geonode icon indicating copy to clipboard operation
geonode copied to clipboard
verified publisher icon GeoNode

Changing HTTP_PORT to a value different from 80 is not working [SOLVED]

Open Inogeo opened this issue 3 years ago • 1 comments

Expected Behavior

Changing the following content in the main .env file:

# #################
# nginx
# HTTPD Server
# #################
GEONODE_LB_HOST_IP=example.com
GEONODE_LB_PORT=80

# IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
# port where the server can be reached on HTTPS
HTTP_HOST=example.com
HTTPS_HOST=

HTTP_PORT=80
HTTPS_PORT=443

to

# #################
# nginx
# HTTPD Server
# #################
GEONODE_LB_HOST_IP=example.com
GEONODE_LB_PORT=80

# IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
# port where the server can be reached on HTTPS
HTTP_HOST=example.com
HTTPS_HOST=

HTTP_PORT=8080
HTTPS_PORT=443

Should make the page available at example.com:8080 with a properly configured firewall.

Actual Behavior

The site is unreachable: "Connection reset by peer".

Steps to Reproduce the Problem

  1. Change the .env file
  2. Run docker-compose up
  3. Try to load the geonode landing page

Specifications

  • GeoNode version: 3.3 (Released in Feb. 2022)
  • Installation method (manual, GeoNode Docker, SPCGeoNode Docker): Docker
  • Platform: Centos7

Inogeo avatar Apr 04 '22 15:04 Inogeo

Proposed fix:

In docker-compose.yml file (check HERE ) replace the following :

    ports:
      - "${HTTP_PORT}:80"
      - "${HTTPS_PORT}:443"

by

    ports:
      - "${HTTP_PORT}:${HTTP_PORT}"
      - "${HTTPS_PORT}:443"

example.com:8080 is now reachable

Inogeo avatar Apr 04 '22 15:04 Inogeo

I do not think this fixes the issue. NGINX would still listen on ${HTTP_PORT} instead of port 80:

https://github.com/GeoNode/geonode/blob/7e025d8ae41f3f0aa70ec246a19d28f63caaa07a/scripts/docker/nginx/nginx.conf.envsubst#L25

This means that NGINX port 80 is exposed externally as ${HTTP_PORT}, but the connection would fail because NGINX is listening on port ${HTTP_PORT}.

I would suggest to not change internal ports, or to have them depending on a variable. I see no reason to do that.

This issue is open, but flagged as [SOLVED].

frafra avatar Nov 22 '22 13:11 frafra

There should be no reference to ${HTTP_PORT} or ${HTTPS_PORT} under scripts/docker/nginx.

Here are the offenders:

grep -Pr '\${?HTTPS?_PORT}?' scripts/docker/nginx/
scripts/docker/nginx/nginx.conf.envsubst:        listen              $HTTP_PORT;
scripts/docker/nginx/nginx.conf.envsubst:        listen          $HTTP_PORT default_server;
scripts/docker/nginx/nginx.conf.envsubst:        listen          $HTTPS_PORT;
scripts/docker/nginx/nginx.https.available.conf.envsubst:    listen              $HTTPS_PORT ssl;
scripts/docker/nginx/docker-entrypoint.sh:if [ -z "${HTTP_PORT}" ]; then
scripts/docker/nginx/docker-entrypoint.sh:if [ -z "${HTTPS_PORT}" ]; then
scripts/docker/nginx/docker-entrypoint.sh:envsubst '\$HTTP_PORT \$HTTPS_PORT \$HTTP_HOST \$HTTPS_HOST \$RESOLVER' < /etc/nginx/nginx.conf.envsubst > /etc/nginx/nginx.conf
scripts/docker/nginx/docker-entrypoint.sh:envsubst '\$HTTP_PORT \$HTTPS_PORT \$HTTP_HOST \$HTTPS_HOST \$RESOLVER' < /etc/nginx/nginx.https.available.conf.envsubst > /etc/nginx/nginx.https.available.conf
scripts/docker/nginx/docker-entrypoint.sh:envsubst '\$HTTP_PORT \$HTTPS_PORT \$HTTP_HOST \$HTTPS_HOST \$JENKINS_HTTP_PORT' < /etc/nginx/sites-enabled/geonode.conf.envsubst > /etc/nginx/sites-enabled/geonode.conf

frafra avatar Nov 22 '22 13:11 frafra