-
-
Notifications
You must be signed in to change notification settings - Fork 314
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Administrators that assign container a static IP can not change PORT with Docker Mappings #36
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
8443 is the upstream default port, not something we arbitrarily chose.
|
Lets say, idk I'm an crazy homelaber or enterprise who runs an IPS/IDS. Firewalls don't like seeing HTTP traffic on HTTPS ports. Not to claim you have security in mind when making the images. But Linux, an already highly secure operating system, and the people who work with it expect things to work certain ways following certain practices. The ones I'm most familiar with being the ISO27xxx series. I get it from the code maintainer POV, you just don't see it as required. From my POV, why have something work purposely against best practices and what the people using your images expect? At the very least, it's an issue of principle. At most, it causes many headaches for administrators who want something implemented properly to all best practices. |
Traditionally, you specify "-p PORT:PORT". Users that specify that the contrainer use a network connection that isn't HOST can not change the port from 8443. This is problematic for multiple reasons. First, 8443 is the HTTPS alternate port, not HTTP. As this is HTTP only traffic, port 80 or 8080 should be used. I understand that multiple docker containers may want to use those ports, but that isn't an excuse. Reguardless if the traffic is put behind a reverse proxy, there needes the be the option for us to change the port the service runs on without having to put it behind an additional proxy.
The text was updated successfully, but these errors were encountered: