• hperrin@lemmy.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    18 小时前

    That’s because 8080 is the official unprivileged alternative port for 80, the HTTP port. Web developers are usually using HTTP, so this makes perfect sense. If it supports HTTPS, then 8443, though that one isn’t official.

    I run a few open source server projects, and they usually default to 8080 for this reason. I have one that uses 8888, and that’s only because it’s meant for temporary ad-hoc servers.

    I’m working on an SFTP server, and it will use 2222, because that’s the most common unprivileged alternative port. There is no official alternative for SSH.

  • Mora@pawb.social
    link
    fedilink
    arrow-up
    24
    ·
    2 天前

    As long as it is configurable, ideally via env, I dont care about the port.

    This could be important for restricted Kubernetes clusters (or certain Gluetun configs). Don’t be Nextcloud with their default port of 80 in their Apache image with only hacky ways to change that. God, I hate Nextcloud. They are truly becoming the next Wordpress.

    • kassiopaea@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      5
      ·
      1 天前

      Vaulwarden does this and I’m really frustrated that I have to cap_add NET_BIND_SERVICE in my rootless setup just to make my password server run.

      • gray@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        19 小时前

        Are you sure you need that? I just added a —user to the docker run and it started just fine on port 80 in the container.

        • kassiopaea@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          15 小时前

          I’m using podman, and I don’t like the practice of unnecessarily setting UIDs. NET_BIND_SERVICE is exactly the flag it needs to set port 80 and it doesn’t potentially complicate accessing the files for maintenance. Does your system have SELinux? If not, that might be why you don’t need it lol.

      • Mora@pawb.social
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        1 天前

        Unless I am missing some obvious setting: Restricted Kubernetes doesnt work like that. You have to run the container with a non-root UID (usually something upwards of a million). Non-root users however can’t reserve ports below 1025. Nextcloud builds on the default php-apache image which comes with the default apache ports.conf (Listen 80).

        So now this has to be overwritten either by making a custom build (which may require creating a custom build pipeline) or by mounting a new config file (e.g. via ConfigMap) else it wont start. Both are an additional update risk which now has to be documented and checked before updating in addition to changes from the normal nextcloud changelog.

        Similiar issues probably appear with rootless docker/podman unless you add extra capabilities, which is not possible in restricted kubernetes settings.

        • Jakeroxs@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          ·
          1 天前

          I know nothing about k8s, just started with a homelab using primarily docker in an Ubuntu LXC in proxmox and have been using the nextcloud image via docker compose on a different port by simply editing the compose to outwardly point to a different port, inside the docker container my understanding is it all still uses port 80, thereby causing no further issues with the application.

          • Mora@pawb.social
            link
            fedilink
            arrow-up
            1
            ·
            23 小时前

            Welcome to the community then :) For rootful Docker you are correct - the inside port can be 80 and you can expose it on whatever port you want (ideally you expose it only via reverse proxy and not by port - I can recommend Caddy-Docker-Proxy for that)

              • Mora@pawb.social
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                20 小时前

                Absolutely, it is not necessary if the proxy can reach the service in other ways (e.g. a shared network). Some non-http services don’t like to be proxied though. Some constellations where the proxy is not on the same host as the containers may also make it necessary. My answer was based on the possibility to not have the same inside/outside port, not necessarily the need though😉

  • whyrat@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    ·
    2 天前

    Doesn’t matter; we’ll map it to whatever the environment needs in the docker-compose.yaml.

  • Lucy :3@feddit.org
    link
    fedilink
    arrow-up
    29
    ·
    2 天前

    Unix sockets all the way. The only open ports for web traffic should be the reverse proxy (so nginx).

    • BakedCatboy@lemmy.ml
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 天前

      Back in the day I home hosted shit using http over 443 because my ISP blocked 80 inbound but not 443. It was a little weird but it worked lmao.

  • kibiz0r@midwest.social
    link
    fedilink
    English
    arrow-up
    12
    ·
    2 天前

    Call me crazy, but I like default ports to look like default ports. If I want it to stick around, I’ll pick a port on my own.