Recently in T3 Chris Moore announced that there was a recent fix for deployed apps and truenas hogging all the ports on alias IP addresses.
Not as far as I can tell.
Case in point:
TrueNAS on 81/444 bound only to 192.168.38.32
nginx on 80/443/30030 bound to 192.168.38.201
Trying to rest the TN GUI to 80/443 brings up an error saying ports in use
Shutting down nginx, rest the TN GUI to 80/443 and trying to bring up nginx menas the nginx won’t start due to The port is being used by following services: 1) "192.168.38.32:443" used by WebUI Service
I am not sure how this fix is meant to work but it doesn’t do what I think it should be doing
I’ll try a new install of nginx
I tried a new nginx instance on 81 and 444 on a different IP address. No joy the ports clash, despite the IP address not being used for anything else. Note that the TN GUI is bound only to a single IP address.
Tried a new install of pi-hole on 53/444. It didn’t seem to object to 53 but did object to 444
Duplicati did not object on 81/444
So the issue looks (at this stage) to be related to individual apps
So it might be the NginX app… is there any other App with the issue we know about?
It would be useful to a get a fresh system install with a new and 1st nginx… is it all nginx, or just systems with a previous nginx deployments that cause the issue?
Just built a brand new TrueNAS on vmware
Added an alias (.224)
Moved the GUI to a single IP address (.119)
nginx will not install due to The port is being used by following services: 1) "192.168.38.119:80" used by WebUI Service
I also tested Heimdall - same error.
I also tested pi-hole - same error although it doesn’t complain about port 53 - although maybe it just hasn’t got around to that yet.
I think its all / most of them. I don’t think the fix fixed much I am afraid
Duplicati does allow port 80 - which is strange. The app does respond on 80 correctly. @amomchilov can you test that please. Duplicati does not have a HTTPS port setting available to it
nginx will not install due to The port is being used by following services: 1) "192.168.38.119:80" used by WebUI Service
Have you made sure that the WebUI service is not listening to the 0.0.0.0 address too? Make sure to check “Web Interface IPv4 Address” under GUI settings again. Without listening to 0.0.0.0 it was possible for me to bind my custom docker app to port 80 of the second host IP i added using TrueNAS 25.04.1 and latest catalog version 1.2.3.
But I still have issues when trying to bind port 22 of a docker container to a single IP. It fails with The port is being used by following services: 1) "0.0.0.0:22" used by SSH Service and i cannot find a configuration setting to change the listening/bind address of the service.
root@NewNAS[/mnt/BigPool/SMB/NewNAS-Scripts]# sudo docker container ls --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}" -a | grep 443
cda6fc0f8535 ix-nginx-proxy-manager-npm-1 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp, 192.168.38.201:30020->81/tcp
root@NewNAS[/mnt/BigPool/SMB/NewNAS-Scripts]#
This is on my main NAS (running a bunch of apps) - not the test virtual NAS
I would say that the output is correct as only nginx is actually on 80/443 (TN is on 81/444).
Honestly the only app I care which port its on is a proxy like nginx or traefic.
I looked at /mnt/.ix-apps/user_config.yaml which contains a combined yaml file for all the containers. This is the nginx config
nginx-proxy-manager:
TZ: Europe/London
ix_certificate_authorities: {}
ix_certificates: {}
ix_context:
app_metadata:
annotations:
min_scale_version: 24.10.2.2
app_version: 2.12.3
capabilities:
- description: Nginx Proxy Manager is able to change file ownership arbitrarily
name: CHOWN
- description: Nginx Proxy Manager is able to bypass file permission checks
name: DAC_OVERRIDE
- description: Nginx Proxy Manager is able to bypass permission checks for file
operations
name: FOWNER
- description: Nginx Proxy Manager is able to change group ID of processes
name: SETGID
- description: Nginx Proxy Manager is able to change user ID of processes
name: SETUID
categories:
- networking
changelog_url: https://github.com/NginxProxyManager/nginx-proxy-manager/releases
date_added: '2024-08-02'
description: Expose your services easily and securely
home: https://nginxproxymanager.com/
host_mounts: []
icon: https://media.sys.truenas.net/apps/nginx-proxy-manager/icons/icon.png
keywords:
- reverse
- nginx
- proxy
lib_version: 2.1.35
lib_version_hash: 1bd4e0058fbd4d7c207df2cae606580065e8e6dba3e232f41bc1b006848b05d2
maintainers:
- email: dev@ixsystems.com
name: truenas
url: https://www.truenas.com/
name: nginx-proxy-manager
run_as_context:
- description: Nginx Proxy Manager runs as root user.
gid: 0
group_name: root
uid: 0
user_name: root
screenshots:
- https://media.sys.truenas.net/apps/nginx-proxy-manager/screenshots/screenshot1.png
- https://media.sys.truenas.net/apps/nginx-proxy-manager/screenshots/screenshot2.png
- https://media.sys.truenas.net/apps/nginx-proxy-manager/screenshots/screenshot3.png
sources:
- https://nginxproxymanager.com/
- https://hub.docker.com/r/jc21/nginx-proxy-manager
title: Nginx Proxy Manager
train: community
version: 1.2.3
app_name: nginx-proxy-manager
is_install: false
is_rollback: false
is_update: true
is_upgrade: false
operation: UPDATE
scale_version: TrueNAS-25.04.1
upgrade_metadata: {}
ix_volumes: {}
labels: []
network:
additional_ports: []
http_port:
bind_mode: published
host_ips: []
port_number: 80
https_port:
bind_mode: published
host_ips: []
port_number: 443
web_port:
bind_mode: published
host_ips:
- 192.168.38.201
port_number: 30020
npm:
additional_envs: []
release_name: nginx-proxy-manager
resources:
limits:
cpus: 2
memory: 4096
run_as:
group: 568
user: 568
storage:
additional_storage: []
certs:
host_path_config:
acl_enable: false
path: /mnt/AppPool/docker/docker-local/nginx/certs
type: host_path
data:
host_path_config:
acl_enable: false
path: /mnt/AppPool/docker/docker-local/nginx/datastore
type: host_path
The network: bit is interesting
80/443 do not define an IP address, where 30020 does. Can anyone from IX confirm that editing that file is possible, before I bugger everything up by trying
network:
additional_ports: []
http_port:
bind_mode: published
host_ips: []
port_number: 80
https_port:
bind_mode: published
host_ips: []
port_number: 443
web_port:
bind_mode: published
host_ips:
- 192.168.38.201
port_number: 30020
I could change it to
network:
additional_ports: []
http_port:
bind_mode: published
host_ips:
- 192.168.38.201
port_number: 80
https_port:
bind_mode: published
host_ips:
- 192.168.38.201
port_number: 443
web_port:
bind_mode: published
host_ips:
- 192.168.38.201
port_number: 30020
Apparently I am an idiot.
I changed the IP binding on one of the ports and never spotted the same on the others. I never considered that once I had changed the IP address for the container that I might have to do that twice more.
