Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installing caprover on custom ports (not 80,443,3000). Tested on synology nas. Changes for https://github.com/caprover/caprover/issues/776 #2220

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

raisercostin
Copy link

@raisercostin raisercostin commented Dec 8, 2024

Added some env variables to control the HOST ports (external ports): CAPTAIN_HOST_HTTP_PORT (to change from 80), CAPTAIN_HOST_HTTPS_PORT (to change 443), CAPTAIN_HOST_ADMIN_PORT (to change 3000).

Also defined CONTAINER PORTS that never needs to change since are the ports inside containers. But is good to have as variables to be explicit that are CONTAINER and not HOST ports.

Changes for:

I was able to run caprover on synology that doesn't allow 80 and 443. This is also made possible by being able to get https certificates with dns challange (https://caprover.com/docs/certbot-config.html#customize-certbot-command-to-use-dns-01-challenge)

image

… control the HOST (external) ports: CAPTAIN_HOST_HTTP_PORT (to change from 80), CAPTAIN_HOST_HTTPS_PORT (to change 443), CAPTAIN_HOST_ADMIN_PORT (to change 3000).

Also defined CONTAINER PORTS that never needs to change since are the ports inside containers. But is good to have as variables to be explicit that are CONAINER and not HOST ports.
Copy link
Collaborator

@githubsaturn githubsaturn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Just a couple of comments.

Have you tested enabling HTTPS with Let'sEncrypt? I am not sure how it works with ports other than 80/443

.editorconfig Outdated Show resolved Hide resolved
src/utils/EnvVars.ts Outdated Show resolved Hide resolved
src/utils/EnvVars.ts Outdated Show resolved Hide resolved
src/utils/EnvVars.ts Outdated Show resolved Hide resolved
@raisercostin
Copy link
Author

From my investigations HTTP-01 challenge will not work on other ports - https://letsencrypt.org/docs/challenge-types/#http-01-challenge. But in a normal/my setup you have a router that is doing port forwarding (from 80 -> 10080 and 443->10443 in my case) and I assume will work. I tested with DNS-01 challenge since is also more robust for root and wildcard as well - https://letsencrypt.org/docs/challenge-types/#dns-01-challenge (see #2222 )

@raisercostin
Copy link
Author

@githubsaturn Please let me know if I need to fix something more.

Copy link
Collaborator

@githubsaturn githubsaturn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I missed the previous round. Just a final round of comments. Also if you can fix the build issue. Perhaps just formatting issues?

Looks great! Thanks for getting this together.

Just to confirm, this won't work out of the box with Let'sEncrypt etc, right? This assumes that there is a port forwarder somewhere in front of the server that forwards 80/443 to the custom ports on the server?

{
protocol: 'udp',
publishMode: 'host',
containerPort: 80,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need udp/80?

@@ -87,7 90,7 @@ const data = {

isDebug: EnvVars.CAPTAIN_IS_DEBUG,

captainServiceExposedPort: 3000,
captainServiceExposedPort: configs.adminPortNumber3000,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this variable is just now a mirror for configs.adminPortNumber3000 - should we remove it completely and replace the callsites with CaptainConstants.configs.adminPortNumber3000 ?

return DockerApi.get().pullImage(imageName, undefined)
return DockerApi.get().pullImage(imageName, undefined).catch(function (onrejected) {
console.log(`Continnuing failed pull, maybe image already exists: ${imageName}.`, onrejected)
return Promise.resolve()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check was added to early exit in cases where images cannot be fetched from Dockerhub due to firewall restrictions. I understand it was needed for debugging, but let's revert it for prod.

Maybe as a separate change, we can actually check if the image exists already and only then let go of the error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants