[GH-ISSUE #1785] Add feature to disable publicHostMatcher #222

New issue

Closed

opened 2026-03-03 12:09:15 +03:00 by kerem · 6 comments

kerem commented 2026-03-03 12:09:15 +03:00

Owner

Copy link

Originally created by @zounar on GitHub (Oct 18, 2024).
Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1785

I have a fake-gcs-server run in Docker Compose and I have troubles with the publicHostMatcher. Because I need to specify some host in the publicHost arg, I can either set the container to be accessible from the host (via localhost) or via internal Docker network (via the service name), but not both.

This makes it practically impossible for me to use this tool (without some complex proxy). Note that network_mode: host is not an option for me as it's available only on Linux, and I'm running a WSL.

I believe it could be very handy to have the ability to either:

• define multiple hosts via publicHost arg,
• or allow a regex pattern in a publicHost,
• or just simply allow the publicHostMatcher to be skipped.

I think having this security layer for a tool that seems to be used primarily for local development and testing is unneccessary.

Thanks for considering! 🙂

Originally created by @zounar on GitHub (Oct 18, 2024). Original GitHub issue: https://github.com/fsouza/fake-gcs-server/issues/1785 I have a `fake-gcs-server` run in Docker Compose and I have troubles with the [publicHostMatcher](https://github.com/fsouza/fake-gcs-server/blob/6703e101b5c906f8e41dd7b4ff52324d38fb9ed6/fakestorage/server.go#L427). Because I need to specify some host in the `publicHost` arg, I can either set the container to be accessible from the host (via `localhost`) or via internal Docker network (via the service name), but not both. This makes it practically impossible for me to use this tool (without some complex proxy). Note that `network_mode: host` is not an option for me as it's available only on Linux, and I'm running a WSL. I believe it could be very handy to have the ability to either: - define multiple hosts via `publicHost` arg, - or allow a regex pattern in a `publicHost`, - or just simply allow the `publicHostMatcher` to be skipped. I think having this security layer for a tool that seems to be used primarily for local development and testing is unneccessary. Thanks for considering! 🙂

kerem closed this issue 2026-03-03 12:09:16 +03:00

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@fsouza commented on GitHub (Oct 28, 2024):

Can you try using the internal config endpoint? There are no docs, but this is what the body looks like: github.com/fsouza/fake-gcs-server@b48d95f67e/fakestorage/config.go (L9-L12)

So you'd do something like:

$ curl -d '{"publicHost":"..."}` <...>/_internal/config

<!-- gh-comment-id:2440411041 --> @fsouza commented on GitHub (Oct 28, 2024): Can you try using the internal config endpoint? There are no docs, but this is what the body looks like: https://github.com/fsouza/fake-gcs-server/blob/b48d95f67e23305174a852487b1070335254d6af/fakestorage/config.go#L9-L12 So you'd do something like: ``` $ curl -d '{"publicHost":"..."}` <...>/_internal/config ```

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@zounar commented on GitHub (Oct 29, 2024):

Thanks for this proposal, and while it could be used as a hotfix 👍, it would be very nasty to change this config (twice) each time I call the service 🥺. (Twice because I'd need to re-set it back, otherwise I wouldn't be able to access the files via browser.)

<!-- gh-comment-id:2445186565 --> @zounar commented on GitHub (Oct 29, 2024): Thanks for this proposal, and while it could be used as a hotfix 👍, it would be very nasty to change this config (twice) each time I call the service 🥺. (Twice because I'd need to re-set it back, otherwise I wouldn't be able to access the files via browser.)

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@fsouza commented on GitHub (Oct 30, 2024):

@zounar I'm confused, you would only need to set it once, as soon as you know the host, no? That's what it was introduced for, see the discussion in #659: a "public host" is required for redirect and resumable uploads to work, the idea is that once you know what the public host will be, you can call the internal config endpoint.

<!-- gh-comment-id:2445712497 --> @fsouza commented on GitHub (Oct 30, 2024): @zounar I'm confused, you would only need to set it once, as soon as you know the host, no? That's what it was introduced for, see the discussion in #659: a "public host" is required for redirect and resumable uploads to work, the idea is that once you know what the public host will be, you can call the internal config endpoint.

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@zounar commented on GitHub (Nov 2, 2024):

I see now. Unfortunately, I'm running it locally (with Docker Compose), and I use two different hostnames. One of them being localhost (to access the Fake GCS from the browser) and the other is an internal Docker network (to access the Fake GCS from the application container). I don't use resumable uploads, the whole system is just a substitution for a real GCS in development.

<!-- gh-comment-id:2452928211 --> @zounar commented on GitHub (Nov 2, 2024): I see now. Unfortunately, I'm running it locally (with Docker Compose), and I use two different hostnames. One of them being `localhost` (to access the Fake GCS from the browser) and the other is an internal Docker network (to access the Fake GCS from the application container). I don't use resumable uploads, the whole system is just a substitution for a real GCS in development.

