Unfortunallty, running the WebThingServer inside docker container causes trouble. Due to the network mapping the host validation which is part of the WebThingServer as shown below returns a 403
def prepare(self):
"""Validate Host header."""
host = self.request.headers.get('Host', None)
if host is not None and host.lower() in self.hosts:
return
raise tornado.web.HTTPError(403)
Running the WebThingServer in an ordinary way (here using port 8555; my hostname is xwxa-xvvwxf2, my IP is 192.168.1.114) works. In this case the values of my hosts variable are
['localhost', 'localhost:8555', 'xwxa-xvvwxf2.local', 'xwxa-xvvwxf2.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.66.65', '172.17.66.65:8555', '192.168.1.114', '192.168.1.114:8555', '192.168.98.81', '192.168.98.81:8555', '[::1]', '[::1]:8555']
executing curl http://192.168.1.114:8555 returns a success response (this is not true by executing curl http://xwxa-xvvwxf2:8555)
Starting the same WebThingServer inside docker results into the values below
['localhost', 'localhost:8555', 'f9992ea8acb9.local', 'f9992ea8acb9.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.0.2', '172.17.0.2:8555']
Here executing curl http://192.168.1.114:8555 returns an error
Using the hostname parameter (set with xwxa-xvvwxf2 in the example below) by running the WebThingServer helps if the same value is used for the container port and the Docker host port (e.g. docker run -p 8555:8555 ..). Here the values of hosts variable looks like:
['localhost', 'localhost:8555', '5b814e824d3c.local', '5b814e824d3c.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.0.2', '172.17.0.2:8555', 'xwxa-xvvwxf2', 'xwxa-xvvwxf2:8555']
Here executing curl http://xwxa-xvvwxf2:8555 returns a success response (this is not true by executing curl http://192.168.1.114:8555)
However by using different values for the container port and the Docker host port (e.g. docker run -p 8600:8555 ..), the WebThingServer response with forbidden.
Here executing curl http://xwxa-xvvwxf2:8600 as well executing curl http://192.168.1.114:8600 returns an error (port 8600 will be mapped to 8555 by docker)
A workaround for this could be to make the host header validation deactivatable by using a flag. This would allow the run a WebThingServer inside a docker container, accepting that the header security check is deactivated.
Unfortunallty, running the WebThingServer inside docker container causes trouble. Due to the network mapping the host validation which is part of the WebThingServer as shown below returns a 403
Running the WebThingServer in an ordinary way (here using port 8555; my hostname is xwxa-xvvwxf2, my IP is 192.168.1.114) works. In this case the values of my hosts variable are
['localhost', 'localhost:8555', 'xwxa-xvvwxf2.local', 'xwxa-xvvwxf2.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.66.65', '172.17.66.65:8555', '192.168.1.114', '192.168.1.114:8555', '192.168.98.81', '192.168.98.81:8555', '[::1]', '[::1]:8555']executing curl http://192.168.1.114:8555 returns a success response (this is not true by executing curl http://xwxa-xvvwxf2:8555)
Starting the same WebThingServer inside docker results into the values below
['localhost', 'localhost:8555', 'f9992ea8acb9.local', 'f9992ea8acb9.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.0.2', '172.17.0.2:8555']Here executing curl http://192.168.1.114:8555 returns an error
Using the hostname parameter (set with xwxa-xvvwxf2 in the example below) by running the WebThingServer helps if the same value is used for the container port and the Docker host port (e.g. docker run -p 8555:8555 ..). Here the values of hosts variable looks like:
['localhost', 'localhost:8555', '5b814e824d3c.local', '5b814e824d3c.local:8555', '127.0.0.1', '127.0.0.1:8555', '172.17.0.2', '172.17.0.2:8555', 'xwxa-xvvwxf2', 'xwxa-xvvwxf2:8555']Here executing curl http://xwxa-xvvwxf2:8555 returns a success response (this is not true by executing curl http://192.168.1.114:8555)
However by using different values for the container port and the Docker host port (e.g. docker run -p 8600:8555 ..), the WebThingServer response with forbidden.
Here executing curl http://xwxa-xvvwxf2:8600 as well executing curl http://192.168.1.114:8600 returns an error (port 8600 will be mapped to 8555 by docker)
A workaround for this could be to make the host header validation deactivatable by using a flag. This would allow the run a WebThingServer inside a docker container, accepting that the header security check is deactivated.