Custom App - httpPort not being proxied
-
I'm working on an XMPP Custom App and having issues with
httpPort. The manifest page explains the app should serve HTTP on this port, and that Cloudron will handle the HTTPS proxying.In my app, I have HTTP set to 5280, and the health check is /host_status_check (using a prosody module to serve a health check endpoint). This works fine internally and the app reports healthy upon starting up.
However, HTTP is also being used for other things, and should be proxied as HTTPS and made available outside my container and cloudron server.
Using telnet from outside my cloudron instance I can see that all attempts to connect on 5280 (both HTTP and HTTPS) are timing out.
I see no firewall rules allowing 5280, even though my app manifest has it set as
httpPort.I see packets being dropped:
kernel: Packet dropped: IN=eth0 OUT= MAC=... SRC=home_laptop DST=cloudron_server LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=53262 DF PROTO=TCP SPT=34354 DPT=5280 WINDOW=64240 RES=0x00 SYN URGP=0What do I need to change?
-
D djxx referenced this topic
-
Hi @djxx,
that sounds like a slight misconception about the httpPort attribute. The value basically tells Cloudron that when it receives a request for that app on port 443, so e.g. you open
https://yourapp.cloudron.demo, then this request will be proxied to the port specified in the attribute.If your app requires port 5280 to be open, then rather https://docs.cloudron.io/packaging/manifest/#tcpports is the value you are looking for.
-
Hi @djxx,
that sounds like a slight misconception about the httpPort attribute. The value basically tells Cloudron that when it receives a request for that app on port 443, so e.g. you open
https://yourapp.cloudron.demo, then this request will be proxied to the port specified in the attribute.If your app requires port 5280 to be open, then rather https://docs.cloudron.io/packaging/manifest/#tcpports is the value you are looking for.
@fbartels Thanks for your reseponse. That's interesting. It may be helpful for the documentation to explicitly state that the HTTP port will be wrapped in HTTPS and served on the standard 443 port.
In any case, I'm a bit confused on how to proceed. The app typically uses 5280 for HTTP and 5281 for HTTPS. I do already have these TCP Ports defined, but I don't see any firewall rules getting added to allow them. Any ideas?
-
Are those ports also enabled in your installed app instance? The firewall should be configured as such if they are enabled.
@nebulon Oh man... I'm not sure how that happened. I don't recall disabling them. Thanks for pointing out the obvious thing to check.
In my testing I removed these TCP ports from the configuration, did an update, then put them back, and did an update again. Could that have caused them to get disabled?
-
When you update, additional ports are disabled by default . Mostly as a security measure so that admin knows that those ports are getting opened / have to be opened up in any cloud firewall. When you install afresh, you get a UI to select at installation time.
-
When you update, additional ports are disabled by default . Mostly as a security measure so that admin knows that those ports are getting opened / have to be opened up in any cloud firewall. When you install afresh, you get a UI to select at installation time.
-
N nebulon marked this topic as a question
-
N nebulon has marked this topic as solved
