Docker Community Forums

Share and learn in the Docker community.

Change UCP default port


(Lfatty) #1

Hello there,

I was installing UCP and DTR. UCP configuration went well and it up running, however, I got some error when installing DTR following the steps of the documention. See error below.

Make sure that there is a node in your UCP cluster where port 80 and port 443 are open. Also confirm that all UCP node have the DTR images or can obtain them from Docker Hub

It seems a conflict of port (443) bertween DTR and UCP. I am wondering if there is way to change UCP default port. Any solution for this issue.

Thanks


(Vivek Saraswat) #2

Yes there is a way to change the UCP controller port during installation. When using the install command as part of the UCP tool, you can add the parameter --controller-port which has the default value 443 for the port used by the UCP controller. You can replace it with the port of your choice.

(Similarly, --swarm-port has the default value 2376 for the port used by the swarm master.)

Reference Docs here: https://docs.docker.com/ucp/reference/install/


(Ralph Kincade) #3

I am having this same issue so I am not sure what you are saying here , should I remove the UCP from the server I am attempting to install DTR on

and then run the UCP install with a specific port other that 443?

and then rerun the DTR install ?

thanks


(Vivek Saraswat) #4

Uninstalling UCP and reinstalling with different ports is one option. Another is to rerun DTR install with the flags that change the default listening ports:

https://docs.docker.com/docker-trusted-registry/reference/install/#/options

when running the install command with DTR CLI tool, you can add the flags --replica-http-port and --replica-https-port (defualts 80 and 443) and change them to whatever ports are useful for you.

That way you wouldn’t have to reinstall both UCP and DTR. The preference is up to you for which component you want listening to which port.


(Ralph Kincade) #5

I am a little confused here , do I have to use the DOCKER CLI ?

I am running DOCKER CLI on the same server as I want to build a DTR or

I will try to run the DTR install again with the flag for replica-http-port 81 and replica-https-port 444 an see what happends

thanks!!!


(Vivek Saraswat) #6

Hi brikeyes,

When you install either Universal Control Plane or Docker Trusted Registry, you are using standard docker CLI commands (e.g. docker run -it --rm docker/dtr install). There are several flags you can add as a part of this process, including the port flags you listed above. Hope that helps.


(Ralph Kincade) #7

INFO[0000] Beginning Docker Trusted Registry installation
INFO[0000] Validating UCP cert
INFO[0000] UCP cert validation successful
ERRO[0001] Make sure that there is a node in your UCP cluster where port 81 and port 444 are open. Also confirm that all UCP node have the DTR images or can obtain them from Docker Hub.
FATA[0001] Problem running container ‘dtr-phase2’ from image ‘docker/dtr:2.0.2’: Couldn’t create container ‘dtr-phase2’ from image ‘docker/dtr:2.0.2’: Error response from daemon: Unable to find a node that satisfies the following conditions

ok now I need to open port 81 and 444 ( these are the ones I want to use for the dtr)

I will open with this command

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

this would be on the server that I want to install DTR on , right ?

however if I do a status on the ufw it shows that is not enabled , if I turn it on it shows errors on the UCP gui

I am not sure I am opening the ports right ???

thanks


(Ralph Kincade) #8

sudo ufw allow 81/tcp
sudo ufw allow 444/tcp

correction on that these are the 2 commands I have used


(Ralph Kincade) #9

when I run the command , i still get the error

by the way 192.168.50.51 is the ip of the sever currently running UCP

and 192.168.56.54 is the machine I am on and the one that I am currently attempting to install DTR on , it is a NODE in the UCP cluster

user@docker-datacenter-demo-dtr-a:~$ docker run -it --rm docker/dtr install --ucp-url 192.168.50.51 --ucp-node 192.168.50.54 --dtr-external-url 192.168.50.54 --dtr-external-url 192.168.50.54 --ucp-username admin --ucp-password xxxxxxx --replica-http-port 81 --replica-https-port 444 --ucp-ca "$(cat ucp-ca.pem)"
INFO[0000] Beginning Docker Trusted Registry installation
INFO[0000] Validating UCP cert
INFO[0000] UCP cert validation successful
ERRO[0001] Make sure that there is a node in your UCP cluster where port 81 and port 444 are open. Also confirm that all UCP node have the DTR images or can obtain them from Docker Hub.
FATA[0001] Problem running container ‘dtr-phase2’ from image ‘docker/dtr:2.0.2’: Couldn’t create container ‘dtr-phase2’ from image ‘docker/dtr:2.0.2’: Error response from daemon: Unable to find a node that satisfies the following conditions
[available container slots]


(Ralph Kincade) #10

thanks again for all the help , I am really really stuck on this !!


(Ralph Kincade) #11

it looks like that ufw is not the native firewall and my commands may not have effectively opened any ports ,

So I am going to try to use IPTABLES and see if I can add the ports there ,

if I do an iptables list , iptables appears to be running


(Ralph Kincade) #12

if I open the iptables with sudo iptables -A INPUT -p tcp --dport 81 -j
ACCEPT

and sudo iptables -A INPUT -p tcp --dport 444 -j ACCEPT

I am still getting the error ,

INFO[0000] Beginning Docker Trusted Registry installation
INFO[0000] Validating UCP cert
INFO[0000] UCP cert validation successful
ERRO[0001] Make sure that there is a node in your UCP cluster where port 81
and port 444 are open. Also confirm that all UCP node have the DTR images
or can obtain them from Docker Hub.
FATA[0001] Problem running container ‘dtr-phase2’ from image
’docker/dtr:2.0.2’: Couldn’t create container ‘dtr-phase2’ from image
’docker/dtr:2.0.2’: Error response from daemon: Unable to find a node that
satisfies the following conditions
[available container slots]
[node==192.168.56.54]
user@docker-datacenter-demo-dtr-a:~$