Does the YouTrack docker install support https? Follow
I'm trying to configure YouTrack using the Docker instructions, but I am unable to get past the https page of the YouTrack wizard page after launching the container. I get a "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container" error.
I've tried using both `-p 8080:8080` and `-p 8443:8080` on the docker run command, and neither work. I'm able to get the http version working.
Does the docker version of YouTrack require a reverse proxy for https?
Please sign in to leave a comment.
I'm Sergey from the Youtrack team.
No, the Docker version doesn't require a reverse proxy for https, though it's one of the available options.
As for the port binding, in your example, 8443 should be exposed and open on the host machine where Docker runs. So you need to check your host's ports.
Also, note that you should pass the certificate data as well, configuring just a port is not enough. There are two ways to do it:
If any questions appear, please let me know.
Hi, thanks for the the answer.
I'm already using the setup wizard, and that is the spot that I am getting "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container" error. The error shows up as a popup on the first field of the web wizard on the https tab when I try to to hit next.
With regards to the certificate data, I already generated it as explained in your docs here.
With regards to the firewall, I'm already able to access the site when I install it as http over port 8080, but even when I open the firewall `sudo ufw allow 8443` I still can't get the wizard to pass the https page.
The documentation for configure it in the web wizard basically says to "use the wizard," but doesn't actually say how to fill out the fields. I think I am filling them out correctly, but I keep getting errors.
The only thing I can think of is that I am missing some setting with the `docker run` command.
Here is the command
Thanks for your reply.
That's correct. It checks whether the port can be used. If not, it throws an error.
The wizard just checks if the specified port and certificate can be used. It doesn't fix anything. You should fix the errors yourself, as we don't have access to your environment, I'm afraid.
There's a section that explicitly describes what each certificate field is for: https://www.jetbrains.com/help/youtrack/standalone/2020.6/configure-server-tls-configuration-wizard.html#tls-attributes
Do you get any errors not related to the port?
The command is fine if you enter the certificate data in the wizard. In this case, you should fix the error that you see in the wizard. The wizard performs checks for you so that you won't need to guess yourself. If you get errors other than port availability and don't know what they are about, please feel free to share them. Also, please pay attention to the TLS-specific attributes' descriptions I linked above. It should help you fill in your data correctly.
Futhermore, I may suggest giving a try to Youtrack inCloud (free for 10 users). In this case, we take care of the infrastructure ourselves so you don't need to worry about this kind of stuff, including the SSL. You can also migrate your database so you won't lose data.
If any questions appear, please let me know.
I don't think the certificates are the problem. I think the container just isn't able to communicate on port 8443. I'm not a docker expert, but it looks like only port 8080 is exposed on the Dockerfile, so I'm not sure how it is supposed to listen to port 8443, or any other port you decide to configure for https. https://hub.docker.com/layers/jetbrains/youtrack/2020.6.4750/images/sha256-1d24a3570fc7e5facd15650e8456e412b9efaf336bf7f3ff856c244351117f59?context=explore
Unfortunately we can't use the cloud solution.
I ended up setting up a reverse-proxy using Apache and got it to work, but this just adds a whole bunch of complexity and maintenance. I'd still rather use the built-in https if it really is possible.
Thanks for your reply.
If you only get the error about the port, then yes, that's the port issue.
In your initial post, you mentioned that you used -p 8443:8080. In this case, 8443 is a host port, not a Docker one. So as I mentioned in my initial reply, the error means that 8443 can't be used on your host. I'm afraid, it's not possible to share more details here, as we don't have access to your host.
Another thing is that even if you used, for example, -p 8443:8443, it would expose 8443 port in Docker because any port can be exposed with the help of
-pparameter of docker run.
If you don't know what to do with this port on your host, I may suggest trying to use another port and see if it works.
I have the same problem and do confirm that my Docker container is configured correctly: that is, the port 8443 is forwarded to 8443, the port 8080 is forwarded to 8080. When configuring the YouTrack server to use HTTP with the service available at the port 8443 everything works. It looks like the YouTrack internal HTTP redirect service is not working.
Steps to reproduce.
- A linux machine with Docker installed and both ports 8080 and 8443 exposed
Do you also get the error "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container"?
Yes I do. There is a message: "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container"
The port IS exposed properly for sure, as the service is reachable through http when using 8443 as a default port.
Thanks for the details.
Just in case, I've run a few tests and could only reproduce this issue if port 8443 was occupied. So let's try to find out what could be the reason on your end.
To start off, please share your logs and conf folders (the paths can be found in the docker command). You can upload the archive to https://uploads.jetbrains.com/ (it's secure and the files can be downloaded by our team only).
You can share the details with our support team privately by submitting a request at https://youtrack-support.jetbrains.com/hc/en-us/requests/new or
I have the same problem. I ran container with command: docker run --name youtrack_2021.4 -v /opt/youtrack/data:/opt/youtrack/data -v /opt/youtrack/conf:/opt/youtrack/conf -v /opt/youtrack/logs:/opt/youtrack/logs -v /opt/youtrack/backups:/opt/youtrack/backups -p 443:8080 jetbrains/youtrack:2021.4.31698
The port is accessible, I double-checked it. On the HTTPS config page, I specify cert and key and also have these settings:
I found this message in debug.log:
I tried to curl to URL from HTTPS config:
I tried to curl to HTTP endpoint:
So, in this case, we've got what we needed. But if I try to use this as a Base URL I've got another error:
I don't understand why the wizard is demanding an HTTPS URL before I'm done with configuring it? YouTrack starts itself as an unsecured HTTP server, so in my opinion, it doesn't make sense. Or maybe I'm doing something wrong?
Please excuse me for the delayed reply.
The problem is that you are trying to map an SSL port to a non-SSL one: -p 443:8080. You need to map non-SSL port, e.g. port 80.
Please check URL name resolved correctly and dns server set on the docker container before setting up https.