Closed RavHilton closed 1 month ago
I'm having the same issue. Any news about this? @RavHilton Caddy is part of container's image.
UPDATE
Ok for now i have find one solution to this issue. It seems the problem is that the headscale-ui container's image, which is based on Alpine Linux, return an error if you try to bind the ports to 80 or 443. If you try any port >1024 like 8080 and 4443 for example it will works.
So edit this setting file in
/var/lib/docker/containers/
and change the ports in this section:
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"PROJECT_NAME=headscale-ui",
"PROJECT_URL=https://github.com/gurucomputing/headscale-ui",
"HTTP_PORT=80", <--- change this to 8080 (for example)
"HTTPS_PORT=443" <--- change this to 4443 (for example)
],
After this mod, restart the docker service with sudo systemctl restart docker
and start again the container. Now it should work.
I'm having the same issue. Any news about this? @RavHilton Caddy is part of container's image.
UPDATE
Ok for now i have find one solution to this issue. It seems the problem is that the headscale-ui container's image, which is based on Alpine Linux, return an error if you try to bind the ports to 80 or 443. If you try any port >1024 like 8080 and 4443 for example it will works.
So edit this setting file in
/var/lib/docker/containers/*/config.v2.json
and change the ports in this section:
"Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PROJECT_NAME=headscale-ui", "PROJECT_URL=https://github.com/gurucomputing/headscale-ui", "HTTP_PORT=80", <--- change this to 8080 (for example) "HTTPS_PORT=443" <--- change this to 4443 (for example) ],
After this mod, restart the docker service with
sudo systemctl restart docker
and start again the container. Now it should work.
The container itself can handle binding to sub 1024 ports, but some host operating systems will block that even for docker containers.
Next release (likely when the next version of headscale fully releases, as this project is in maintenance mode) will default the ENV variable to a 8080/8443.
Running on Docker on Synology DSM 7.2 (current). Headscale is working perfectly well, but this is the log output of Headscale-UI
Starting Caddy INF ts=1717635812.6926944 msg=using provided configuration config_file=/data/Caddyfile config_adapter=caddyfile INF ts=1717635812.6965566 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"] INF ts=1717635812.6968207 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc00080a580 WRN ts=1717635812.69721 logger=http.auto_https msg=server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server server_name=srv1 http_port=80 INF ts=1717635812.6972358 logger=http.auto_https msg=server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS server_name=srv0 https_port=443 WRN ts=1717635812.6972427 logger=http.auto_https msg=automatic HTTP->HTTPS redirects are disabled server_name=srv0 WRN ts=1717635812.697454 logger=tls msg=YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place docs=https://caddyserver.com/docs/automatic-https#on-demand-tls INF ts=1717635812.6975815 logger=tls.cache.maintenance msg=stopped background certificate maintenance cache=0xc00080a580 Error: loading initial config: loading new config: http app module: start: listening on :443: listen tcp :443: bind: permission denied
Running on a dedicated mavclan IP address, so port 443 is most definitely not bound to anything else.
Here is my full compose.yaml...
services: headscale: image: headscale/headscale:0.22.3 container_name: headscale volumes:
9090:9090 command: headscale serve networks: default: ipv4_address: 10.24.20.93
headscale-ui: container_name: headscale-ui image: ghcr.io/gurucomputing/headscale-ui:latest restart: unless-stopped networks: default: ipv4_address: 10.24.20.94
networks: default: name: macvlan-br0 external: true