Reserve Docker port on IANA #1440

Closed
spkane opened this Issue Aug 7, 2013 · 69 comments

Projects

None yet
@spkane
Contributor
spkane commented Aug 7, 2013

The current docker port conflicts with the Crashplan software. Please reserve a port on IANA for docker.

@keeb
Contributor
keeb commented Aug 7, 2013

Pull requests accepted!

@crosbymichael
Member

What would we change the port to?

Do you think this would turn into a never ending battle if we had to change the ports for specific setups?

On Aug 7, 2013, at 5:57 AM, Nick Stinemates notifications@github.com wrote:

Pull requests accepted!


Reply to this email directly or view it on GitHub.

@titanous
Contributor
titanous commented Aug 7, 2013
@weisjohn
weisjohn commented Aug 7, 2013

I had this issue, as well. I turned off CrashPlan and everything was fine.

@jpetazzo
Contributor
jpetazzo commented Aug 7, 2013

+1 about picking up a free port and registering with IANA.
The whole 42XX range is taken (
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=80
)
We could pick one port in those:
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=unassigned

On Wed, Aug 7, 2013 at 7:05 AM, John Weis notifications@github.com wrote:

I had this issue, as well. I turned off CrashPlan and everything was fine.


Reply to this email directly or view it on GitHubhttps://github.com/dotcloud/docker/issues/1440#issuecomment-22253390
.

@crosbymichael
Member

+1

I think this is something we will want to do in 1.0

On Aug 7, 2013, at 7:55 AM, Jérôme Petazzoni notifications@github.com wrote:

+1 about picking up a free port and registering with IANA.
The whole 42XX range is taken (
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=80
)
We could pick one port in those:
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=unassigned

On Wed, Aug 7, 2013 at 7:05 AM, John Weis notifications@github.com wrote:

I had this issue, as well. I turned off CrashPlan and everything was fine.


Reply to this email directly or view it on GitHubhttps://github.com/dotcloud/docker/issues/1440#issuecomment-22253390
.


Reply to this email directly or view it on GitHub.

@spkane
Contributor
spkane commented Aug 7, 2013

+1
I agree, that picking an unassigned port and registering it is the best approach, and the reason, I didn't just submit a pull request with a random change that "worked for me".

The IANA Port application form is here: http://www.iana.org/form/ports-services

and it would likely make most people's lives earlier to settle on the final port earlier, rather than later. I'd be happy to help out with this.

To work around the issue for the moment, I did modify one line in my Vagrantfile for the moment just so the vagrant box would come up and was basically working.
config.vm.forward_port 4243, 14243

@calavera
Contributor
calavera commented Aug 7, 2013

My favorites on that list of unassigned are:

100
787
1001

On Wednesday, August 7, 2013 at 8:34 AM, Sean P. Kane wrote:

I agree, that picking an unassigned port and registering it is the best approach, and the reason, I didn't just submit a pull request with a random change that "worked for me".
The IANA Port application form is here: http://www.iana.org/form/ports-services
and it would likely make most people's lives earlier to settle on the final port earlier, rather than later. I'd be happy to help out with this.
To work around the issue for the moment, I did modify one line in my Vagrantfile for the moment just so the vagrant box would come up and was basically working.

config.vm.forward_port 4243, 14243


Reply to this email directly or view it on GitHub (#1440 (comment)).

@crosbymichael
Member

ping @shykes

@spkane
Contributor
spkane commented Aug 7, 2013

We will want to keep the port between 1024 and 49151. Things below 1025 are reserved for official protocols, and ports above 49150 are dynamic and never assigned.

@creack
Contributor
creack commented Aug 7, 2013

Indeed, as we didn't exclude the non-root usage of docker, it would be better to have port > 1024. I like the 2375-2380 range.

@shykes
Contributor
shykes commented Aug 8, 2013

+1 on >1024. What's the process for registering an IANA port?

On Wed, Aug 7, 2013 at 4:15 PM, Guillaume J. Charmes <
notifications@github.com> wrote:

Indeed, as we didn't exclude the non-root usage of docker, it would be
better to have port > 1024. I like the 2375-2380 range.


Reply to this email directly or view it on GitHubhttps://github.com/dotcloud/docker/issues/1440#issuecomment-22291569
.

@titanous
Contributor
titanous commented Aug 8, 2013

@shykes Read the linked RFCs then fill out this form: https://www.iana.org/form/ports-services

@vieux
Member
vieux commented Aug 15, 2013

@shykes any news on this ?

@metalivedev
Contributor

Is this relevant anymore now that we listen on a Unix socket by default?

@justone
Contributor
justone commented Aug 17, 2013

It would be nice to reserve a port for those times when TCP is used. How about 42042? 😉

@crosbymichael
Member

I updated the title and description so that this can be completed.

@crosbymichael
Member

@shykes I'm guessing this is something we need to do soon....

@shykes
Contributor
shykes commented Nov 27, 2013

+1.


