ASUSTOR Community Forum

[luke_nukem]

It seems there is a dedicated init service running and the Web UI calls a few functions in libservice to start a daemon named myhttpd with the sole purpose of redirecting the 90 and 443 ports when they are not being used by apache.

This is absolutely annoying and resulted in me having to stick a kludge in the docker init script to hunt and kill the processes using those ports before starting docker so that my container could use those ports.

It would be nice to be able to stop this redirection via an option in the ADM UI.

[Faldorn]

+1

Very annoying on my 5304T running ADM 3.4.6.RDF3

[april]

+1
I can't get the Traefik docker set up because of this.

[asustor]

1+ This is a must

[davidaga]

Any update on this one? I would really like to be able to use port 80 and 443 Nextcloud.

[father.mande]

Hi,

Even nextcloud is exactly the type of application where docker add problems ... as in any case, when it's so easy to use directly nextcloud ... on N.A.S. (but it's not the subject and anyone do what he want on its own NAS)

You can ask Asustor and wait, or use workaround during time you wait for a response .
ex.
1 for customer not consumer : change docker to use macvlan and create a separate I.P. address (DHCP or fixed for a server) ... so port are now not shared by A.D.M. and applications in container.
... kernel module is provide by Asustor, need just to validate promiscuous mode and configure container network (simple except if you use docker without the minimum knowledge about it ... as a consumer)

2 for basic Linux admin : set Apache web server in N.A.S. to use port 80 and 443 (default) (so myhttpd server will be off)
... configure redirection (rewrite mode) as any proxy to localhost:port attributed to nextcloud (eventually to force moving to HTTPS only) ... this is documented in nextcloud

ANOTHER possibility is : stop using port 80 ... it's not secure EVEN connected in a docker container ... certificate are easy to get to use now only HTTPS ... then use a private port for nextcloud ... so only user able to know it can use it ... no reason to keep default except opening your NAS to any attack / malware / ransomware or data violation ...

Philippe.

[_evilpanda_]

I've tried the macvlan on docker method but even on a seperate IP it still triggers the httpd process to forward any port 80 queries.

At the moment I'm having to manually kill this process before I can install/activate an alternate web server - can anyone share some script ideas/workarounds etc that have been working for you in the meantime? Is there a way to kill this on docker init? If so, could anyone help a noob like myself on how to set this up as a script?

And is there anywhere else we can request this feature from Asustor? Seems like a lot of people have had problems with this issue (for years) and it hasn't really progressed. It shouldn't be unreasonable for users to want to use an alternate to the ADM web server given things like Docker etc.

[father.mande]

Hi,

I can't help you (I don't use docker) ... I can only speak about macvlan, because I use it in a container (build with kernel namespace as docker initially but without hidden things)
macvlan generate a different I.P. and a different host configured using namespace net and uts .
... so it's like a sort of virtualization more independent that current namespace (pid, mnt, ipc, pid_for_children, etc.) NOT all used by docker in basic configuration

if an application run in a container with separate MAC Address (macvlan) and separate net and hostname ... the port list is attached to the container and NOT and TOTALLY different of port used in A.D.M.
... so calling nextcloud using the I.P. generate in container and with port 80 (free in container if you don't launch another server) CAN'T ACCESS THE A.D.M. port list even port 80 is in used.
... AND this work as well on AS5002T for ex.

So you must first try to understand if macvlan configuration is correct
... verify promisc mode
... verify that network in container is correctly generate and not keep the host network (default)
... ... take care to use ip tools supporting netns command ... A.D.M. have a reduced version ... but I suppose docker have a correct one (or use Entware version)
... verify that I.P. is correctly done by the DHCP server (if you don't use static) and visible (ex use nmap)

... last in a container with macvlan you can suppress a second Ethernet ... if generated by docker (ex. for using host network) and replace it by an veth link between A.D.M. and container, because lot of Ethernet board don't accept loop access from two internal I.P. (A.D.M. and macvlan) ...

THIS is not a solution for the A.D.M. usage of ports ... so calling Asustor is always the best approach.
BUT sure your macvlan configuration is not correct if you continue to access you application using AD.M. I.P. and port ???

Philippe.

[cutedrake]

I'm also annoyed by this problem, being unable to make Traefik properly reverse proxy the NAS webserver. Asus guys please fix that!