Does the YouTrack docker install support https?

I'm trying to configure YouTrack using the Docker instructions, but I am  unable to get past the https page of the YouTrack wizard page after launching the container. I get a "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container" error.

I've tried using both `-p 8080:8080` and `-p 8443:8080` on the docker run command, and neither work. I'm able to get the http version working.

Does the docker version of YouTrack require a reverse proxy for https?

0
12 comments

Hi!

I'm Sergey from the Youtrack team.

No, the Docker version doesn't require a reverse proxy for https, though it's one of the available options.

As for the port binding, in your example, 8443 should be exposed and open on the host machine where Docker runs. So you need to check your host's ports. 

Also, note that you should pass the certificate data as well, configuring just a port is not enough. There are two ways to do it: 

If any questions appear, please let me know. 

0

Hi, thanks for the the answer.

I'm already using the setup wizard, and that is the spot that I am getting "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container" error. The error shows up as a popup on the first field of the web wizard on the https tab when I try to to hit next.

With regards to the certificate data, I already generated it as explained in your docs here.

With regards to the firewall, I'm already able to access the site when I install it as http over port 8080, but even when I open the firewall `sudo ufw allow 8443` I still can't get the wizard to pass the https page.

The documentation for configure it in the web wizard basically says to "use the wizard," but doesn't actually say how to fill out the fields. I think I am filling them out correctly, but I keep getting errors.

The only thing I can think of is that I am missing some setting with the `docker run` command.

Here is the command

docker run -dit --restart always --name youtrack-server ALL_THE_VOLUME_MAPPINGS -p 8080:8080 jetbrains/youtrack:2020.6.4750

 

0

Thanks for your reply. 

The error shows up as a popup on the first field of the web wizard on the https tab when I try to to hit next.

That's correct. It checks whether the port can be used. If not, it throws an error.

I still can't get the wizard to pass the https page.

The wizard just checks if the specified port and certificate can be used. It doesn't fix anything. You should fix the errors yourself, as we don't have access to your environment, I'm afraid. 

but doesn't actually say how to fill out the fields.

There's a section that explicitly describes what each certificate field is for: https://www.jetbrains.com/help/youtrack/standalone/2020.6/configure-server-tls-configuration-wizard.html#tls-attributes

but I keep getting errors.

Do you get any errors not related to the port? 

The only thing I can think of is that I am missing some setting with the `docker run` command.

The command is fine if you enter the certificate data in the wizard. In this case, you should fix the error that you see in the wizard. The wizard performs checks for you so that you won't need to guess yourself. If you get errors other than port availability and don't know what they are about, please feel free to share them. Also, please pay attention to the TLS-specific attributes' descriptions I linked above. It should help you fill in your data correctly.  

Futhermore, I may suggest giving a try to Youtrack inCloud (free for 10 users). In this case, we take care of the infrastructure ourselves so you don't need to worry about this kind of stuff, including the SSL. You can also migrate your database so you won't lose data.

If any questions appear, please let me know. 

0

I don't think the certificates are the problem. I think the container just isn't able to communicate on port 8443. I'm not a docker expert, but it looks like only port 8080 is exposed on the Dockerfile, so I'm not sure how it is supposed to listen to port 8443, or any other port you decide to configure for https. https://hub.docker.com/layers/jetbrains/youtrack/2020.6.4750/images/sha256-1d24a3570fc7e5facd15650e8456e412b9efaf336bf7f3ff856c244351117f59?context=explore 

Unfortunately we can't use the cloud solution.

I ended up setting up a reverse-proxy using Apache and got it to work, but this just adds a whole bunch of complexity and maintenance. I'd still rather use the built-in https if it really is possible.

Thanks

0

Thanks for your reply. 

I don't think the certificates are the problem

If you only get the error about the port, then yes, that's the port issue. 

I think the container just isn't able to communicate on port 8443.