Sent from Mailbox for iPhone

On Wed, Nov 27, 2013 at 1:57 PM, Michael Crosby notifications@github.com
wrote:

@shykes I'm guessing this is something we need to do soon....

Reply to this email directly or view it on GitHub:
#1440 (comment)

@creack
Contributor
creack commented Jan 9, 2014

ping @shykes

@shykes
Contributor
shykes commented Jan 24, 2014

If someone wants to volunteer and do this, let me know. Otherwise we will schedule for sometime before 1.0.

@liljenstolpe

On 24 Jan 2014, at 15:57, Solomon Hykes wrote:

If someone wants to volunteer and do this, let me know. Otherwise we
will schedule for sometime before 1.0.

I can do it.

Christopher

Reply to this email directly or view it on GitHub:
#1440 (comment)

李柯睿
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf

@liljenstolpe

I can fill this out. A couple of things:

  1. It would be good if there was an e-mail address (say iana@docker.io) so that my personal address isn't in the request. Not that I mind, but it may be nice if there is an address that is always pointing at someone who can answer questions.

  2. I am going to try to grab one of the 2375-2380 range, as it's the only suggestion here in a useful range 1024 < x > 49150.

@jamtur01
Contributor

Ah - I should have updated - I'll setup an email address etc.

@jamtur01
Contributor

Sorry - I meant I'll do a contact address rather than the application @liljenstolpe - sorry for the confusion. Give me ten ticks to find the right address.

@jamtur01
Contributor

Okay - if you could use support@docker.io - that'd be awesome.

@liljenstolpe

Ok. I'll file this weekend. Two questions I'm not sure I have the immediate answers to:

  1. How are we supporting versioning in the protocol
  2. Security - are we using TLS, mandatory or negotiated?
@creack
Contributor
creack commented Jan 25, 2014
  1. We are using a HTTP REST API at the moment, the version is handled by the URL, not by the port.
  2. We do not have (yet) SSL/TLS. But it should come soon
@creack
Contributor
creack commented Jan 25, 2014

(btw, I like your choice :))

@liljenstolpe

Yup - figured that out the minute I looked at the API docs - helps if I RTFM'd first, wouldn't it.

On the security side, should we ask for two ports, then, one for SSL/TLS and one for !SSL/TLS?

@creack
Contributor
creack commented Jan 25, 2014

the 2375-2380 range is 6 ports. We'll have plenty enough for plain text, ssl, monitoring, introspection and more if needed. I don't think ssl/non-ssl needs to be so far apart like 80/443.

@liljenstolpe

Agreed, however, I can't really request a range. I was thinking 2375 for plain text, and 2376 for SSL. We can always go back to the well for more if we need.

@liljenstolpe

Two requests lodged

  1. 2375 - DOCKER
  2. 2376 - DOCKERS
@liljenstolpe

should hear within 14 days (usually should hear back much sooner)

@liljenstolpe

On 24 Jan 2014, at 17:03, James Turnbull wrote:

Okay - if you could use support@docker.io - that'd be awesome.


Reply to this email directly or view it on GitHub:
#1440 (comment)

It's there support@docker.io is the assignee, I'm the requester.
Assignee trumps requester if there's ever a discussion :)

Christopher

李柯睿
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf

@jamtur01
Contributor

Neat! You're awesome @liljenstolpe

@bfirsh
Contributor
bfirsh commented Jan 25, 2014

To paint a bikeshed... I rather like 2378 and 2379 for their ease of typing. 2375/2376 is a bit more awkward to type.

@shykes
Contributor
shykes commented Jan 25, 2014

From a security standpoint it would be nice to get a <1024. That would
allow us to connect to a remote machine and assume "this is the docker
service exposed by this machine's administrator" as opposed to "whichever
non-privileged user had the idea to listen on this port, possibly to sniff
for credentials or activity patterns etc".

On Fri, Jan 24, 2014 at 5:32 PM, Ben Firshman notifications@github.comwrote:

To paint a bikeshed... I rather like 2378 and 2379 for their ease of
typing. 2375/2376 is a bit more awkward to type.


Reply to this email directly or view it on GitHubhttps://github.com/dotcloud/docker/issues/1440#issuecomment-33277404
.

@shykes
Contributor
shykes commented Jan 25, 2014

But I have no idea if it's even possible to get a <1024 these days.

@liljenstolpe

You can get one, but we would have to submit something to the IETF standards track. Since we are a REST API, I'm not sure how we can do that, I'm not even sure which WG I would take it to.

In short, it is possible, but in reality, not really, especially for this use case.

@liljenstolpe

No bikeshed painting allowed, @bifrsh :)

@liljenstolpe

I'll close the ticket once I get the confirmation of assignment.

@liljenstolpe

Just to heart=beat this - the request has been sent to the IESG for expert review. We should hear something soon.

@vieux
Member
vieux commented Feb 24, 2014

@liljenstolpe thanks for the update!

