Overview This guide covers network configuration for deploying APTIV Scrap Control on a local area network (LAN), allowing multiple users to access the system from different devices.
Network setup is required for Docker deployments where multiple users need to access the system. Standalone deployments typically run on individual machines.
Network Architecture ┌─────────────────────────────────────────────────┐ │ LAN Network │ │ (e.g., 192.168.1.0/24) │ │ │ │ ┌──────────────┐ ┌──────────────┐ │ │ │ Client 1 │ │ Client 2 │ ... │ │ │ 192.168.1.x │ │ 192.168.1.y │ │ │ │ Browser │ │ Browser │ │ │ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ │ HTTP :8080 │ │ │ │ API :3001 │ │ │ └────────┬────────┘ │ │ │ │ │ ┌────────▼────────┐ │ │ │ Server Host │ │ │ │ 192.168.1.100 │ (Static IP) │ │ │ │ │ │ │ ┌───────────┐ │ │ │ │ │ Nginx │ │ :8080 │ │ │ │ :80 │ │ │ │ │ └─────┬─────┘ │ │ │ │ │ │ │ │ │ ┌─────▼─────┐ │ │ │ │ │ API │ │ :3001 │ │ │ │ :3001 │ │ │ │ │ └─────┬─────┘ │ │ │ │ │ │ │ │ │ ┌─────▼─────┐ │ │ │ │ │ MySQL │ │ :3306 │ │ │ │ :3306 │ │ │ │ │ └───────────┘ │ │ │ └─────────────────┘ │ └─────────────────────────────────────────────────┘
Server Network Configuration Assign Static IP Address Configuring a static IP ensures the server is always accessible at the same address.
Linux (Ubuntu/Debian) - Netplan
Edit /etc/netplan/01-netcfg.yaml: network : version : 2 renderer : networkd ethernets : eth0 : # Your network interface name dhcp4 : no addresses : - 192.168.1.100/24 # Static IP and subnet routes : - to : default via : 192.168.1.1 # Gateway nameservers : addresses : - 8.8.8.8 - 8.8.4.4
Apply configuration:
Linux (CentOS/RHEL) - Network Scripts
Edit /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE = eth0 BOOTPROTO = static ONBOOT = yes IPADDR = 192.168.1.100 NETMASK = 255.255.255.0 GATEWAY = 192.168.1.1 DNS1 = 8.8.8.8 DNS2 = 8.8.4.4
Restart networking: sudo systemctl restart network
Windows Server
Open Network and Sharing Center
Click Change adapter settings
Right-click network adapter → Properties
Select Internet Protocol Version 4 (TCP/IPv4) → Properties
Select Use the following IP address :
IP address: 192.168.1.100Subnet mask: 255.255.255.0Default gateway: 192.168.1.1Preferred DNS: 8.8.8.8
Click OK to save
Verify Configuration
# Linux ip addr show ip route show # Windows ipconfig
Test connectivity: ping 192.168.1.1 # Gateway ping 8.8.8.8 # Internet
Important: Ensure the static IP you choose (e.g., 192.168.1.100) is:
Outside your DHCP range to avoid conflicts
Within your network subnet
Reserved in your router’s DHCP settings
Firewall Configuration Required Ports The following ports must be accessible on the server:
Port Service Protocol Required Description 8080Nginx (Frontend) TCP ✅ Yes Web application access 3001Node.js API TCP ⚠️ Optional API endpoint (if not proxied through Nginx) 3306MySQL TCP ❌ No Database (internal only, should not be exposed) 8081Adminer TCP ❌ No Database admin tool (optional, development only)
Best Practice: Only expose port 8080 publicly. The API (3001) should be accessed through Nginx’s proxy configuration. MySQL (3306) should never be exposed to the network.
