Hi everyone, I’ve something thats driving me up the wall at the moment. After successfully deploying my Xibo 2.3.2 docker and importing my old XIBO SQL data I have my entire environment moved to dockerized Xibo.
Super happy about that.
However, I am trying to get Xibo to play nice with jwilder’s nginx-proxy but it simply is not having it.
In order to get this to work I moved xibo to a random port as you can see below.
5ef39849cf94 xibosignage/xibo-cms:release-2.3.2 “/entrypoint.sh” 3 seconds ago Up 1 second 80/tcp, 0.0.0.0:1337->1337/tcp xibo_cms-web_1
However as you can see 80/tcp is still listed and I can find no way to get rid of it. Any ideas why it is still listed?
There is no reference to it in the config,env or any of the yml files.
Name Command State Ports
-----------------------------------------------------------------------------------------------
xibo_cms-db_1 docker-entrypoint.sh mysqld Up 3306/tcp
xibo_cms-quickchart_1 yarn start Up 3400/tcp
xibo_cms-web_1 /entrypoint.sh Up 0.0.0.0:1337->1337/tcp, 80/tcp
xibo_cms-xmr_1 /entrypoint.sh Up 50001/tcp, 0.0.0.0:9505->9505/tcp
docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5ef39849cf94 xibosignage/xibo-cms:release-2.3.2 "/entrypoint.sh" 2 days ago Up 2 days 80/tcp, 0.0.0.0:1337->1337/tcp xibo_cms-web_1
a03739b851a8 xibosignage/xibo-xmr:release-0.8 "/entrypoint.sh" 2 days ago Up 2 days 0.0.0.0:9505->9505/tcp, 50001/tcp xibo_cms-xmr_1
a24c3e40cf6f mysql:5.6 "docker-entrypoint.s…" 2 days ago Up 2 days 3306/tcp xibo_cms-db_1
3bd3b539cfa2 ianw/quickchart "yarn start" 2 days ago Up 2 days 3400/tcp xibo_cms-quickchart_1
9a9dc1d57eb1 jwilder/nginx-proxy "/app/docker-entrypo…" 2 days ago Up 2 days 0.0.0.0:80->80/tcp flamboyant_bouman
If I stop 9a9dc1d57eb1 (the nginx-proxy) and do a netstat,:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::1337 :::* LISTEN
tcp6 0 0 :::9505 :::* LISTEN
seems like web_cms isnt actually listening on port 80 any interface even though its listed as an exposed port?
While I still can’t figure out why port 80 is still listed as exposed port, my problems with reverse proxying are solved, and entirely my fault for not taking into consideration UFW firewalling.
I hadn’t realized that UFW would block the different containers communicating with each other over exposed ports, but it most definitely does
I see what you mean now - the output there is showing you that the container exposes port 80, but there isn’t anything on the host side bound to it. Its like its saying “i’ve got port 80 exposed if you want it”. You would need to modify the compose file to add a port mapping if you actually wanted to bind to that.
It will do, but you probably don’t want the containers doing that. You want your reverse proxy bound to whatever ports on the host it needs (80/443) and then communicating with the appropriate containers from inside their private network (this is automatic if you’ve got them in the same docker-compose file).
If they aren’t in the same compose file you just use a named network and join the lot to that. Once they are in the same network you can proxy to http://cms-web
I think you misunderstood my question about the TCP/80. What I dont get is even though my compose file doesn’t reference port 80 anywhere, it still exposes it when I fire up xibo. I’ve tested this with a clean new installation too, configured xibo_cms to start on port 1234 and it will expose both 80 and 1234 it only listens on 1234 though.
As for the reverse proxy, thats exactly the setup i will be going for.The reverse proxy will be part of the private networks of the services it exposes to the “world”
If the port isn’t exposed, then it cannot be bound to. But it doesn’t mean its exposed to the host, it means its exposed to Docker and can be bound when its started.
I don’t think its anything to worry about, unless I’ve misunderstood your question again
