7d ago

When webdevs choosing port for their app

49 comments

go2rtc, a camera streaming tool that's useful for security cameras, at least has some humor in their choice --- port 1984, of course.
- Okay, that's pretty good.
- Whatever dev came up with that was probably very proud.
As long as it is configurable, ideally via env, I dont care about the port.
This could be important for restricted Kubernetes clusters (or certain Gluetun configs). Don't be Nextcloud with their default port of 80 in their Apache image with only hacky ways to change that. God, I hate Nextcloud. They are truly becoming the next Wordpress.
- Vaulwarden does this and I'm really frustrated that I have to cap_add NET_BIND_SERVICE in my rootless setup just to make my password server run.
  
  Are you sure you need that? I just added a —user to the docker run and it started just fine on port 80 in the container.
- The docker image you just set the port like any other program.
  
  Unless I am missing some obvious setting: Restricted Kubernetes doesnt work like that. You have to run the container with a non-root UID (usually something upwards of a million). Non-root users however can't reserve ports below 1025. Nextcloud builds on the default php-apache image which comes with the default apache ports.conf (Listen 80).
  So now this has to be overwritten either by making a custom build (which may require creating a custom build pipeline) or by mounting a new config file (e.g. via ConfigMap) else it wont start. Both are an additional update risk which now has to be documented and checked before updating in addition to changes from the normal nextcloud changelog.
  Similiar issues probably appear with rootless docker/podman unless you add extra capabilities, which is not possible in restricted kubernetes settings.
Doesn't matter; we'll map it to whatever the environment needs in the docker-compose.yaml.
Unix sockets all the way. The only open ports for web traffic should be the reverse proxy (so nginx).
- Or Caddy (simpler than and imho spiritual successor to nginx).
  Or Traefik (has loads of convenient middlewares for reverse proxy stuff).
  Or Apache (if it is somehow better suited to your use case).
- Is haproxy okay?
  
  haproxy is awesome
  
  Seeing that Red Hat also uses this in OpenShift: no. _/s
- I use docker ports but only allow the loopback like this: 127.0.0.1:11551:80
  And then serve that app with the reverse proxy.
All my homies use :3000
- :3
adds a one to it
next app...

ports: - 8081:8081
Ughhhhh
Psh, we choose 443 and you know it! Just don’t ask me if we correctly enabled HTTPS…
- Back in the day I home hosted shit using http over 443 because my ISP blocked 80 inbound but not 443. It was a little weird but it worked lmao.
  
  I run ssh over 443 because every network out there seems to block non-http ports.
I like 6969
- 4200 or 10420 too
- Nice
I mean, if you're serving over http, that is the port for it
- Isn't it port 80?
  
  It's both
Call me crazy, but I like default ports to look like default ports. If I want it to stick around, I’ll pick a port on my own.
Imagine using 8081 while 8080 is free. Truly criminal
- You also see a fair bit of 8001 iirc
9090
8888
Can't use 80 or 8080? Lets use 12380!
Everyone out here acting like they don't use 9001
Me: 5000 it is.
- Arg, my Synology servers are down. Thanks.
  
  Hehe.
50501?

49 comments