Linux Firewall (UFW)
Install and Enable UFW
# Ubuntu/Debian sudo apt-get install ufw # Enable firewall sudo ufw enable
Configure Default Policies
# Deny all incoming by default sudo ufw default deny incoming # Allow all outgoing by default sudo ufw default allow outgoing
Open Required Ports
# Allow SSH (important - don't lock yourself out!) sudo ufw allow 22/tcp # Allow web application sudo ufw allow 8080/tcp comment 'APTIV Scrap Control - Web' # Optional: Allow API direct access (if needed) sudo ufw allow 3001/tcp comment 'APTIV Scrap Control - API' # Optional: Allow Adminer (development only) # sudo ufw allow 8081/tcp comment 'APTIV Scrap Control - Adminer'
Verify Rules
Expected output: Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 8080/tcp ALLOW Anywhere # APTIV Scrap Control - Web 3001/tcp ALLOW Anywhere # APTIV Scrap Control - API
Linux Firewall (firewalld)
Configure firewalld (CentOS/RHEL)
# Start and enable firewalld sudo systemctl start firewalld sudo systemctl enable firewalld # Open ports sudo firewall-cmd --permanent --add-port=8080/tcp sudo firewall-cmd --permanent --add-port=3001/tcp # Reload firewall sudo firewall-cmd --reload # Verify sudo firewall-cmd --list-all
Windows Firewall
Open Windows Firewall with Advanced Security
Press Win + R , type wf.msc, press Enter
Create Inbound Rules
For each port (8080, 3001):
Click Inbound Rules → New Rule
Select Port → Next
Select TCP , enter port number → Next
Select Allow the connection → Next
Check all profiles (Domain, Private, Public) → Next
Name: “APTIV Scrap Control - Web” → Finish
Verify Rules
# PowerShell command to list firewall rules Get-NetFirewallRule | Where-Object { $_ .DisplayName -like "*APTIV*" }
Testing Port Accessibility From a client machine on the network:
Linux/Mac
Windows
Using curl
# Test port connectivity nc -zv 192.168.1.100 8080 nc -zv 192.168.1.100 3001 # Alternative with telnet telnet 192.168.1.100 8080
Client Configuration Accessing the Application Clients can access the system using:
Web Interface: http://192.168.1.100:8080
API Endpoint (if exposed): http://192.168.1.100:3001/api
Browser Requirements
Supported Browsers
Google Chrome 90+ (recommended)Mozilla Firefox 88+Microsoft Edge 90+Safari 14+ (macOS/iOS) Requirements:
JavaScript enabled
Cookies enabled
LocalStorage enabled (for token persistence)
Bookmark Setup for Users Create bookmarks or desktop shortcuts for easy access:
Chrome/Firefox Bookmark
Windows Desktop Shortcut
Linux Desktop Shortcut
Name: APTIV Scrap Control URL: http://192.168.1.100:8080
DNS Configuration (Optional) Local DNS with Hosts File Instead of using IP addresses, configure a friendly hostname:
Edit Hosts File on Each Client
sudo nano /etc/hosts # Add line: 192.168.1.100 aptiv-scrap.local
Access with Hostname
Users can now access via: http://aptiv-scrap.local:8080
Router-Based DNS For organization-wide configuration, add a DNS entry in your router:
Access router admin panel (typically 192.168.1.1)
Navigate to DNS Settings or Local DNS
Add entry:
Hostname: aptiv-scrapIP Address: 192.168.1.100
Save and apply
Clients can now use: http://aptiv-scrap:8080
Network Troubleshooting Cannot Access from Client
Verify Server is Running
On the server: docker-compose ps curl http://localhost:8080
Test Network Connectivity
From client: # Ping server ping 192.168.1.100 # Test port telnet 192.168.1.100 8080
Check Firewall Rules
On server: # Linux sudo ufw status sudo iptables -L -n # Check listening ports sudo netstat -tlnp | grep -E '8080|3001'
Verify Docker Port Bindings
docker ps --format "table {{.Names}}\t{{.Ports}}"
Should show: NAMES PORTS aptiv-scrap-web 0.0.0.0:8080->80/tcp aptiv-scrap-api 0.0.0.0:3001->3001/tcp
