Default agent bind to localhost

Installed TeamCity from tar.gz, changed TeamCity/buildAgent/conf/buildAgent.properties ownAddress=localhost,
but it still binds to external interface and accepts http requests from outside.

netstat -lnpt | grep 9090

tcp6       0      0 :::9090                 :::*                    LISTEN      13016/java

In the TeamCity/buildAgent/logs/teamcity-agent.log:
Updating agent parameters on the server: AgentDetails{Name='Default Agent', AgentId=1, BuildId=null, AgentOwnAddress='localhost', AlternativeAddresses=[192.168.10.2, fd73:a9f0:e375:0:922b:34ff:fe30:738e], Port=9090, Version='37176'

Questions:

  1. Is this secure, given anyone can send XML RPC commands to it ?
  2. Is it possible to configure it to bind to localhost interface only ?
2 comments
Comment actions Permalink

Hi Robertas,

We have the related request: https://youtrack.jetbrains.com/issue/TW-3131, please vote for it.
However since TeamCity 9.1 you can use unidirectional agent-to-server communication. The polling protocol used for the agent-to-server connection allows for increased security when the agent-to-server connection is based on HTTPS; it also increases the agents accessibility, e.g. the agents can be behind a firewall with all incoming connections blocked or the agents can be deployed to a network different from that of the server.

0
Comment actions Permalink

Thank you, voted on the feature.

0

Please sign in to leave a comment.