Support private/public IP in Realm response + ORM update + DB migration #1489
Conversation
Check the user IP to see if it's a private range IP (172.16.0.0/12 192.168.0.0/16 or 10.0.0.0/8) If it's a private one -> Send the realm.proxy_adresse, else send the realm.public_proxy_address Force to listen on 0.0.0.0 (And not based on the IP provided in the DBB)
add public_realm_address and public_proxy_adress to realmlist table
Set 0.0.0.0 to default value for Public IPs in Realmlist table
|
Does it also work when running Alpha-Core in Docker? |
|
I was able to run it on my K8S, that use docker image. But I can give it a try on Docker Desktop |
|
Tested on Docker Desktop (Windows + WSL2) : Works fine when connecting from the same machine (Config.wtf set to 127.0.0.1). Example: This lets external clients reach the server through your host IP. |
| sck.sendall(packet) | ||
|
|
||
| @staticmethod | ||
| def start_realm(running, realm_server_ready): | ||
| local_realm = REALMLIST[config.Server.Connection.Realm.local_realm_id] | ||
| with SocketBuilder.build_socket(local_realm.realm_address, local_realm.realm_port, timeout=2) as server_socket: | ||
| with SocketBuilder.build_socket('0.0.0.0', local_realm.realm_port, timeout=2) as server_socket: |
There was a problem hiding this comment.
When setting up a server socket, you might think to bind directly to a specific interface or IP address. However, in most modern deployments—especially in Kubernetes or cloud environments—binding to 0.0.0.0 is the correct and robust choice.
Why not bind to a specific IP?
Pods in Kubernetes have their own internal IPs (e.g., 10.x.x.x), which are only reachable from inside the cluster.
Externally, your service is typically accessed through a Load Balancer or NodePort with a different IP (e.g., 172.16.x.x).
Your application (or database, etc.) configuration might advertise the external (load balancer) IP, but your pod/container does not have that IP as a local interface!
If you bind your server to this external IP, the server won’t actually receive any connections, because that IP does not exist inside the pod.
Example scenario
Suppose:
Your pod’s internal IP is 10.0.0.1 (only reachable from within the cluster).
Your service is exposed externally at 172.16.0.54 (load balancer or worker node).
In your database or config, you have to advertise 172.16.0.54 as the address clients should use.
If you bind your socket to 172.16.0.54, your server will not listen on any actual interface inside the pod—because that IP does not exist inside the pod.
The correct solution: Bind to 0.0.0.0
Binding to 0.0.0.0 means “listen on all available interfaces and all incoming destination IPs”.
This ensures:
Your server can accept connections, no matter which network interface or cluster routing path is used.
Clients (inside or outside the cluster) can reach your service as long as the port is exposed.
It works for both internal and external clients, across NAT, service mesh, and Kubernetes routing.
There was a problem hiding this comment.
I understand that, but it shouldn't be hardcoded; listening on 0.0.0.0 might not be suitable for everyone, depending on their server setup. Also, since FORWARD_ADDRESS_OVERRIDE becomes obsolete with these changes, all references to it should be removed, including in the Docker setup script.
There was a problem hiding this comment.
If think listening on 0.0.0.0 is suitable for almost 90% of users ^•^
Having multiple NIC is mostly rare for common user (well, if we put asside WLAN)
Using 0.0.0.0 will accept any connection, no matter the server setup.
I understand it's shouldn't be hardcoded for specific case (most of the time, we use 0.0.0.0) , but then you should create a new ENV Variable and prosion it from conf file with 0.0.0.0 as default value.
And for FORWARD_ADDRESS_OVERRIDE, been a certain so I haven't the code in mind at the moment.
| @@ -90,7 +103,7 @@ def start_realm(running, realm_server_ready): | |||
| @staticmethod | |||
| def start_proxy(running, proxy_server_ready): | |||
| local_realm = REALMLIST[config.Server.Connection.Realm.local_realm_id] | |||
| with SocketBuilder.build_socket(local_realm.proxy_address, local_realm.proxy_port, timeout=2) as server_socket: | |||
| with SocketBuilder.build_socket('0.0.0.0', local_realm.proxy_port, timeout=2) as server_socket: | |||
realmlisttable:public_proxy_addresspublic_realm_addressRealmModels.pyto include the new columns.RealmManager.py:FORWARD_ADDRESS_OVERRIDEenvironment variable.ALTER TABLEstatements to add the new columns with default values0.0.0.0.proxy_addressandrealm_addressinto their public counterparts.✅ Tests performed: