-
-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
quickstart script support custom ports and ssl certificates #1410
Conversation
Hello @jiangslee, thank you so much for the contribution; we really appreciate the work you are doing for the community. Regarding the required custom port input, we should keep them optional for now; perhaps we can use a flag like This is causing the issue with github workflow: 2023-12-27T19:23:11.1641432Z ++ echo -n 'Enter the http port you want to use for NetBird (e.g. 80): '
2023-12-27T19:23:11.1642880Z Enter the http port you want to use for NetBird (e.g. 80): ++ read -r READ_NETBIRD_HTTP_PORT
2023-12-27T19:23:11.1644452Z infrastructure_files/getting-started-with-zitadel.sh: line 437: /dev/tty: No such device or address
2023-12-27T19:23:11.1645629Z ++ check_nb_http_port ''
2023-12-27T19:23:11.1646239Z ++ HTTP_PORT=
2023-12-27T19:23:11.1646735Z ++ '[' -x == -x ']'
2023-12-27T19:23:11.1647448Z ++ echo 'The NETBIRD_HTTP_PORT variable cannot be empty.'
2023-12-27T19:23:11.1648369Z The NETBIRD_HTTP_PORT variable cannot be empty.
2023-12-27T19:23:11.1649359Z ++ return 1
2023-12-27T19:23:11.1649833Z ++ read_nb_http_port
2023-12-27T19:23:11.1650447Z ++ READ_NETBIRD_HTTP_PORT=
2023-12-27T19:23:11.1651328Z ++ echo -n 'Enter the http port you want to use for NetBird (e.g. 80): '
2023-12-27T19:23:11.1653023Z Enter the http port you want to use for NetBird (e.g. 80): ++ read -r READ_NETBIRD_HTTP_PORT
2023-12-27T19:23:11.1654770Z infrastructure_files/getting-started-with-zitadel.sh: line 437: /dev/tty: No such device or address
2023-12-27T19:23:11.1655867Z ++ check_nb_http_port ''
2023-12-27T19:23:11.1656403Z ++ HTTP_PORT=
2023-12-27T19:23:11.1657027Z ++ '[' -x == -x ']'
2023-12-27T19:23:11.1657701Z ++ echo 'The NETBIRD_HTTP_PORT variable cannot be empty.'
2023-12-27T19:23:11.1658644Z The NETBIRD_HTTP_PORT variable cannot be empty.
2023-12-27T19:23:11.1659361Z ++ return 1 |
@mlsmaycon Thanks for taking the time to review and reply, NETBIRD_INTERATIVE_MODE=true, that's a good idea, I think I'll improve it. |
Steps:
操作步骤:
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @jiangslee for the changes and the time you are investing on this.
I've make some suggestions and requests. The main point is that these changes should be optional and only requested if the user wants to by setting the NETBIRD_INTERACTIVE_MODE.
Regarding port 8080, it was a left over from the initial setup and can be removed.
initEnvironment() { | ||
CADDY_SECURE_DOMAIN="" | ||
ZITADEL_EXTERNALSECURE="false" | ||
ZITADEL_TLS_MODE="disabled" | ||
ZITADEL_MASTERKEY="$(openssl rand -base64 32 | head -c 32)" | ||
NETBIRD_PORT=80 | ||
NETBIRD_HTTP_PROTOCOL="http" | ||
TURN_USER="self" | ||
TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g') | ||
TURN_MIN_PORT=49152 | ||
TURN_MAX_PORT=65535 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's set default ports to be used when the user is not using the interactive mode.
@@ -527,6 +624,10 @@ renderCaddyfile() { | |||
} | |||
} | |||
|
|||
$NETBIRD_DOMAIN { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the effect of this setting? Does caddy will look for the certificates if none is provided? Does it fail? I think this block should be optional.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this should be optional. I will see how to change it to optional. Thanks.
- '8080:8080' | ||
- '$NETBIRD_PORT:443' | ||
- '$NETBIRD_HTTP_PORT:80' | ||
- '$NETBIRD_8080_PORT:8080' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be removed, it is probably a leftover
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I will remove it.
Co-authored-by: Maycon Santos <[email protected]>
I feel this PR is not a good solution for custom ports and custom ssl certificates. I hope other developers can provide better solutions. |
Dear jiangslee: [+] Running 3/3 Initializing Zitadel with NetBird's applications Waiting for Zitadel's PAT to be created . . . . done |
貌似需要公网服务器,公网机构签发的ssl证书和公网能访问的域名哦。 |
Dear jiangslee:
|
https://github.com/jiangslee/netbird/raw/6b603e7b28bf1fbc69ce9870666fbb520d480eaa/infrastructure_files/getting-started-with-zitadel.sh 最新的commit官方给了个加参数的建议,我还没时间折腾,另一个小伙伴也有个自定义端口号的PR,你也可以试试 #1464 |
According to the program you provided, the installation can be successful, but only the management container keeps restarting and reporting errors: “ |
安全组没有放行端口? 试试这个分支的一键部署文件? |
Based on the program you just sent, I tested it again and encountered the same issue. Port testing with the "nc" command confirms that the ports are open. |
If there's a senior developer who can provide the source code for installation instead of deploying it using containers, it would make problem-solving much easier. |
我刚新建了一个云服务器实例,可以一键部署。 要不你新建一个实例试试看?是不是你的环境有什么限制? I've just set up a new cloud server instance with a one-click deployment option. Would you like to try creating a new instance yourself? Perhaps there are some restrictions in your environment. 安全组放行端口参考: |
有个Q群可以交流一下Netbird,群号:677407258 |
Describe your changes
Ports 80, 8080, and 443 of our self-host server have been occupied, and deployment cannot be completed through the quickstart script.
This modification enables the script to support custom ports and SSL certificates, which solves the issue of #1408 #1267, but it feels not elegant enough.
Hope other developers can participate and continue to improve it.
I'm very sorry, my English is poor, so I used Google Translate.
Issue ticket number and link
#1408
#1267
Checklist