Customise Ghost port behind reverse-proxy #177
Comments
|
If you're configuring CaddyServer to act as a reverse-proxy, would it be easier to just point CaddyServer at the Ghost container port 2368 instead of port 80? That said, the reason you're getting an EACCES error when setting the port to 80 is that it's a protected port. Any ports below 1024 are considered "privileged" and as such require root access to run things on them. So, ultimately, Ghost is respecting your environment variable and attempting to bind to port 80, but because it's not running as root it gets an access error. |
|
Hi @acburdine. Thanks for the tip about privileged ports, I'd forgotten that. My issue with pointing CaddyServer at Ghost container port 2368 is that CaddyServer isn't listening on that port so I would then need to configure different Ghost URLs in my app depending on whether it's running on a client or server. Since it's an isomorphic app, I'd rather keep to a single URL if possible. |
|
You might be interested in moby/moby#8460 (comment), namely:
(Requires Linux 4.11+, but works well to remove the silly "privileged ports" restriction that doesn't make any sense inside an isolated network namespace.) |
|
(That and a reverse proxy using the port you want are the only real solutions I see, so if you don't have a kernel that's 4.11 or newer, your only option is unfortunately probably going to be using a reverse proxy in all cases.) |
|
@tianon thanks for the input. Since I'm deploying everything in Docker Swarm Mode stacks I can't use In the short term, it looks like my best solution might be to add Ghost's default port to my reverse-proxy and have that forward to my Ghost container. |
|
Makes sense -- so I guess you've got all the information on what your options are here. I'm going to close since there's nothing actionable for us. Thanks! (In the future, these sorts of questions/requests would be more appropriately posted to the Docker Community Forums, the Docker Community Slack, or Stack Overflow.) |
I'd like to be able to specify a different port for Ghost to run on. I'm running behind a reverse-proxy in Docker so I don't want to forward a host port directly to Ghost; I want to change Ghost itself to run on port 80.
I've tried setting the environment variable
server__port: 80, as the Ghost docs suggest this should be interpolated into its configuration. However, this results in anEACCESerror.I can see in the Dockerfile that the port is hard-coded to 2368 in a Ghost config command, so I guess this would need changing to allow a different port to be used. The Ghost docs show that the port can be customised and that config can be read from environment variables so it seems it should be possible to make the port customisable, rather than hard-coding it in the Dockerfile.
Does that sound achievable or have I missed something about how Ghost is bootstrapped that makes this impossible?
Why I want this (background)
I'm building an isomorphic web application, based on Next.js, which will display posts from a Ghost API running in the same Docker stack. Since it's isomorphic, my app needs to access the Ghost API on a consistent URL both from the server and from client web browsers. My development machine has no public URL so accessing the Ghost API from the server needs to route internally through the Docker network. The URL and port used to access the API needs to be the same from within Docker as it is from client web browsers.
One solution would be to forward Ghost's default port from the host machine directly to the Ghost container. My problem with that is I'm likely to run additional projects with a similar setup in future so this will cause port conflicts as soon as I run a second Ghost instance. All my other projects run behind a reverse proxy (Caddy Server) which handles SSL termination and forwards to port 80 on each of my services. I like this setup because it eliminates any chance of port conflicts and minimises the attack surface of my server since I know I can always keep it locked down to just two open ports (80 and 443).
In my mind, the simplest solution is to run Ghost on port 80, set a custom host in my Docker service config to handle internal traffic within the Docker network and configure CaddyServer to forward public requests for the same domain to the Ghost container.
The text was updated successfully, but these errors were encountered: