runtime server port config - how to use custom option

1
We are currently using 2 Mendix application servers to run our application. 1 (A) is used to handle the UI/user interaction and 1 (B) is used exclusively to run scheduled events. Server B does not have an IIS configured since the server is not handling user interaction. We do however want to be able to connect to the B server using the Mendix Debugger functionality without having to set the runtime server port to Public (since we do not have an IIS configured at this moment we cannot use rewrite rules on server B). We consider using the Custom option in the runtime server region, however when we add an IP address and restart the server we get a message stating that port 8080 is already in use. Blocking the application from starting. How can we use the Custom option (it is hardly mentioned in the Mendix documentation)? Or are there any other options (other than configuring an IIS on this server as well)? Thanks. My question is more or less related to a previous question I asked: https://community.mendix.com/questions/6597/Service-console-Runtime-server-port-config
asked
1 answers
2

The documentation on this is kind of confusing. I researched this myself a while ago for another customer, and I have it on my todo list to write something to submit for the documentation.

Important to know is that the setting does not act as firewall or anything like that. What you are configuring is which network interface to listen too. Every computer always has at least 2 network interfaces, localhost & the public network interface.
Those settings will change if the application listen to the localhost network interface, or all interface.

When you have multiple network interfaces you can use this setting to manage from which network interface communication is allowed. This allows you to configure that you allow localhost traffic, and only traffic from 1 of the 2 other interfaces. This way, when your server has multiple network interfaces you can configure through which interface data is accepted.

For example on my laptop I have 4 network interfaces: localhost, my ethernet card, WiFi and vpn. I could chose to configure the following option: 127.0.0.1, 10.140.20.0
This allows only traffic from the localhost interface and the 10.140.20.x subnet. But all traffic from that interface is allowed, I cannot limit that further to the actual ip range.

If you want to put that limitation in place you should still use your firewall or network proxy rules (IIS)

answered