Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crashes upon boot and for some reason tries loading Caddy stuff - I'm not using Caddy #145

Open
RavHilton opened this issue Jun 6, 2024 · 2 comments
Open

Crashes upon boot and for some reason tries loading Caddy stuff - I'm not using Caddy #145

RavHilton opened this issue Jun 6, 2024 · 2 comments

Comments

@RavHilton
Copy link

Running on Docker on Synology DSM 7.2 (current). Headscale is working perfectly well, but this is the log output of Headscale-UI

Starting Caddy
INF ts=1717635812.6926944 msg=using provided configuration config_file=/data/Caddyfile config_adapter=caddyfile
INF ts=1717635812.6965566 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]
INF ts=1717635812.6968207 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc00080a580
WRN ts=1717635812.69721 logger=http.auto_https msg=server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server server_name=srv1 http_port=80
INF ts=1717635812.6972358 logger=http.auto_https msg=server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS server_name=srv0 https_port=443
WRN ts=1717635812.6972427 logger=http.auto_https msg=automatic HTTP->HTTPS redirects are disabled server_name=srv0
WRN ts=1717635812.697454 logger=tls msg=YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place docs=https://caddyserver.com/docs/automatic-https#on-demand-tls
INF ts=1717635812.6975815 logger=tls.cache.maintenance msg=stopped background certificate maintenance cache=0xc00080a580
Error: loading initial config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: permission denied

Running on a dedicated mavclan IP address, so port 443 is most definitely not bound to anything else.

Here is my full compose.yaml...

services:
headscale:
image: headscale/headscale:0.22.3
container_name: headscale
volumes:
- /volume1/docker/headscale/config:/etc/headscale/
- /volume1/docker/headscale/data:/var/lib/headscale
environment:
PUID: 1026
PGID: 100
TZ: Australia/Brisbane
restart: always
ports:
- 8080:8080
- 9090:9090
command: headscale serve
networks:
default:
ipv4_address: 10.24.20.93

headscale-ui:
container_name: headscale-ui
image: ghcr.io/gurucomputing/headscale-ui:latest
restart: unless-stopped
networks:
default:
ipv4_address: 10.24.20.94

networks:
default:
name: macvlan-br0
external: true
@graphixillusion
Copy link

graphixillusion commented Jul 4, 2024
edited
Loading

I'm having the same issue. Any news about this? @RavHilton Caddy is part of container's image.

UPDATE

Ok for now i have find one solution to this issue. It seems the problem is that the headscale-ui container's image, which is based on Alpine Linux, return an error if you try to bind the ports to 80 or 443. If you try any port >1024 like 8080 and 4443 for example it will works.

So edit this setting file in

/var/lib/docker/containers/*/config.v2.json

and change the ports in this section:

"Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "PROJECT_NAME=headscale-ui",
                "PROJECT_URL=https://github.com/gurucomputing/headscale-ui",
                "HTTP_PORT=80", <--- change this to 8080 (for example)
                "HTTPS_PORT=443" <--- change this to 4443 (for example)
            ],

After this mod, restart the docker service with sudo systemctl restart docker and start again the container. Now it should work.

@routerino
Copy link
Contributor

I'm having the same issue. Any news about this? @RavHilton Caddy is part of container's image.

UPDATE

Ok for now i have find one solution to this issue. It seems the problem is that the headscale-ui container's image, which is based on Alpine Linux, return an error if you try to bind the ports to 80 or 443. If you try any port >1024 like 8080 and 4443 for example it will works.

So edit this setting file in

/var/lib/docker/containers/*/config.v2.json

and change the ports in this section:

"Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "PROJECT_NAME=headscale-ui",
                "PROJECT_URL=https://github.com/gurucomputing/headscale-ui",
                "HTTP_PORT=80", <--- change this to 8080 (for example)
                "HTTPS_PORT=443" <--- change this to 4443 (for example)
            ],

After this mod, restart the docker service with sudo systemctl restart docker and start again the container. Now it should work.

The container itself can handle binding to sub 1024 ports, but some host operating systems will block that even for docker containers.

Next release (likely when the next version of headscale fully releases, as this project is in maintenance mode) will default the ENV variable to a 8080/8443.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@graphixillusion @routerino @RavHilton