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@anz-rfc-v2 commented on GitHub (Nov 6, 2024):

I have a similar use case, we are running fake-gcs-server in a container via docker compose, where for technical reasons we're not using network_mode: host. we need to connect to the fake-gcs-server container from sibling containers and also from the host machine outside of docker

i found a workaround that works for my situation:

• start fake-gcs-server setting publicHost to match the docker-compose service name (so sibling containers in the same docker-compose can connect to it and have object downloads work)
• in the docker compose file, port-map the fake-gcs-server`'s port so it is exposed to the host
• configure the http client we use from the host to override the Host header in HTTP requests to match the docker-compose service name (but still establish the tcp connection to localhost & the mapped port)

one of my colleagues suggested another workaround could be to deploy fake-gcs-server behind something like nginx and use nginx to rewrite the host header of inbound requests (pretty heavyweight)

<!-- gh-comment-id:2458763001 --> @anz-rfc-v2 commented on GitHub (Nov 6, 2024): I have a similar use case, we are running `fake-gcs-server` in a container via docker compose, where for technical reasons we're not using `network_mode: host`. we need to connect to the `fake-gcs-server` container from sibling containers and also from the host machine outside of docker i found a workaround that works for my situation: * start `fake-gcs-server` setting publicHost to match the docker-compose service name (so sibling containers in the same docker-compose can connect to it and have object downloads work) * in the docker compose file, port-map the fake-gcs-server`'s port so it is exposed to the host * configure the http client we use from the host to override the Host header in HTTP requests to match the docker-compose service name (but still establish the tcp connection to localhost & the mapped port) one of my colleagues suggested another workaround could be to deploy fake-gcs-server behind something like nginx and use nginx to rewrite the host header of inbound requests (pretty heavyweight)

kerem commented 2026-03-03 12:09:17 +03:00

Author

Owner

Copy link

@zounar commented on GitHub (Nov 6, 2024):

It's an interesting solution 👍, although a bit overkill, as you mentioned.
Given that my use-case doesn't require a GCS-specific API but just a basic S3-compatible API, I decided to move to a different package. Thanks though 🙂.

<!-- gh-comment-id:2460322639 --> @zounar commented on GitHub (Nov 6, 2024): It's an interesting solution 👍, although a bit overkill, as you mentioned. Given that my use-case doesn't require a GCS-specific API but just a basic S3-compatible API, I decided to move to a different package. Thanks though 🙂.

kerem referenced this issue 2026-03-03 12:30:36 +03:00

[PR #370] [CLOSED] Added support to send events to a pubsub topic #559

kerem referenced this issue 2026-03-15 17:58:45 +03:00

[GH-ISSUE #222] Does that support storage events notifications ? #2194

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/examples/node/fast-xml-parser-5.7.1

dependabot/github_actions/goreleaser/goreleaser-action-7.1.0

dependabot/github_actions/actions/cache-5.0.5

v1.54.0

v1.53.1

v1.53.0

v1.52.3

v1.52.2

v1.52.1

v1.52.0

v1.51.0

v1.50.2

v1.50.1

v1.50.0

v1.49.3

v1.49.2

v1.49.1

v1.49.0

v1.48.0

v1.47.8

v1.47.7

v1.47.6

v1.47.5

v1.47.4

v1.47.3

v1.47.2

v1.47.1

v1.47.0

v1.46.0

v1.45.2

v1.45.1

v1.45.0

v1.44.2

v1.44.1

v1.44.0

v1.43.0

v1.42.2

v1.42.1

v1.42.0

v1.41.0

v1.40.3

v1.40.2

v1.40.1

v1.40.0

v1.39.0

v1.38.4

v1.38.3

v1.38.2

v1.38.1

v1.38.0

v1.37.12

v1.37.11

v1.37.10

v1.37.9

v1.37.8

v1.37.3

v1.37.2

v1.37.1

v1.37.0

v1.36.3

v1.36.2

v1.36.1

v1.36.0

v1.35.0

v1.34.1

v1.34.0

v1.33.1

v1.33.0

v1.32.2

v1.32.1

v1.32.0

v1.31.1

v1.31.0

v1.30.2

v1.30.1

v1.30.0

1.29.2

v1.29.1

v1.29.0

v1.28.0

v1.27.0

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.1

v1.23.0

v1.22.7

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.5

v1.19.4

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.1

v1.12.0

v1.11.6

v1.11.5

v1.11.4

v1.11.3

v1.11.2

v1.11.1

v1.11.0

v1.10.1

v1.10.0

v1.9.0

v1.8.0

v1.7.1

v1.7.0

v1.6.2

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

Labels

Clear labels   

bug

  

compatibility-issue

  

docker

  

documentation

  

enhancement

  

help wanted

  

needs information

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

unfortunate

  

wontfix

No labels

bug

compatibility-issue

docker

documentation

enhancement

help wanted

needs information

pull-request

question

stale

unfortunate

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/fake-gcs-server#222

No description provided.