Performance Optimization Check network bandwidth: # Install iperf3 sudo apt-get install iperf3 # On server: iperf3 -s # On client: iperf3 -c 192.168.1.100
Nginx gzip is enabled in the configuration to compress responsesStatic assets are cached for 1 year to reduce repeated downloadsConnection Timeout # Increase Nginx timeout in nginx.conf location /api/ { proxy_pass http://api:3001 ; proxy_read_timeout 300s ; proxy_connect_timeout 300s ; proxy_send_timeout 300s ; }
CORS Errors If accessing from a different domain or port, ensure CORS is configured in the API:
// API server should have: const cors = require ( 'cors' ); app . use ( cors ({ origin: [ 'http://192.168.1.100:8080' , 'http://aptiv-scrap.local:8080' ], credentials: true }));
Advanced Network Configurations Reverse Proxy with Custom Domain For accessing via a custom domain (e.g., scrap.aptiv.com):
Configure External DNS
Point domain A record to server’s public IP
Set Up SSL with Let's Encrypt
# Install certbot sudo apt-get install certbot python3-certbot-nginx # Obtain certificate sudo certbot --nginx -d scrap.aptiv.com
Update Nginx Configuration
server { listen 443 ssl http2; server_name scrap.aptiv.com; ssl_certificate /etc/letsencrypt/live/scrap.aptiv.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/scrap.aptiv.com/privkey.pem; # ... rest of configuration } server { listen 80 ; server_name scrap.aptiv.com; return 301 https://$ server_name $ request_uri ; }
VPN Access for Remote Users For secure remote access:
Set up VPN server (OpenVPN, WireGuard)Configure VPN clients with credentialsRoute LAN traffic through VPN tunnelAccess application via VPN as if on local network
Load Balancing (Multiple Instances) For high availability, run multiple API instances:
upstream api_backend { least_conn ; server api1:3001; server api2:3001; server api3:3001; } location /api/ { proxy_pass http://api_backend; }
Security Best Practices
Use HTTPS in Production
Always enable SSL/TLS for encrypted communication:
Obtain SSL certificate (Let’s Encrypt is free)
Configure Nginx with SSL
Redirect HTTP to HTTPS
Implement Network Segmentation
Place database on private network segment
Use firewall rules to restrict MySQL to API container only
Isolate management interfaces (Adminer) from production network
Regular Security Audits
# Scan for open ports nmap 192.168.1.100 # Check for vulnerable packages docker scan aptiv-scrap-api # Review firewall logs sudo tail -f /var/log/ufw.log
Rate Limiting
Already configured in Nginx to prevent abuse: limit_req_zone $ binary_remote_addr zone=api_limit:10m rate=10r/s; location /api/ { limit_req zone=api_limit burst=20 nodelay; }
Network Documentation Template Maintain network documentation for your deployment:
# APTIV Scrap Control - Network Configuration ## Server Details - **Hostname:** aptiv-scrap-server - **IP Address:** 192.168.1.100 - **Subnet Mask:** 255.255.255.0 - **Gateway:** 192.168.1.1 - **DNS:** 8.8.8.8, 8.8.4.4 ## Services - **Web (Nginx):** Port 8080 - **API (Node.js):** Port 3001 (internal) - **Database (MySQL):** Port 3306 (internal) ## Firewall Rules - Allow 8080/tcp from 192.168.1.0/24 - Allow 22/tcp from admin subnet - Deny all others ## Access URLs - **Production:** http://192.168.1.100:8080 - **API Health:** http://192.168.1.100:3001/api/health ## Backup Schedule - Daily database backups at 2:00 AM - Weekly full system backup on Sundays ## Contacts - **IT Administrator:** [email protected] - **Network Engineer:** [email protected]
Next Steps
User Management Set up users, roles, and permissions
Monitoring Setup Configure logging and health monitoring
Backup Procedures Implement automated backup strategies
Security Hardening Additional security measures