JetBrains/Teamtools 在 docker 容器中 "Could not listen on address 0.0.0.0 and port 443"
JetBrains/Teamtools in docker container "Could not listen on address 0.0.0.0 and port 443"
问题
我正在尝试在 docker 容器中设置 JetBrains Hub、Youtrack、Upsource 和 Teamcity,并将每个配置为在默认端口 80 重定向到 443 时在它们自己的 IP (macvlan) 上可用,并且HTTPS 为 443(因此端口号不会显示在浏览器中)。
但是,如果我这样做,我会得到:
Could not listen on address 0.0.0.0 and port 443
将 teamtools 保留在其默认端口 8080 和 8443 上或为它们提供超过 2000 的端口似乎也可以。
我检查了 fuser 443/tcp
和 netstat -tulpn
但端口 80 或 443 上没有任何 运行。(必须为容器中的那些安装包)
我尝试将监听地址设置为 NIC IP 或 172.0.0.1,但也被拒绝:
root@teamtools [ /opt/teamtools ]# docker run --rm -it \
-v /opt/hub/data:/opt/hub/data \
-v /opt/hub/conf:/opt/hub/conf \
-v /opt/hub/logs:/opt/hub/logs \
-v /opt/hub/backups:/opt/hub/backups \
jetbrains/hub:2018.2.9840 \
configure --listen-address=192.168.1.211
* Configuring JetBrains Hub 2018.2
* Setting property 'listen-address' to '192.168.1.211' from arguments
[APP-WRAPPER] Failed to configure Hub: java.util.concurrent.ExecutionException: com.jetbrains.bundle.exceptions.BadConfigurationException: Could not listen on address {192.168.1.211} . Please specify another listen address in property listen-address
问题:
- 为什么我不能设置端口 80 和 443?
- 为什么它对端口有效
2000?
- 如何在没有反向代理的情况下完成这项工作?
(反向代理带来了一大堆其他问题,我试图通过此设置避免这些问题)
设置
ESXi 6.7 Host
- vSwitch0 (Allow promiscuous mode: Yes)
- port group: VM Netork (Allow promiscuous mode: No)
- other VMs
- port group: Promiscuous Ports (Allow promiscuous mode: Yes)
- Teamtools VM (Photon OS 2.0, IP: 192.168.1.210)
- firewall based on: https://unrouted.io/2017/08/15/docker-firewall/
- docker/docker-compose
- hub (IP: 192.168.1.211:80/443)
- youtrack (IP: 192.168.1.212:80/443)
- upsource (IP: 192.168.1.213:80/443)
- teamcity-server (IP: 192.168.1.214:80/443)
- teamcity_db (MariaDB 10.3) (IP: 192.168.1.215:3306)
docker-compose.yml
version: '2'
networks:
macnet:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
services:
hub:
# set a custom container name so no more than one container can be created from this config
container_name: hub
image: "jetbrains/hub:2018.2.9840"
restart: unless-stopped
volumes:
- /opt/hub/data:/opt/hub/data
- /opt/hub/conf:/opt/hub/conf
- /opt/hub/logs:/opt/hub/logs
- /opt/hub/backups:/opt/hub/backups
- /opt/teamtools:/opt/teamtools
expose:
- "80"
- "443"
- "8080"
- "8443"
networks:
macnet:
ipv4_address: 192.168.1.211
domainname: office.mydomain.com
hostname: hub
environment:
- "JAVA_OPTS=-J-Djavax.net.ssl.trustStore=/opt/teamtools/certs/keyStore.p12 -J-Djavax.net.ssl.trustStorePassword=xxxxxxxxxxxxxx"
...
Upsource 由非 root 用户 jetbrans 运行 提供。
https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html
问题
我正在尝试在 docker 容器中设置 JetBrains Hub、Youtrack、Upsource 和 Teamcity,并将每个配置为在默认端口 80 重定向到 443 时在它们自己的 IP (macvlan) 上可用,并且HTTPS 为 443(因此端口号不会显示在浏览器中)。
但是,如果我这样做,我会得到:
Could not listen on address 0.0.0.0 and port 443
将 teamtools 保留在其默认端口 8080 和 8443 上或为它们提供超过 2000 的端口似乎也可以。
我检查了 fuser 443/tcp
和 netstat -tulpn
但端口 80 或 443 上没有任何 运行。(必须为容器中的那些安装包)
我尝试将监听地址设置为 NIC IP 或 172.0.0.1,但也被拒绝:
root@teamtools [ /opt/teamtools ]# docker run --rm -it \
-v /opt/hub/data:/opt/hub/data \
-v /opt/hub/conf:/opt/hub/conf \
-v /opt/hub/logs:/opt/hub/logs \
-v /opt/hub/backups:/opt/hub/backups \
jetbrains/hub:2018.2.9840 \
configure --listen-address=192.168.1.211
* Configuring JetBrains Hub 2018.2
* Setting property 'listen-address' to '192.168.1.211' from arguments
[APP-WRAPPER] Failed to configure Hub: java.util.concurrent.ExecutionException: com.jetbrains.bundle.exceptions.BadConfigurationException: Could not listen on address {192.168.1.211} . Please specify another listen address in property listen-address
问题:
- 为什么我不能设置端口 80 和 443?
- 为什么它对端口有效 2000?
- 如何在没有反向代理的情况下完成这项工作? (反向代理带来了一大堆其他问题,我试图通过此设置避免这些问题)
设置
ESXi 6.7 Host
- vSwitch0 (Allow promiscuous mode: Yes)
- port group: VM Netork (Allow promiscuous mode: No)
- other VMs
- port group: Promiscuous Ports (Allow promiscuous mode: Yes)
- Teamtools VM (Photon OS 2.0, IP: 192.168.1.210)
- firewall based on: https://unrouted.io/2017/08/15/docker-firewall/
- docker/docker-compose
- hub (IP: 192.168.1.211:80/443)
- youtrack (IP: 192.168.1.212:80/443)
- upsource (IP: 192.168.1.213:80/443)
- teamcity-server (IP: 192.168.1.214:80/443)
- teamcity_db (MariaDB 10.3) (IP: 192.168.1.215:3306)
docker-compose.yml
version: '2'
networks:
macnet:
driver: macvlan
driver_opts:
parent: eth0
ipam:
config:
- subnet: 192.168.1.0/24
gateway: 192.168.1.1
services:
hub:
# set a custom container name so no more than one container can be created from this config
container_name: hub
image: "jetbrains/hub:2018.2.9840"
restart: unless-stopped
volumes:
- /opt/hub/data:/opt/hub/data
- /opt/hub/conf:/opt/hub/conf
- /opt/hub/logs:/opt/hub/logs
- /opt/hub/backups:/opt/hub/backups
- /opt/teamtools:/opt/teamtools
expose:
- "80"
- "443"
- "8080"
- "8443"
networks:
macnet:
ipv4_address: 192.168.1.211
domainname: office.mydomain.com
hostname: hub
environment:
- "JAVA_OPTS=-J-Djavax.net.ssl.trustStore=/opt/teamtools/certs/keyStore.p12 -J-Djavax.net.ssl.trustStorePassword=xxxxxxxxxxxxxx"
...
Upsource 由非 root 用户 jetbrans 运行 提供。 https://www.w3.org/Daemon/User/Installation/PrivilegedPorts.html