Installing caprover on custom ports (not 80,443,3000). Tested on synology nas. Changes for https://github.com/caprover/caprover/issues/776 #2220
Conversation
|
From my investigations HTTP-01 challenge will not work on other ports - https://letsencrypt.org/docs/challenge-types/#http-01-challenge. But in a normal/my setup you have a router that is doing port forwarding (from |
|
@githubsaturn Please let me know if I need to fix something more. |
There was a problem hiding this comment.
Sorry I missed the previous round. Just a final round of comments. Also if you can fix the build issue. Perhaps just formatting issues?
Looks great! Thanks for getting this together.
Just to confirm, this won't work out of the box with Let'sEncrypt etc, right? This assumes that there is a port forwarder somewhere in front of the server that forwards 80/443 to the custom ports on the server?
… control the HOST (external) ports: CAPTAIN_HOST_HTTP_PORT (to change from 80), CAPTAIN_HOST_HTTPS_PORT (to change 443), CAPTAIN_HOST_ADMIN_PORT (to change 3000). Also defined CONTAINER PORTS that never needs to change since are the ports inside containers. But is good to have as variables to be explicit that are CONAINER and not HOST ports.
44b6faf to
3c9d663
Compare
… admin port. Removed udp port, as is not needed now. Further cleanup.
Will not work out of the box because the default Let'sEncrypt is using http-01-challenge that is expecting port 80/443. Solutions:
Anyway without a forwarder the client/dashboard app must be changed to show and use the ports so maybe is not a good ideea. The main scenario that I'm expecting to be needed and I saw in all the issues is just the capability to run on any ports since they are occupied and have a forwarder with virtual hosting in front or just a router. |
|
This is a potentially exciting feature. I just had one quick last-minute thought, couldn't the port forwarding be done entirely within the same system? For example, to forward port 80 to port 8080, one could add the following to the top of Am I missing something, or could that be an approach to implementing this with I'm thinking that, if it could be done this way, then it could be scripted and made available as an optional setup routine that wouldn't require the user to manually configure anything, internally or otherwise. EDIT: Made the code reflect the example from https://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward. |
Having spent the last several minutes searching for someone documenting this exact process in the context of LE certificate requests, I must be missing something, if it were this easy it'd be an accepted solution all over the place, as this isn't an especially rare scenario. This is closest thing I've found, and while it doesn't necessarily support this approach for this explicit context, none of the replies seem to rule it out either: https://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward |
|
I wanted to add the capability to run on a different port like 10080/10443/13000(in my case was synology) because port 80/443 was already reserved by the system. In my case using port 80 was not possible at all. |
I managed to run a simple nginx proxy from 80 and 443 to 10083 and 10443 with this oneliner (switched to 10083 since 10080 is filtered by chrome/firefox as problematic): After this curl on http://localhost:80, http://localhost:10083, https://localhost:443 and https://localhost:10443 all should work. |
|
Thanks! |
| @@ -84,7 +84,7 @@ app.use(function (req, res, next) { | |||
| req.secure || req.get('X-Forwarded-Proto') === 'https' | |||
|
|
|||
| if (!isRequestSsl) { | |||
| const newUrl = `https://${req.get('host')}${req.originalUrl}` | |||
| const newUrl = `https://${req.hostname}:${CaptainConstants.configs.nginxPortNumber80}${req.originalUrl}` | |||
There was a problem hiding this comment.
This line turned out to introduced a bug. Fixed in 017bcca
Basically, it would redirect to https://captain.domain.com:80 - and port 80 is not listening for SSL connections.
|
Hi there! Still can't run on docker with different ports, i added -e CAPTAIN_HOST_HTTP_PORT=8080 and so on at the docker run execution still my caprover container keeps crashing after logging that i have to wait 60 seconds |
…js and should be the container port that is 3000 (used inside swarm). - https://github.com/search?q=repo%3Acaprover%2Fcaprover+serviceExposedPort&type=code Continues on caprover#2220 . Currently nginx cannot forward traffic to admin/3000 port (is using the one defined in configs.adminPortNumber3000).
…js and should be the container port that is 3000 (used inside swarm). - https://github.com/search?q=repo%3Acaprover%2Fcaprover+serviceExposedPort&type=code Continues on caprover#2220 . Currently nginx cannot forward traffic to admin/3000 port (is using the one defined in configs.adminPortNumber3000).
Added some env variables to control the HOST ports (external ports): CAPTAIN_HOST_HTTP_PORT (to change from 80), CAPTAIN_HOST_HTTPS_PORT (to change 443), CAPTAIN_HOST_ADMIN_PORT (to change 3000).
Also defined CONTAINER PORTS that never needs to change since are the ports inside containers. But is good to have as variables to be explicit that are CONTAINER and not HOST ports.
Changes for:
I was able to run caprover on synology that doesn't allow 80 and 443. This is also made possible by being able to get https certificates with dns challange (https://caprover.com/docs/certbot-config.html#customize-certbot-command-to-use-dns-01-challenge)