feat: add NITRIC_HOSTNAME env var for configurable local backend address#870
Open
tom-groves wants to merge 3 commits intonitrictech:mainfrom
Open
feat: add NITRIC_HOSTNAME env var for configurable local backend address#870tom-groves wants to merge 3 commits intonitrictech:mainfrom
tom-groves wants to merge 3 commits intonitrictech:mainfrom
Conversation
Presigned storage URLs, gateway addresses, and website URLs were hardcoded to localhost, making them unresolvable when the backend runs in a Docker container addressed by other containers. Introduce NITRIC_HOSTNAME (default: "localhost") so all generated URLs use a configurable host, resolved once in cloud.New() and threaded through storage, gateway, and website services.
- Move env import to correct alphabetical position - Wrap IPv6 literal hostnames in brackets for valid URL construction - Add comment explaining why connectionStringHost is separate from NITRIC_HOSTNAME
- Move env import to correct alphabetical position (between batch and gateway) - Reject NITRIC_HOSTNAME values containing URL-unsafe characters (/?#, newlines, whitespace) at startup to prevent malformed URLs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Presigned storage URLs, gateway addresses, and website URLs are hardcoded to
localhost, making them unresolvable when the backend runs in a Docker container addressed from another container.For example, when calling
PreSignUrlfrom a service in a separate container, the returned URL is:Which resolves to the calling container itself, not the Nitric backend.
Solution
Introduce a
NITRIC_HOSTNAMEenvironment variable (default:localhost) that controls the hostname used in all generated URLs. The value is resolved once at startup incloud.New()and threaded through storage, gateway, and website service constructors.Usage:
Presigned URL with override:
Without override (default, no behavior change):
Affected code paths
storage.goPreSignUrlhttp://localhost:{port}/read/...http://{NITRIC_HOSTNAME}:{port}/read/...storage.goPreSignUrlhttp://localhost:{port}/write/...http://{NITRIC_HOSTNAME}:{port}/write/...gateway.goGetTriggerAddress[::]→localhost[::]→{NITRIC_HOSTNAME}gateway.goGetApiAddresses[::]→localhost[::]→{NITRIC_HOSTNAME}gateway.goGetHttpWorkerAddresses[::]→localhost[::]→{NITRIC_HOSTNAME}gateway.goGetWebsocketAddresses[::]→localhost[::]→{NITRIC_HOSTNAME}websites.goregisterhttp://localhost:{port}/...http://{NITRIC_HOSTNAME}:{port}/...Additional hardening
fe80::1→[fe80::1])/?#, newlines, whitespace) are rejected at startup with a clear errorconnectionStringHost(for Postgres) is intentionally separate fromNITRIC_HOSTNAMENote on
connectionStringHostThe SQL
connectionStringHostincloud.gois deliberately not changed to useNITRIC_HOSTNAME. It controls how application services reach the Postgres container (a separate container with host-mapped ports), which is a different network path from how callers reach the Nitric backend. The existingRunMode/StartModelogic withhost.docker.internalalready handles this correctly.