Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow specifying ip to bind to #125

Closed
nbebout opened this issue Nov 9, 2017 · 11 comments
Closed

Allow specifying ip to bind to #125

nbebout opened this issue Nov 9, 2017 · 11 comments
Labels
enhancement

Comments

@nbebout
Copy link

nbebout commented Nov 9, 2017

I saw where you added the ability to specify what port. I would appreciate having a way to specify a specific IP to bind to. I currently edit docker-compose.yml each time I upgrade to add ip: before the 80:80 and 443:443 lines. It would be nice if I could configure this so it is automatically put back when I upgrade
@kspearrin
Copy link
Member

Can you share the syntax for that?

@nbebout
Copy link
Author

nbebout commented Nov 9, 2017

in the nginx section -
ports:
- '99.99.99.99:80:80'
- '99.99.99.99:443:443'

With 99.99.99.99 replaced by the real ip I want it to listen on

@kspearrin
Copy link
Member

OK, we'll look into preserving those values in a future update.

@teepox
Copy link

teepox commented Dec 7, 2017

I might even suggest having this as a configuration option in the setup wizard.

@kspearrin
Copy link
Member

We now support creating a docker-compose.override.yml file in the ./bwdata/docker directory. Would this suffice in allowing you to override the ip bindings without the installer resetting it each time?

@shartge
Copy link

shartge commented Apr 30, 2018
edited

Using docker-compose.override.yml does not work in this case.

Its contents are merged with the default docker-compose.yml and do not overwrite the settings from there.

So if I add something like this

version: '3'
services:
  nginx:
    ports:
      - '198.51.100.23:9443:8443'

into docker-compose.override.yml, the nginx container fails to start, because the docker-proxy will first listen on 0.0.0.0:9443 and when then binding to 198.51.100.23:9443 you get an error because there is already a process listening on that port.

The name "override file" is very misleading here, as you can't override anything, just add stuff. See docker/compose#3729 for more information.

In my opinion the quickest short term solution would be to add something like "Parameter: ListenIP" for bitwarden-setup to use.

@kspearrin
Copy link
Member

DockerComposeBuilder already takes parameters for

# Parameter:HttpPort={HttpPort}
# Parameter:HttpsPort={HttpsPort}

  nginx:
    image: bitwarden/nginx:{CoreVersion}
    container_name: bitwarden-nginx
    restart: always
    ports:");

                if(HttpPort != default(int))
                {
                    sw.Write($@"
      - '{HttpPort}:8080'");
                }

                if(HttpsPort != default(int))
                {
                    sw.Write($@"
      - '{HttpsPort}:8443'");
                }

But it parses those params as ints only. So I think we can just change that to string parsing and it will work to specify an IP too.

@shartge
Copy link

shartge commented May 13, 2018

But it parses those params as ints only. So I think we can just change that to string parsing and it will work to specify an IP too.

Sure. Whatever makes your life easier. The result will be the same for existing setups.

If you want to be extra secure maybe check if it really is just IP:port or IPv6:port and not something evil.

@RobinReinecke
Copy link

Using docker-compose.override.yml does not work in this case.

Its contents are merged with the default docker-compose.yml and do not overwrite the settings from there.

So if I add something like this

version: '3'
services:
  nginx:
    ports:
      - '198.51.100.23:9443:8443'

into docker-compose.override.yml, the nginx container fails to start, because the docker-proxy will first listen on 0.0.0.0:9443 and when then binding to 198.51.100.23:9443 you get an error because there is already a process listening on that port.

The name "override file" is very misleading here, as you can't override anything, just add stuff. See docker/compose#3729 for more information.

In my opinion the quickest short term solution would be to add something like "Parameter: ListenIP" for bitwarden-setup to use.

Does this solution work with the current version now? Or is there already another way to give the container a fixed IP?

@Aaron-Ritter Aaron-Ritter mentioned this issue Jan 5, 2020
Closed
@blacklight
Copy link

A few years down the line - has this feature been implemented, or is there a viable workaround?

Right now running bitwarden.sh rebuild rewrites the docker-compose.yml, and none of the provided overrides/workarounds to preserve the bind addresses seem to work.

In my case, I already have an nginx instance running on the server, so I use the existing instance to proxy to http://localhost:<docker-port>. The problem is that, with no viable solutions to ensure that the docker-compose.yml isn't overwritten to bind to everything, and with all the known issues that comes when you apply iptables rules to filter traffic towards a Docker pod, I don't have many options to restrict traffic on that port.

@altodd
Copy link

altodd commented Nov 12, 2023

Sorry to revive an old thread, but I too would really like to bind a specific IP, would be really helpful for servers with multiple IP's. I spent a while trying to figure out how to do this, I see you can add IP to the port and have the docker compose fixed on update but the run script still has to be manually fixed for certbot unless I'm missing something. Don't see the environment variable from the mentioned issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@blacklight @nbebout @shartge @kspearrin @RobinReinecke @altodd @teepox