From e22f938ae555b173fcbbae3ea9635a28584d45e1 Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 9 Jan 2017 17:19:28 +0300
Subject: [PATCH] Bind nginx localhost proxy to localhost

This proxy should only be listening for local connections, not 0.0.0.0.

Fixes #868
---
 roles/kubernetes/node/templates/nginx.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/node/templates/nginx.conf.j2 b/roles/kubernetes/node/templates/nginx.conf.j2
index 8e2d6ebc6..352218da4 100644
--- a/roles/kubernetes/node/templates/nginx.conf.j2
+++ b/roles/kubernetes/node/templates/nginx.conf.j2
@@ -16,7 +16,7 @@ stream {
         }
 
         server {
-            listen        {{ kube_apiserver_port }};
+            listen        127.0.0.1:{{ kube_apiserver_port }};
             proxy_pass    kube_apiserver;
             proxy_timeout 10m;
             proxy_connect_timeout 1s;