I've been doing some configuration, including releasing some ports, designating them to applications. I've seen so many applications want port 80. Can I ask what is so special with it? Why not port 90? 70?
Port 80 is the standard for HTTP which is the major networking protocol.
So if you have an URL like this (without any port number):
http://stackoverflow.com/questions/31242839/what-is-so-special-with-port-80/31242897#31242897
your browser will communicate with the webserver over port 80.
As #Glorfindel stated, port 80 is the standard for HTTP.
To elaborate - there are a number of fixed TCP, UDP ports "reserved" for different services from 1 - 1024. best practice is to use a port number larger than 1024 for non-standard traffic.
For instance, you might want both an IIS server and a tomcat server running on the same machine. you could issue 80 to one, and 8080 to another, or 8080 to one, and 8090 to another. (note that J2EE servers such as Tomcat, Glassfish, Weblogic, etc often default to 8080, which also defines as HTTP_alternate)
Also, in some operating systems, you need elevated privileges (administrator/root) to register a port below 1024, therefore you may want to use port 8080 in place of 80, for ease of use.
A further reading suggestion: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Note also that (historically at least) Skype, for instance used port 80 to listen on, since it open in many routers, etc.
Related
I have three tomcat containers running on different bridge networks with different subnet and gateway
For example:
container1 172.16.0.1 bridge1
container2 192.168.0.1 bridge2
container3 192.168.10.1 bridge3
These containers are running on different ports like 8081, 8082, 8083
Is there any way to run all three containers in same 8081?
If it is possible, how can I do it in docker.
You need to set-up a reverse proxy. As the name suggests, this is a proxy that works in an opposite way from the standard proxy. While standard proxy gets requests from internal network and serves them from external networks (internet), the reverse proxy gets requests from external network and serves them by fetching information from internal network.
There are multiple applications that can serve as a reverse proxy, but the most used are:
NginX
Apache
HAProxy mainly as a load-balancer
Envoy
Traefik
Majority of the reveres proxies can run as another container on your docker. Some of this tools are easy to start since there is ample amount of tutorials.
The reverse proxy is more than just exposing single port and forwarding traffic to back-end ports. The reverse proxy can manage and distribute the load (load balancing), can change the URI that is arriving from the client to a URI that the back-end understands (URL rewriting), can change the response form the back-end (content rewriting), etc.
Reverse HTTP/HTTP traffic
What you need to do to set a reverse proxy, assuming you have HTTP services, in your example is foloowing:
Decide which tool to use. As a beginner, I suggest NginX
Create a configuration file for the proxy which will take the requests from the port 80 and distribute to ports 8081, 8082, 8083. Since the containers are on different network, you will need to decide if you want to forward the traffic to their IP addresses (which I don't recommend since IP can change), or to publish the ports on the host and use the host IP. Another alternative is to run all of them on the same network.
Depending on the case, you need to setup the X-Forwarding-* flags and/or URL rewriting and content rewriting.
Run the container and publish the port 80 as 8080 (if you expose the containers on host, your 8081 will be already taken).
Reverse TCP/UDP traffic
If you have non-HTTP services (raw TCP or UDP services), then you can use HAProxy. Steps are same apart from the configuration step #2. The configuration is different due to non-HTTP nature of the traffic and you can find example in this SO
I was wondering which ports are available for me to use for Web apps and which ones are system specific or system reserved.
A basic outline of the way the website works is a user creates and account and a docker container is created, that container sits on a port.
So if I have 100 users I need to know if there is enough ports available or if I have to do a redisign.
Thanks for any help.
Usually web servers will listen on 80 (HTTP) or 443 (HTTPS), all users will connect on one port, browsers usually connect on one of the two ports I've mentioned.
Browsers usually connect to a website on port 80 or 443 by default, you can specify a custom port by a : then the port number after the host name if the server is using a custom port to serve the website.
for example a custom port would look like
http://stackoverflow.com:8080
where 8080 is the custom port.
For a list of the common ports used in applications. you can check this out.
To answer your question, if you're not running the application that listens on that specific port then you can use the port number for your use.
Port numbers range from 0 to 65535, but only port numbers 0 to 1023 are reserved for privileged services and designated as well-known ports.
The ephemeral port range is configurable, so you are not stuck with the defaults. There are tens of thousands, so if you have 100 users the number of ports should not be the breaking point, though the design of having a docker container for each users sounds odd to me.
I assume that your web server will front these containers so that the users don't connect directly to them? Allowing all those ports through the firewall would not be a good design!
Suppose we have a web browser with several tabs open and we are working with them.
All TCP packets will arrive with destination port 80 but I don't understand how the browser can know, from all the network traffic, which packages are destined for which tab.
What's more, if there are several browsers, I understand that all the packages destined to them come with port 80. How do you know which ones are intended?
Thak you
TCP connections are identified by the following tuple: Source Ip, Destination Ip, Source Port, Destination Port
Each connection that the browser opens might have the same destination ip & port (e.g. www.google.com port 80), but each connection will have a unique source port number.
Suppose we have a web browser with several tabs open and we are working with them. All TCP packets will arrive with destination port 80
No they won't. They will arrive at the browser with source port 80, from the server, but each connection will have a different local port number at the client host.
but I don't understand how the browser can know, from all the network traffic, which packages are destined for which tab.
It doesn't have to know. All it has to do is read from its various connections via their sockets. Demultiplexing to the respective local ports is TCP's job, not the browser's.
What's more, if there are several browsers, I understand that all the packages destined to them come with port 80.
Wrong again. They come with source port 80, and, again, different destination ports.
How do you know which ones are intended?
Same answer. They don't. TCP does.
80 port is used, usually, on the server side. Each browser tab is client, not a server, and uses different port numbers.
Client reads data from this "own local" port, not directly from the server's 80.
I've got a Rails application running on port 3000 (or any port I want for that matter) and I can access it by browsing to the public ip like so: 1.2.3.4:3000 but I would like to reach the same page by simply omitting the port number, since my domain registrar only allows the public ip, and no port number. Is there a setting somewhere to direct all incoming traffic from the site to a specific port?
There are a number of ways to do this:
tell rails to use port 80 natively (see here)
use iptables to forward all port 80 traffic to 3000 (see here)
front your instances with ELB, and port map from 80 to 3000 (see here)
If the url is http and your rails app uses port 80, then you don't have to specify port in the url.
If your url is https and your rails app uses port 443, then you don't have to specify port in the url.
If it is not a problem to use any of these two ports, then you can try it.
Due to a virus in the system, one of our clients have made access to internet restricted in their server. We use two web services data on this server (both use a SOAP API).
The client company is asking me for the ports on the firewall they should leave open so we could be able to use those web services only. I'm not good at networks. So how can I get those information?
I need the port or any address from my two services so that they let them pass through the firewall.
I'm not sure I understand the question, but most web services receive connections on one of:
80 (http)
443 (https)
8080 (http)
Most firewalls client should be configured to allow outbound connections to these.
Server firewall MUST be configured to allow inbound connections on one of these (or some other pre-arranged non-standard port).
To work out what ports your existing web server is actually using:
how to investigate ports opened by a certain process in linux?
Its most likely, 80, 443, or 8080.