In your initial post, you mentioned that you used -p 8443:8080. In this case, 8443 is a host port, not a Docker one. So as I mentioned in my initial reply, the error means that 8443 can't be used on your host. I'm afraid, it's not possible to share more details here, as we don't have access to your host. 

Another thing is that even if you used, for example, -p 8443:8443, it would expose 8443 port in Docker because any port can be exposed with the help of -p parameter of docker run.


If you don't know what to do with this port on your host, I may suggest trying to use another port and see if it works. 

0

I have the same problem and do confirm that my Docker container is configured correctly: that is, the port 8443 is forwarded to 8443, the port 8080 is forwarded to 8080. When configuring the YouTrack server to use HTTP with the service available at the port 8443 everything works. It looks like the YouTrack internal HTTP redirect service is not working.

Steps to reproduce.

- A linux machine with Docker installed and both ports 8080 and 8443 exposed

- docker run -it --name youtrack -v <path to data>:/opt/youtrack/data -v <path to conf>:/opt/youtrack/conf -v <path to logs>:/opt/youtrack/logs -v <path to backups>:/opt/youtrack/backups -p 8443:8443 -p 8080:8080 jetbrains/youtrack:2020.6.8801
 
- open the service in the browser, give it the token, and on the http configuration page select https, provide the generated certificates, and observe the error
0

Hi! 

Do you also get the error "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container"?

0

Yes I do. There is a message: "The service isn't accessible from your browser at this URL. Verify that the listen port 8443 was properly exposed or published on startup of the Docker container"

The port IS exposed properly for sure, as the service is reachable through http when using 8443 as a default port.

0

Thanks for the details.

Just in case, I've run a few tests and could only reproduce this issue if port 8443 was occupied. So let's try to find out what could be the reason on your end.

To start off, please share your logs and conf folders (the paths can be found in the docker command). You can upload the archive to https://uploads.jetbrains.com/ (it's secure and the files can be downloaded by our team only).

You can share the details with our support team privately by submitting a request at https://youtrack-support.jetbrains.com/hc/en-us/requests/new or

0

I have the same problem. I ran container with command: docker run --name youtrack_2021.4 -v /opt/youtrack/data:/opt/youtrack/data -v /opt/youtrack/conf:/opt/youtrack/conf -v /opt/youtrack/logs:/opt/youtrack/logs -v /opt/youtrack/backups:/opt/youtrack/backups -p 443:8080 jetbrains/youtrack:2021.4.31698

The port is accessible, I double-checked it. On the HTTPS config page, I specify cert and key and also have these settings:

Base URL: https://10.10.204.15
Application Listen Port: 443
Redirect Listen Port: 80
Application Listen Address: 0.0.0.0

I found this message in debug.log:

DEBUG - er.rest.TestConnectionResource - Service is not accessible by URL https://10.10.204.15:443/dynamic.ext
javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

I tried to curl to URL from HTTPS config: 

root@am-git:/home/marker/webhook# curl https://10.10.204.15:443/dynamic.ext
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

I tried to curl to HTTP endpoint:

root@am-git:/home/marker/webhook# curl http://10.10.204.15:443/dynamic.ext
<!DOCTYPE html>
<html>
<head>
<base href="/"/>
<!--<base href="/xxx/">-->
...
</html>

So, in this case, we've got what we needed. But if I try to use this as a Base URL I've got another error:

Base URL should start from https

I don't understand why the wizard is demanding an HTTPS URL before I'm done with configuring it? YouTrack starts itself as an unsecured HTTP server, so in my opinion, it doesn't make sense. Or maybe I'm doing something wrong?

0

Acckaya Sotona

Please excuse me for the delayed reply.

The problem is that you are trying to map an SSL port to a non-SSL one: -p 443:8080. You need to map non-SSL port, e.g. port 80.

0

Please check URL name resolved correctly and dns server set on the docker container before setting up https. 

 

0

Please sign in to leave a comment.