Change default container ports for running in host networking mode
I am trying to run immich in host network mode on Ubuntu.
I have successfully changed default container ports using these env variables
SERVER_PORT
MICROSERVICES_PORT
MACHINE_LEARNING_PORT
But i can't seem to find one for the Web container.
It's default port is 3000 which is currently occupied on my system.
Any way to change that?
7 Replies
Don't think we have it documented anywhere, but passing PORT to the web container should work
thankss...that worked 👍
To summarize for someone who wants to do the same...
Following env variables change port INSIDE the container
SERVER_PORT
MICROSERVICES_PORT
MACHINE_LEARNING_PORT
PORT
for redis container
command: --port xxxx
for postgres container
command: -p xxxx
Out of interest, why do you want to run in host networking mode?
Using dockers own networking shouldn't limit you in any way for things like Immich
I use ubuntu's default UFW firewall for everything...and UFW has a weird issue with docker networking, where docker networking can bypass UFW if i use docker's network and expose ports, since docker networking uses iptables and overrides UFW's configuration....also, if i restart UFW while docker is running, the ports are no longer exposed, and if i restart docker while UFW is running, the ports are exposed bypassing UFW..
It's a weird issue, and there are some workarounds and fixes but i havent found anything stable and permanent till yet....
I could either stop using UFW and learn iptables instead or just not use Docker networking and run everthing in host networking mode (which i do for all my containers).
Fair enough, just be careful running everything in host networking mode, a lot of setups assume that stuff like your database is protected by being within the docker network and isn't accessible externally, running in host networking mode removes one layer of that protection
yes true...but i only allow very selective ports via UFW even for local lan...
and everything public is via Cloudflare Tunnel-> Traefik(Crowdsec as middleware)-> Services
plus i got CGNAT, so no public IP technically 😅
Oh CGNAT, sorry for your loss 😆