SOLVED container port forward to privileged port

Grinas

Grinas

Contributor
Joined
May 4, 2017
Messages
174
Just migrating to scale from truenas and i am unable to port foward to a privileged port. It shows i as ok in the UI but when i do a Nmap port scan it shows closed but the port im forwarding from is open.

basically i just want all my web apps on the same port(80) so i dont have the remember the soecific port for each app along with dns name or ip.

i done similar with truenas core using a firewall rule do i have to do the same here.

SOLVED - jail running service on privileged port <1024

A while back i tired to change all the default port that my jails used to port 80 or 443 as I have so many I can not remember most of them and have to google search to find the correct port. e.g couch potato uses 5050, sickchill uses 8080. The problem is that when i change the port in the...
www.truenas.com www.truenas.com
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
So you want a reverse proxy then... Traefik or Nginx Proxy Manager...

You can't match what you did with jails in Kubernetes outside of the port forwarding already allowed in the config of each app. (maybe that's what you're talking about if you've done the work to get a load balancer assigning an IP per app, but then can't work with the ports as the network becomes native to the container)
 
Grinas

Grinas

Contributor
Joined
May 4, 2017
Messages
174
All my containers are built with my own docker images and all seem to have their own separate IPs and not using the truenas host IP. All images are debian based so I can install software on them.

I'm interested what is the purpose of the port forwarding feature as it doesn't seem to work for me and is it possible to just install a FW software on the container images and do what I done in jails?

I tired using the port forwarding to map the app port on all containers to 9500 but that didn't work either.
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
Grinas said:
All images are debian based so I can install software on them.
Click to expand...
I think you might be missing the point of containers a bit. Containers should be ephemeral and contain no work that needs saving... containers may be recreated at any time without losing work (volume/bind mounts are to store that work).
Grinas said:
I'm interested what is the purpose of the port forwarding feature as it doesn't seem to work for me
Click to expand...
Because that's intended to work with the host network stack to redirect the port when sharing the host's IP (which you're not doing).

It seems to me that what you really want is not to care about the port mapping... so why not use the technology that's intended byKubernetes to deal with that: ingress (with something like Traefik)
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
If you are using your own IP in each docker container, there is no need to port forward. Use the port directly with the containers IP. I do that with several apps, no issue at all.
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,703
The desired result is to have all apps use the same port, regardless of the default for the app.

Clearly the simple answer to this is the setting in each app that allows setting that port...
 
S

sfatula

Guru
Joined
Jul 5, 2022
Messages
608
I'm unclear what he is looking for. He says he wants them all to use port 80, and they are web apps, and they all have unique IPs. Therefore, they are all using port 80 if they are web apps. Though that's not making much sense anyway as they wouldn't need their own containers but anyway. What confuses me is "so i dont have the remember the soecific port for each app along with dns name or ip". For me, I read that as he doesn't want to remember the specific port 'in addition to' DNS name or IP. He has to memorize something even with a reverse proxy.
 
Grinas

Grinas

Contributor
Joined
May 4, 2017
Messages
174
sretalla said:
I think you might be missing the point of containers a bit. Containers should be ephemeral and contain no work that needs saving... containers may be recreated at any time without losing work (volume/bind mounts are to store that work).

Because that's intended to work with the host network stack to redirect the port when sharing the host's IP (which you're not doing).

It seems to me that what you really want is not to care about the port mapping... so why not use the technology that's intended byKubernetes to deal with that: ingress (with something like Traefik)
Click to expand...
I should of been more clear the containers are running custom images as the standard images don't have additional tools installed that i require. The data for each container is stored on the pool.

I just updated the images to use the same ports as i dont want to run additional containers just for this.

thanks for the help
 
You must log in or register to reply here.

Similar threads

Grinas
weird container networking issues
Replies
0
Views
469
Grinas
Grinas
L
Plex port is "Closed"
Replies
0
Views
1K
LMCDZ
L
S
k3s kubectl port-forward fails due to missing socat
Replies
1
Views
1K
shaduw
S
R
Nginx Proxy Manager Setup
Replies
1
Views
2K
marshalleq
marshalleq
R
Monitor with Zabbix port 10050 connection refused
Replies
0
Views
2K
Red-Doug
R
Top