@EronWright EronWright referenced this issue in kpelykh/docker-java Mar 14, 2014
Closed

Support for TCP port 2375/2376 #35

@gthiruva

@liljenstolpe Just looked at the IANA ticket status and it looks like both tickets are in the "With Requestor" status, which from their site means "IANA is waiting for a response from the applicant (requester)." I guess they're waiting for some info from you?

@toddsampson

Any word on this? I'm running into conflicts on all our machines running Crashplan as well.

@Yggdrasil

Is this still on track for 1.0?

I believe it should be a requirement to have a proper reserved port for a 1.0 release, so that tooling that builds on docker can start using the correct port from the first production-ready release. If there's anything I can do to help make this happen...

@spkane
Contributor
spkane commented May 9, 2014

@liljenstolpe Any word on the status?

@creack creack modified the milestone: 1.1, 1.0 May 12, 2014
@joncooper

+1

@spkane
Contributor
spkane commented May 28, 2014

@shykes It would be great to get this baked into the 1.0 release, instead of waiting until 1.1 if that is still possible.

@timsutton timsutton referenced this issue in mitchellh/vagrant May 30, 2014
Closed

Docker provider fails if port 4243 is taken #3773

@robparrott

Continuing to see CrashPlan port conflicts ....

@jamtur01
Contributor
jamtur01 commented Jun 2, 2014

@robparrott Well we haven't changed the port number so that's to be expected.

@neurogenesis

this thread started Aug 2013. many thanks to @liljenstolpe to getting the ball rolling. to be production-ready, you must have IANA ports. looks like this has been approved, as linked above, so looking forward to a port change in the near future.

@vieux
Member
vieux commented Jun 3, 2014

@jamtur01 @SvenDowideit there is no default value in the code anymore (since a few month), so nothing to change on that side. Could you make a PR to update the docs please ?

@shykes
Contributor
shykes commented Jun 3, 2014

@crosbymichael @vieux @unclejack can we add this to the 1.0 milestone?

@shykes
Contributor
shykes commented Jun 3, 2014

good point @vieux. We might need to change settings in boot2docker also.

@vieux vieux modified the milestone: 1.0, 1.1 Jun 3, 2014
@crosbymichael
Member

@shykes yep, This is more of a docs and b2d issue. There is nothing to change in the docker codebase because our default is a unix socket.

@crosbymichael
Member

ping @SvenDowideit

Can you update b2d setup to use the new port?

@jamtur01
Contributor
jamtur01 commented Jun 3, 2014

I'll look at the docs.

@SvenDowideit
Collaborator

awesome!

@vieux
Member
vieux commented Jun 3, 2014

@jamtur01 any update on this ? Thanks.

@jamtur01
Contributor
jamtur01 commented Jun 3, 2014

Little busy. :) Will get to it this afternoon.

@SvenDowideit SvenDowideit added a commit to SvenDowideit/docker that referenced this issue Jun 3, 2014
@SvenDowideit SvenDowideit IANA allocated Docker port: 2375
2375/2376 are assigned:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker

For #1440

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
c572eb2
@SvenDowideit
Collaborator

@jamtur01 @vieux I've made the docs PR, more to come (in other PRs) I expect

@SvenDowideit SvenDowideit added a commit to SvenDowideit/docker that referenced this issue Jun 3, 2014
@SvenDowideit SvenDowideit IANA allocated Docker port: 2375
2375/2376 are assigned:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker

For #1440

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
5febba9
@SvenDowideit SvenDowideit referenced this issue in boot2docker/boot2docker Jun 3, 2014
Merged

IANA allocated Docker port: 2375 #378

@unclejack
Contributor

@SvenDowideit Is there anything left to do for this issue?

@jamtur01
Contributor
jamtur01 commented Jun 4, 2014

Should be closed in favor of #6181.

@jamtur01 jamtur01 closed this Jun 4, 2014
@vishh vishh added a commit to vishh/docker that referenced this issue Jun 4, 2014
@SvenDowideit @vishh SvenDowideit + vishh IANA allocated Docker port: 2375
2375/2376 are assigned:
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=docker

For #1440

Docker-DCO-1.1-Signed-off-by: SvenDowideit <SvenDowideit@home.org.au> (github: SvenDowideit)
3bb2f7e
@SvenDowideit
Collaborator

yes, I have a stack more b2d stuff to deal with :) but Docker is golden :)

@liljenstolpe

On 2 Jun 2014, at 18:46, ives wrote:

this thread started Aug 2013. many thanks to @liljenstolpe to getting
the ball rolling. to be production-ready, you must have IANA ports.
looks like this has been approved, as linked above, so looking forward
to a port change in the near future.

Welcome


Reply to this email directly or view it on GitHub:
#1440 (comment)

李柯睿
Avt tace, avt loqvere meliora silentio
Check my PGP key here: http://www.asgaard.org/cdl/cdl.asc
Current vCard here: http://www.asgaard.org/cdl/cdl.vcf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment