertise to localhost is unsafe, please set advertise manually

I fixed that by using the advertise directive.
But where will that be advertised?
This leads me to believe that the HTTP API is not only used by end-users.

Thanks in advance.
~Roman

lgfa29 · April 21, 2021, 12:16am

Hi @Roman

advertise is the address that the agent will send to other agents in the cluster. It shouldn’t be set to a local value since, for the recipient, that doesn’t make sense (their 127.0.0.1 is not the same).

The HTTP API is used by the CLI and the UI. Agents use the RPC interface. I think this message is caused because all fields in advertise are treated the same.