Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snap] Provide option to run on ports 80/443 #3154

Open
benfrancis opened this issue Aug 21, 2024 · 2 comments
Open

[Snap] Provide option to run on ports 80/443 #3154

benfrancis opened this issue Aug 21, 2024 · 2 comments
Labels
snap Issues relating to the snap package task
Milestone
2.0

Comments

@benfrancis
Copy link
Member

benfrancis commented Aug 21, 2024
edited
Loading

The default ports for the gateway application to serve an HTTP server on (configured in config/default.js) are 8080 and 4443, but when the current Raspbian-based image is built IP tables are configured to forward port 80 to 8080 and port 43 to 443. This is so the gateway application doesn't need to run as root in order to bind to ports 80 and 443.

In the snap package a simple daemon runs as root anyway, so we could just directly bind to port 80 and 443, but the snap needs to be told to do this.

We could either do this by:

  • Changing the default ports when building the snap package, so it takes effect for everyone who installs the snap
  • Implement a snap configuration so that a user can set the ports using snap set, and then set a different default using a gadget snap when generating a custom Ubuntu Core OS image
@benfrancis benfrancis converted this from a draft issue Aug 21, 2024
@benfrancis benfrancis added task snap Issues relating to the snap package labels Aug 21, 2024
@benfrancis benfrancis added this to the 2.0 milestone Aug 21, 2024
@benfrancis benfrancis moved this from Product Backlog to Sprint Backlog in WebThings Gateway Oct 17, 2024
@ogra1
Copy link
Contributor

ogra1 commented Oct 23, 2024

Have you considered simply doing the same raspbian does, ship a script as oneshot daemon in your snap, that configures iptables the same way as in raspian ? the firewall-control interface should provid all access you need and you'd only need to ship the respective userspace tools (i.e. iptables itself) in your snap ... that way you'd not need to battle with extra patches and the configuration would stay where it is (and be manageable through the existing tools that are already in use for this).

@benfrancis
Copy link
Member Author

benfrancis commented Dec 18, 2024
edited
Loading

@ogra1 How would I go about shipping the iptables binary and a "one shot daemon" as part of my snap? Do you have an example of something like that?

It might actually be nice for this to be configurable via snap set though, in case someone is installing the snap alongside other web apps which may have conflicting ports. E.g. like the nextcloud snap does.

Note to self, see:

IIRC the current mechanism to configure the ports the gateway binds to is a configuration file inside the config/ folder in the source directory, which would be immutable inside the built snap.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
snap Issues relating to the snap package task
Projects
WebThings Gateway
Status: Sprint Backlog
Milestone
2.0
Development

No branches or pull requests
2 participants
@benfrancis @ogra1