diff --git a/Dockerfile b/Dockerfile index a219bfd959b..5bc663d4baa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -165,7 +165,6 @@ RUN apk update && apk upgrade && \ tzdata \ libedit \ libldap \ - libcap \ su-exec && \ rm -rf /var/cache/apk/* @@ -203,7 +202,6 @@ RUN /venv/bin/python3 -m pip install --no-cache-dir gunicorn==23.0.0 && \ chown pgadmin:root /pgadmin4/config_distro.py && \ chmod g=u /pgadmin4/config_distro.py && \ chmod g=u /etc/passwd && \ - setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/python3.[0-9][0-9] && \ echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix && \ echo "pgadminr ALL = NOPASSWD: /usr/sbin/postfix start" >> /etc/sudoers.d/postfix @@ -211,6 +209,6 @@ USER 5050 # Finish up VOLUME /var/lib/pgadmin -EXPOSE 80 443 +EXPOSE 8080 8443 ENTRYPOINT ["/entrypoint.sh"] diff --git a/docs/en_US/container_deployment.rst b/docs/en_US/container_deployment.rst index 0b71a7ebe44..1b350b51c8e 100644 --- a/docs/en_US/container_deployment.rst +++ b/docs/en_US/container_deployment.rst @@ -104,8 +104,8 @@ of sudo to start Postfix, or if you wish to use an external mail server. *Default: * -If left un-set, the container will listen on port 80 for connections in plain -text. If set to any value, the container will listen on port 443 for TLS +If left un-set, the container will listen on port 8080 for connections in plain +text. If set to any value, the container will listen on port 8443 for TLS connections. When TLS is enabled, a certificate and key must be provided. Typically these @@ -122,7 +122,7 @@ for most users - in IPv4-only environments, this may need to be set to **PGADMIN_LISTEN_PORT** -*Default: 80 or 443 (if TLS is enabled)* +*Default: 8080 or 8443 (if TLS is enabled)* Allows the port that the server listens on to be set to a specific value rather than using the default. @@ -227,9 +227,8 @@ instances. sudo chown -R 5050:5050 - On some filesystems that do not support extended attributes, it may not be - possible to run pgAdmin without specifying a value for *PGADMIN_LISTEN_PORT* - that is greater than 1024. In such cases, specify an alternate port when + The default listen port is 8080 (or 8443 with TLS), which does not require + any special privileges. If you need to use a different port, specify it when launching the container by adding the environment variable, for example: .. code-block:: bash @@ -280,22 +279,22 @@ certificate. Examples ******** -Run a simple container over port 80: +Run a simple container over port 8080: .. code-block:: bash docker pull dpage/pgadmin4 - docker run -p 80:80 \ + docker run -p 8080:8080 \ -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' \ -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' \ -d dpage/pgadmin4 -Run a simple container over port 80, setting some configuration options: +Run a simple container over port 8080, setting some configuration options: .. code-block:: bash docker pull dpage/pgadmin4 - docker run -p 80:80 \ + docker run -p 8080:8080 \ -e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' \ -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' \ -e 'PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION=True' \ @@ -310,7 +309,7 @@ Run a TLS secured container using a shared config/storage directory in .. code-block:: bash docker pull dpage/pgadmin4 - docker run -p 443:443 \ + docker run -p 443:8443 \ -v /private/var/lib/pgadmin:/var/lib/pgadmin \ -v /path/to/certificate.cert:/certs/server.cert \ -v /path/to/certificate.key:/certs/server.key \ @@ -327,13 +326,13 @@ Sometimes it's desirable to have users connect to pgAdmin through a reverse proxy rather than directly to the container it's running in. The following examples show how this can be achieved. With traditional reverse proxy servers such as `Nginx `_, pgAdmin is running in a container on -the same host, with port 5050 on the host mapped to port 80 on the container, +the same host, with port 8080 on the host mapped to port 8080 on the container, for example: .. code-block:: bash docker pull dpage/pgadmin4 - docker run -p 5050:80 \ + docker run -p 8080:8080 \ -e "PGADMIN_DEFAULT_EMAIL=user@domain.com" \ -e "PGADMIN_DEFAULT_PASSWORD=SuperSecret" \ -d dpage/pgadmin4 @@ -383,7 +382,7 @@ reverse proxy listening for all hostnames with `Nginx location / { proxy_set_header Host $host; - proxy_pass http://localhost:5050/; + proxy_pass http://localhost:8080/; proxy_redirect off; } } @@ -401,7 +400,7 @@ tells the pgAdmin container how to rewrite paths: location /pgadmin4/ { proxy_set_header X-Script-Name /pgadmin4; proxy_set_header Host $host; - proxy_pass http://localhost:5050/; + proxy_pass http://localhost:8080/; proxy_redirect off; } } @@ -445,7 +444,7 @@ adjusted as appropriate to the specific deployment: proxy_set_header X-Script-Name /pgadmin4; proxy_set_header X-Scheme $scheme; proxy_set_header Host $host; - proxy_pass http://localhost:5050/; + proxy_pass http://localhost:8080/; proxy_redirect off; } } diff --git a/pkg/docker/entrypoint.sh b/pkg/docker/entrypoint.sh index 6a83bec4494..5df0dfe47ab 100755 --- a/pkg/docker/entrypoint.sh +++ b/pkg/docker/entrypoint.sh @@ -268,9 +268,9 @@ if [ -n "${PGADMIN_ENABLE_SOCK}" ]; then BIND_ADDRESS="unix:/run/pgadmin/pgadmin.sock" else if [ -n "${PGADMIN_ENABLE_TLS}" ]; then - BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-443}" + BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-8443}" else - BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-80}" + BIND_ADDRESS="${PGADMIN_LISTEN_ADDRESS:-[::]}:${PGADMIN_LISTEN_PORT:-8080}" fi fi