When webdevs choosing port for their app
-
I mean, if you're serving over http, that is the port for it
Isn't it port 80?
-
Isn't it port 80?
It's both
-
go2rtc, a camera streaming tool that's useful for security cameras, at least has some humor in their choice --- port 1984, of course.
Whatever dev came up with that was probably very proud.
-
It's both
We apparently could have been using 8008 this entire time for the same thing and we haven't and I'm a little sour now.
-
Is haproxy okay?
haproxy is awesome
-
We apparently could have been using 8008 this entire time for the same thing and we haven't and I'm a little sour now.
Me & the boys serving http on the boob port
-
As long as it is configurable, ideally via env, I dont care about the port.
This could be important for restricted Kubernetes clusters (or certain Gluetun configs). Don't be Nextcloud with their default port of 80 in their Apache image with only hacky ways to change that. God, I hate Nextcloud. They are truly becoming the next Wordpress.
The docker image you just set the port like any other program.
-
As long as it is configurable, ideally via env, I dont care about the port.
This could be important for restricted Kubernetes clusters (or certain Gluetun configs). Don't be Nextcloud with their default port of 80 in their Apache image with only hacky ways to change that. God, I hate Nextcloud. They are truly becoming the next Wordpress.
Vaulwarden does this and I'm really frustrated that I have to
cap_add NET_BIND_SERVICEin my rootless setup just to make my password server run. -
The docker image you just set the port like any other program.
wrote last edited by [email protected]Unless I am missing some obvious setting:
Restricted Kubernetes doesnt work like that. You have to run the container with a non-root UID (usually something upwards of a million). Non-root users however can't reserve ports below 1025. Nextcloud builds on the default php-apache image which comes with the default apache ports.conf (Listen 80).So now this has to be overwritten either by making a custom build (which may require creating a custom build pipeline) or by mounting a new config file (e.g. via ConfigMap) else it wont start. Both are an additional update risk which now has to be documented and checked before updating in addition to changes from the normal nextcloud changelog.
Similiar issues probably appear with rootless docker/podman unless you add extra capabilities, which is not possible in restricted kubernetes settings.
-
This post did not contain any content.
I like 6969
-
Me & the boys serving http on the boob port
I'd suckle that server
-
Unless I am missing some obvious setting:
Restricted Kubernetes doesnt work like that. You have to run the container with a non-root UID (usually something upwards of a million). Non-root users however can't reserve ports below 1025. Nextcloud builds on the default php-apache image which comes with the default apache ports.conf (Listen 80).So now this has to be overwritten either by making a custom build (which may require creating a custom build pipeline) or by mounting a new config file (e.g. via ConfigMap) else it wont start. Both are an additional update risk which now has to be documented and checked before updating in addition to changes from the normal nextcloud changelog.
Similiar issues probably appear with rootless docker/podman unless you add extra capabilities, which is not possible in restricted kubernetes settings.
I know nothing about k8s, just started with a homelab using primarily docker in an Ubuntu LXC in proxmox and have been using the nextcloud image via docker compose on a different port by simply editing the compose to outwardly point to a different port, inside the docker container my understanding is it all still uses port 80, thereby causing no further issues with the application.
-
Imagine using 8081 while 8080 is free. Truly criminal
You also see a fair bit of 8001 iirc
-
I know nothing about k8s, just started with a homelab using primarily docker in an Ubuntu LXC in proxmox and have been using the nextcloud image via docker compose on a different port by simply editing the compose to outwardly point to a different port, inside the docker container my understanding is it all still uses port 80, thereby causing no further issues with the application.
Welcome to the community then
For rootful Docker you are correct - the inside port can be 80 and you can expose it on whatever port you want (ideally you expose it only via reverse proxy and not by port - I can recommend Caddy-Docker-Proxy for that) -
Welcome to the community then
For rootful Docker you are correct - the inside port can be 80 and you can expose it on whatever port you want (ideally you expose it only via reverse proxy and not by port - I can recommend Caddy-Docker-Proxy for that)I use Traefik already, but thank you!
-
I use Traefik already, but thank you!
Also a great choice
-
Also a great choice
Got me curious on rootless vs root docker, there's so much.
-
Welcome to the community then
For rootful Docker you are correct - the inside port can be 80 and you can expose it on whatever port you want (ideally you expose it only via reverse proxy and not by port - I can recommend Caddy-Docker-Proxy for that)If you're using a reverse-proxy, why bother mapping ports at all?
-
If you're using a reverse-proxy, why bother mapping ports at all?
wrote last edited by [email protected]Absolutely, it is not necessary if the proxy can reach the service in other ways (e.g. a shared network). Some non-http services don't like to be proxied though. Some constellations where the proxy is not on the same host as the containers may also make it necessary. My answer was based on the possibility to not have the same inside/outside port, not necessarily the need though
-
Got me curious on rootless vs root docker, there's so much.
Since rootless docker is (mostly) a security improvement, here is a interesting list of other Docker realted security tips I like to consult: https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
