fix: updating the examples to bind docker/podman 8080 only to localhost #39584
Conversation
closes: keycloak#39144 Signed-off-by: Steve Hawkins <shawkins@redhat.com>
There was a problem hiding this comment.
The requirement for -p 127.0.0.1:8080:8080 does seem a bit odd. From the docs:
If host IP is set to 0.0.0.0 or not set at all, the port is bound on all IPs on the host.
Should this rather be a Podman issue then?
Just a side note: on macOS that does seem to work as expected, and -p 8080:8080 binds correctly to localhost.
Why would you want to bind to all interfaces over http if only localhost will work correctly? Using any other interface will give you non-secure context warnings.
Given that the change seems benign for Docker, I don't see a reason for it to be Docker specific.
Are we worried about users who cling to such odd OSes? :) Can you clarify what is not working? Can you see what interface it actually is listening on, and are you on an ipv6 only machine or something? |
There was a problem hiding this comment.
Why would you want to bind to all interfaces over http if only localhost will work correctly? Using any other interface will give you non-secure context warnings.
Right, that is another problem. My original understanding was that we're adding 127.0.0.1 to make Podman bind it to localhost and that without it it doesn't work – which seemed to me like a bug actually. But if we actually want to limit it to bind it ONLY to localhost, that makes sense to me.
On the other hand it a bit clutters the example commands.
Given that the change seems benign for Docker, I don't see a reason for it to be Docker specific.
Did you meant "Podman specific"?
Are we worried about users who cling to such odd OSes? :)
Yeah, some of us are still using those. :D
Can you clarify what is not working?
That's the thing – it is working. :) I was just arguing adding 127.0.0.1 might not be necessary.
LGTM, thanks.
That is correct, it doesn't work on my system without 127.0.0.1 - I see the error message that the user took a screen shot off in the issue.
We do also want to limit to localhost in general yes.
Yes
Ah. It's not completely necessary but:
|
closes: #39144
This also assumes users are directly using the container locally.
Other considerations: the example could also be shown as as ipv6.