When I access /playground on the fly-log-shipper instance, I can issue graphql queries to it, with no authentication. That seems like a bad idea. How can I turn this off? It’s very surprising that it’s the default after following the directions on Shipping Logs · The Fly Blog
1 Like
First off, thanks for raising this as our docs are out of date. They need updating for our V2 platform.
It’s true that the log shipper exposes the Vector GraphQL API by default. A few clarifications:
- You can repeat the setup with
flyctl deploy --no-public-ipsto ensure no public access - You can remove the existing public IPs with
flyctl ips listandflyctl ips release - The API is enabled to support the
vector tapcommand, which is useful for debugging log ship failures - The shipper should not have booted with public web access unless you changed
internal_portfrom the default8080to the Vector port - You can disable the API by updating the vector config and deploying from source
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.